public inbox for gcc-patches@gcc.gnu.org
 help / color / mirror / Atom feed
* [Ada] Avoid crash in GNATprove_Mode on allocator inside type
@ 2019-08-13  8:32 Pierre-Marie de Rodat
  0 siblings, 0 replies; only message in thread
From: Pierre-Marie de Rodat @ 2019-08-13  8:32 UTC (permalink / raw)
  To: gcc-patches; +Cc: Yannick Moy

[-- Attachment #1: Type: text/plain, Size: 751 bytes --]

In the special mode for GNATprove, subtypes should be declared for
allocators when constraints are used. This was done previously but it
does not work inside spec expressions, as the declaration is not
inserted and analyzed in the AST in that case, leading to a later crash
on an incomplete entity. Thus, no declaration should be created in such
a case, letting GNATprove later reject such code due to the use of an
allocator in an interfering context.

Tested on x86_64-pc-linux-gnu, committed on trunk

2019-08-13  Yannick Moy  <moy@adacore.com>

gcc/ada/

	* sem_ch4.adb (Analyze_Allocator): Do not insert subtype
	declaration for allocator inside a spec expression.

gcc/testsuite/

	* gnat.dg/allocator2.adb, gnat.dg/allocator2.ads: New testcase.

[-- Attachment #2: patch.diff --]
[-- Type: text/x-diff, Size: 1782 bytes --]

--- gcc/ada/sem_ch4.adb
+++ gcc/ada/sem_ch4.adb
@@ -676,9 +676,15 @@ package body Sem_Ch4 is
 
                --  In GNATprove mode we need to preserve the link between
                --  the original subtype indication and the anonymous subtype,
-               --  to extend proofs to constrained acccess types.
-
-               if Expander_Active or else GNATprove_Mode then
+               --  to extend proofs to constrained acccess types. We only do
+               --  that outside of spec expressions, otherwise the declaration
+               --  cannot be inserted and analyzed. In such a case, GNATprove
+               --  later rejects the allocator as it is not used here in
+               --  a non-interfering context (SPARK 4.8(2) and 7.1.3(12)).
+
+               if Expander_Active
+                 or else (GNATprove_Mode and then not In_Spec_Expression)
+               then
                   Def_Id := Make_Temporary (Loc, 'S');
 
                   Insert_Action (E,

--- /dev/null
new file mode 100644
+++ gcc/testsuite/gnat.dg/allocator2.adb
@@ -0,0 +1,6 @@
+--  { dg-do compile }
+--  { dg-options "-gnatd.F" }
+
+package body Allocator2 is
+   procedure Dummy is null;
+end Allocator2;

--- /dev/null
new file mode 100644
+++ gcc/testsuite/gnat.dg/allocator2.ads
@@ -0,0 +1,15 @@
+pragma SPARK_Mode;
+package Allocator2 is
+    type Nat_Array is array (Positive range <>) of Natural with
+      Default_Component_Value => 0;
+    type Nat_Stack (Max : Natural) is record
+       Content : Nat_Array (1 .. Max);
+    end record;
+    type Stack_Acc is access Nat_Stack;
+    type My_Rec is private;
+private
+    type My_Rec is record
+       My_Stack : Stack_Acc := new Nat_Stack (Max => 10);
+    end record;
+   procedure Dummy;
+end Allocator2;


^ permalink raw reply	[flat|nested] only message in thread
only message in thread, other threads:[~2019-08-13  8:32 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-08-13  8:32 [Ada] Avoid crash in GNATprove_Mode on allocator inside type Pierre-Marie de Rodat

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).