From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 103383 invoked by alias); 5 Dec 2017 12:24:29 -0000 Mailing-List: contact gcc-patches-help@gcc.gnu.org; run by ezmlm Precedence: bulk List-Id: List-Archive: List-Post: List-Help: Sender: gcc-patches-owner@gcc.gnu.org Received: (qmail 103369 invoked by uid 89); 5 Dec 2017 12:24:27 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-11.1 required=5.0 tests=BAYES_00,GIT_PATCH_2,GIT_PATCH_3,KAM_ASCII_DIVIDERS,RCVD_IN_DNSWL_NONE,SPF_PASS autolearn=ham version=3.3.2 spammy= X-HELO: rock.gnat.com Received: from rock.gnat.com (HELO rock.gnat.com) (205.232.38.15) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Tue, 05 Dec 2017 12:24:21 +0000 Received: from localhost (localhost.localdomain [127.0.0.1]) by filtered-rock.gnat.com (Postfix) with ESMTP id 9EC84116E13; Tue, 5 Dec 2017 07:24:19 -0500 (EST) Received: from rock.gnat.com ([127.0.0.1]) by localhost (rock.gnat.com [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 98CXNKUK1eKP; Tue, 5 Dec 2017 07:24:19 -0500 (EST) Received: from tron.gnat.com (tron.gnat.com [IPv6:2620:20:4000:0:46a8:42ff:fe0e:e294]) by rock.gnat.com (Postfix) with ESMTP id 8DA5C116E10; Tue, 5 Dec 2017 07:24:19 -0500 (EST) Received: by tron.gnat.com (Postfix, from userid 4862) id 8C623379; Tue, 5 Dec 2017 07:24:19 -0500 (EST) Date: Tue, 05 Dec 2017 12:24:00 -0000 From: Pierre-Marie de Rodat To: gcc-patches@gcc.gnu.org Cc: Hristian Kirtchev Subject: [Ada] Warn on weal elaboration model for SPARK Message-ID: <20171205122418.GA16038@adacore.com> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="LZvS9be/3tNcYl/X" Content-Disposition: inline User-Agent: Mutt/1.5.23 (2014-03-12) X-IsSubscribed: yes X-SW-Source: 2017-12/txt/msg00210.txt.bz2 --LZvS9be/3tNcYl/X Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-length: 2154 This patch introduces a check which ensures that SPARK elaboration code is processed using the static elaboration model as it guarantees the highest degree of safety. ------------ -- Source -- ------------ -- spark_pack.ads package SPARK_Pack with SPARK_Mode is pragma Elaborate_Body; type Root is tagged null record; procedure Prim (Obj : Root); type Child is new Root with null record; procedure Prim (Obj : Child); end SPARK_Pack; -- spark_pack.adb with Ada.Text_IO; use Ada.Text_IO; package body SPARK_Pack with SPARK_Mode is procedure Prim (Obj : Root) is begin Put_Line ("Root.Prim"); end Prim; procedure Prim (Obj : Child) is begin Put_Line ("Child.Prim"); end Prim; end SPARK_Pack; ---------------------------- -- Compilation and output -- ---------------------------- $ echo "Static model" $ gcc -c spark_pack.adb $ echo "Relaxed static model" $ gcc -c spark_pack.adb -gnatJ $ echo "Dynamic model" $ gcc -c spark_pack.adb -gnatE $ echo "Relaxed dynamic model" $ gcc -c spark_pack.adb -gnatE -gnatJ Static model Relaxed static model spark_pack.ads:7:04: warning: SPARK elaboration checks require static elaboration model spark_pack.ads:7:04: warning: relaxed elaboration model is in effect Dynamic model spark_pack.ads:4:09: warning: SPARK elaboration checks require static elaboration model spark_pack.ads:4:09: warning: dynamic elaboration model is in effect Relaxed dynamic model spark_pack.ads:4:09: warning: SPARK elaboration checks require static elaboration model spark_pack.ads:4:09: warning: dynamic elaboration model is in effect Tested on x86_64-pc-linux-gnu, committed on trunk 2017-12-05 Hristian Kirtchev * sem_elab.adb: Update the terminology and switch sections. (Check_SPARK_Model_In_Effect): New routine. (Check_SPARK_Scenario): Verify the model in effect for SPARK. (Process_Conditional_ABE_Call_SPARK): Verify the model in effect for SPARK. (Process_Conditional_ABE_Instantiation_SPARK): Verify the model in effect for SPARK. (Process_Conditional_ABE_Variable_Assignment_SPARK): Verify the model in effect for SPARK. --LZvS9be/3tNcYl/X Content-Type: text/plain; charset=us-ascii Content-Disposition: attachment; filename=difs Content-length: 5055 Index: sem_elab.adb =================================================================== --- sem_elab.adb (revision 255412) +++ sem_elab.adb (working copy) @@ -117,6 +117,9 @@ -- Terminology -- ----------------- + -- * ABE - An attempt to activate, call, or instantiate a scenario which + -- has not been fully elaborated. + -- -- * Bridge target - A type of target. A bridge target is a link between -- scenarios. It is usually a byproduct of expansion and does not have -- any direct ABE ramifications. @@ -421,6 +424,8 @@ -- calls to subprograms which verify the run-time semantics of -- the following assertion pragmas: -- + -- Default_Initial_Condition + -- Initial_Condition -- Invariant -- Invariant'Class -- Post @@ -429,8 +434,8 @@ -- Type_Invariant -- Type_Invariant_Class -- - -- As a result, the assertion expressions of the pragmas will not - -- be processed. + -- As a result, the assertion expressions of the pragmas are not + -- processed. -- -- -gnatd.U ignore indirect calls for static elaboration -- @@ -1044,6 +1049,12 @@ -- Verify that expanded instance Exp_Inst does not precede the generic body -- it instantiates (SPARK RM 7.7(6)). + procedure Check_SPARK_Model_In_Effect (N : Node_Id); + pragma Inline (Check_SPARK_Model_In_Effect); + -- Determine whether a suitable elaboration model is currently in effect + -- for verifying the SPARK rules of scenario N. Emit a warning if this is + -- not the case. + procedure Check_SPARK_Scenario (N : Node_Id); pragma Inline (Check_SPARK_Scenario); -- Top-level dispatcher for verifying SPARK scenarios which are not always @@ -2696,12 +2707,57 @@ end if; end Check_SPARK_Instantiation; + --------------------------------- + -- Check_SPARK_Model_In_Effect -- + --------------------------------- + + SPARK_Model_Warning_Posted : Boolean := False; + -- This flag prevents the same SPARK model-related warning from being + -- emitted multiple times. + + procedure Check_SPARK_Model_In_Effect (N : Node_Id) is + begin + -- Do not emit the warning multiple times as this creates useless noise + + if SPARK_Model_Warning_Posted then + null; + + -- SPARK rule verification requires the "strict" static model + + elsif Static_Elaboration_Checks and not Relaxed_Elaboration_Checks then + null; + + -- Any other combination of models does not guarantee the absence of ABE + -- problems for SPARK rule verification purposes. Note that there is no + -- need to check for the legacy ABE mechanism because the legacy code + -- has its own orthogonal processing for SPARK rules. + + else + SPARK_Model_Warning_Posted := True; + + Error_Msg_N + ("??SPARK elaboration checks require static elaboration model", N); + + if Dynamic_Elaboration_Checks then + Error_Msg_N ("\dynamic elaboration model is in effect", N); + else + pragma Assert (Relaxed_Elaboration_Checks); + Error_Msg_N ("\relaxed elaboration model is in effect", N); + end if; + end if; + end Check_SPARK_Model_In_Effect; + -------------------------- -- Check_SPARK_Scenario -- -------------------------- procedure Check_SPARK_Scenario (N : Node_Id) is begin + -- Ensure that a suitable elaboration model is in effect for SPARK rule + -- verification. + + Check_SPARK_Model_In_Effect (N); + -- Add the current scenario to the stack of active scenarios Push_Active_Scenario (N); @@ -9211,6 +9267,11 @@ Region : Node_Id; begin + -- Ensure that a suitable elaboration model is in effect for SPARK rule + -- verification. + + Check_SPARK_Model_In_Effect (Call); + -- The call and the target body are both in the main unit if Present (Target_Attrs.Body_Decl) @@ -9674,6 +9735,11 @@ Req_Nam : Name_Id; begin + -- Ensure that a suitable elaboration model is in effect for SPARK rule + -- verification. + + Check_SPARK_Model_In_Effect (Inst); + -- A source instantiation imposes an Elaborate[_All] requirement on the -- context of the main unit. Determine whether the context has a pragma -- strong enough to meet the requirement. The check is orthogonal to the @@ -9807,6 +9873,11 @@ Spec_Id : constant Entity_Id := Find_Top_Unit (Var_Decl); begin + -- Ensure that a suitable elaboration model is in effect for SPARK rule + -- verification. + + Check_SPARK_Model_In_Effect (Asmt); + -- Emit an error when an initialized variable declared in a package spec -- without pragma Elaborate_Body is further modified by elaboration code -- within the corresponding body. --LZvS9be/3tNcYl/X--