------------------------------------------------------------------------------ | |

-- -- | |

-- GNAT RUN-TIME COMPONENTS -- | |

-- -- | |

-- S Y S T E M . E X P _ M O D -- | |

-- -- | |

-- S p e c -- | |

-- -- | |

-- Copyright (C) 1992-2022, Free Software Foundation, Inc. -- | |

-- -- | |

-- GNAT is free software; you can redistribute it and/or modify it under -- | |

-- terms of the GNU General Public License as published by the Free Soft- -- | |

-- ware Foundation; either version 3, or (at your option) any later ver- -- | |

-- sion. GNAT is distributed in the hope that it will be useful, but WITH- -- | |

-- OUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY -- | |

-- or FITNESS FOR A PARTICULAR PURPOSE. -- | |

-- -- | |

-- As a special exception under Section 7 of GPL version 3, you are granted -- | |

-- additional permissions described in the GCC Runtime Library Exception, -- | |

-- version 3.1, as published by the Free Software Foundation. -- | |

-- -- | |

-- You should have received a copy of the GNU General Public License and -- | |

-- a copy of the GCC Runtime Library Exception along with this program; -- | |

-- see the files COPYING3 and COPYING.RUNTIME respectively. If not, see -- | |

-- <http://www.gnu.org/licenses/>. -- | |

-- -- | |

-- GNAT was originally developed by the GNAT team at New York University. -- | |

-- Extensive contributions were provided by Ada Core Technologies Inc. -- | |

-- -- | |

------------------------------------------------------------------------------ | |

-- This function performs exponentiation of a modular type with nonbinary | |

-- modulus values. Arithmetic is done in Long_Long_Unsigned, with explicit | |

-- accounting for the modulus value which is passed as the second argument. | |

-- Note that 1 is a binary modulus (2**0), so the compiler should not (and | |

-- will not) call this function with Modulus equal to 1. | |

-- Preconditions in this unit are meant for analysis only, not for run-time | |

-- checking, so that the expected exceptions are raised. This is enforced by | |

-- setting the corresponding assertion policy to Ignore. Postconditions and | |

-- contract cases should not be executed at runtime as well, in order not to | |

-- slow down the execution of these functions. | |

pragma Assertion_Policy (Pre => Ignore, | |

Post => Ignore, | |

Contract_Cases => Ignore, | |

Ghost => Ignore); | |

with Ada.Numerics.Big_Numbers.Big_Integers_Ghost; | |

with System.Unsigned_Types; | |

package System.Exp_Mod | |

with Pure, SPARK_Mode | |

is | |

use type System.Unsigned_Types.Unsigned; | |

subtype Unsigned is System.Unsigned_Types.Unsigned; | |

use type Ada.Numerics.Big_Numbers.Big_Integers_Ghost.Big_Integer; | |

subtype Big_Integer is | |

Ada.Numerics.Big_Numbers.Big_Integers_Ghost.Big_Integer | |

with Ghost; | |

package Unsigned_Conversion is | |

new Ada.Numerics.Big_Numbers.Big_Integers_Ghost.Unsigned_Conversions | |

(Int => Unsigned); | |

function Big (Arg : Unsigned) return Big_Integer is | |

(Unsigned_Conversion.To_Big_Integer (Arg)) | |

with Ghost; | |

subtype Power_Of_2 is Unsigned with | |

Dynamic_Predicate => | |

Power_Of_2 /= 0 and then (Power_Of_2 and (Power_Of_2 - 1)) = 0; | |

function Exp_Modular | |

(Left : Unsigned; | |

Modulus : Unsigned; | |

Right : Natural) return Unsigned | |

with | |

Pre => Modulus /= 0 and then Modulus not in Power_Of_2, | |

Post => Big (Exp_Modular'Result) = Big (Left) ** Right mod Big (Modulus); | |

end System.Exp_Mod; |