public inbox for gcc-patches@gcc.gnu.org
 help / color / mirror / Atom feed
* [Ada] Disable inlining of traversal function in GNATprove
@ 2019-09-19 13:29 Pierre-Marie de Rodat
  0 siblings, 0 replies; only message in thread
From: Pierre-Marie de Rodat @ 2019-09-19 13:29 UTC (permalink / raw)
  To: gcc-patches; +Cc: Yannick Moy

[-- Attachment #1: Type: text/plain, Size: 481 bytes --]

Traversal functions as defined in SPARK RM 3.10 should not be inlined
for analysis in GNATprove, as this changes the ownership behavior.
Disable the inlining performed in GNATprove on functions which could be
interpreted as such.

There is no impact on compilation and thus no test.

Tested on x86_64-pc-linux-gnu, committed on trunk

2019-09-19  Yannick Moy  <moy@adacore.com>

gcc/ada/

	* inline.adb (Can_Be_Inlined_In_GNATprove_Mode): Add special
	case for traversal functions.

[-- Attachment #2: patch.diff --]
[-- Type: text/x-diff, Size: 2144 bytes --]

--- gcc/ada/inline.adb
+++ gcc/ada/inline.adb
@@ -1512,6 +1512,12 @@ package body Inline is
       --  Return True if subprogram Id is defined in the package specification,
       --  either its visible or private part.
 
+      function Maybe_Traversal_Function (Id : Entity_Id) return Boolean;
+      --  Return True if subprogram Id could be a traversal function, as
+      --  defined in SPARK RM 3.10. This is only a safe approximation, as the
+      --  knowledge of the SPARK boundary is needed to determine exactly
+      --  traversal functions.
+
       ---------------------------------------------------
       -- Has_Formal_With_Discriminant_Dependent_Fields --
       ---------------------------------------------------
@@ -1635,6 +1641,20 @@ package body Inline is
          return Nkind (Parent (Decl)) = N_Compilation_Unit;
       end Is_Unit_Subprogram;
 
+      ------------------------------
+      -- Maybe_Traversal_Function --
+      ------------------------------
+
+      function Maybe_Traversal_Function (Id : Entity_Id) return Boolean is
+      begin
+         return Ekind (Id) = E_Function
+
+           --  Only traversal functions return an anonymous access-to-object
+           --  type in SPARK.
+
+           and then Is_Anonymous_Access_Type (Etype (Id));
+      end Maybe_Traversal_Function;
+
       --  Local declarations
 
       Id : Entity_Id;
@@ -1757,6 +1777,15 @@ package body Inline is
       elsif Has_Formal_With_Discriminant_Dependent_Fields (Id) then
          return False;
 
+      --  Do not inline subprograms which may be traversal functions. Such
+      --  inlining introduces temporary variables of named access type for
+      --  which assignments are move instead of borrow/observe, possibly
+      --  leading to spurious errors when checking SPARK rules related to
+      --  pointer usage.
+
+      elsif Maybe_Traversal_Function (Id) then
+         return False;
+
       --  Otherwise, this is a subprogram declared inside the private part of a
       --  package, or inside a package body, or locally in a subprogram, and it
       --  does not have any contract. Inline it.


^ permalink raw reply	[flat|nested] only message in thread
only message in thread, other threads:[~2019-09-19 13:28 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-09-19 13:29 [Ada] Disable inlining of traversal function in GNATprove Pierre-Marie de Rodat

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).