[Ada] Add assertions on tampering counts

gcc/ada/

	* libgnat/a-conhel.adb: Assert that tampering counts remain
	between 0 and 2**31-1.  This makes debugging of
	finalization-related bugs easier.

gcc/ada/libgnat/a-conhel.adb

@@ -27,6 +27,13 @@
 
 package body Ada.Containers.Helpers is
 
+   Max_Count : constant := 2**31 - 1;
+   --  Used in assertions below, to make sure the counts don't wrap around.
+   --  This can help detect bugs in which Adjust and Finalize calls are
+   --  improperly generated. An extra Decrement could otherwise cause
+   --  wraparound from 0 to 2**32-1. The highest count seen so far is
+   --  around 25, so this should be plenty.
+
    package body Generic_Implementation is
 
       use type SAC.Atomic_Unsigned;
@@ -50,6 +57,7 @@ package body Ada.Containers.Helpers is
       begin
          if T_Check then
             SAC.Increment (T_Counts.Busy);
+            pragma Assert (T_Counts.Busy <= Max_Count);
          end if;
       end Busy;
 
@@ -112,7 +120,9 @@ package body Ada.Containers.Helpers is
       begin
          if T_Check then
             SAC.Increment (T_Counts.Lock);
+            pragma Assert (T_Counts.Lock <= Max_Count);
             SAC.Increment (T_Counts.Busy);
+            pragma Assert (T_Counts.Busy <= Max_Count);
          end if;
       end Lock;
 
@@ -158,6 +168,7 @@ package body Ada.Containers.Helpers is
       begin
          if T_Check then
             SAC.Decrement (T_Counts.Busy);
+            pragma Assert (T_Counts.Busy <= Max_Count);
          end if;
       end Unbusy;
 
@@ -169,7 +180,9 @@ package body Ada.Containers.Helpers is
       begin
          if T_Check then
             SAC.Decrement (T_Counts.Lock);
+            pragma Assert (T_Counts.Lock <= Max_Count);
             SAC.Decrement (T_Counts.Busy);
+            pragma Assert (T_Counts.Busy <= Max_Count);
          end if;
       end Unlock;