From patchwork Tue Dec 5 12:24:19 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Pierre-Marie de Rodat X-Patchwork-Id: 844722 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=gcc.gnu.org (client-ip=209.132.180.131; helo=sourceware.org; envelope-from=gcc-patches-return-468507-incoming=patchwork.ozlabs.org@gcc.gnu.org; receiver=) Authentication-Results: ozlabs.org; dkim=pass (1024-bit key; unprotected) header.d=gcc.gnu.org header.i=@gcc.gnu.org header.b="PhPSoHjE"; dkim-atps=neutral Received: from sourceware.org (server1.sourceware.org [209.132.180.131]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 3yrgsw31tWz9tB5 for ; Tue, 5 Dec 2017 23:24:36 +1100 (AEDT) DomainKey-Signature: a=rsa-sha1; c=nofws; d=gcc.gnu.org; h=list-id :list-unsubscribe:list-archive:list-post:list-help:sender:date :from:to:cc:subject:message-id:mime-version:content-type; q=dns; s=default; b=rS+FqkZxXZMXRvR5IdUKzAoCYyTaL2/mu1jMvywC5I2h6ouPiV H2Jr0Zw39kLdLpRs3shdwKSb6pMLym1APOQtjD7k03egSL/BL+/6K0U+6PWJgmuh XXyI8xuAWDLkFGwBXkxTxSjarYFCn68YVjNq2T4myrvWOOHARO3tAmYlI= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=gcc.gnu.org; h=list-id :list-unsubscribe:list-archive:list-post:list-help:sender:date :from:to:cc:subject:message-id:mime-version:content-type; s= default; bh=31EARnnSZ4tk4lImL5GpNUPtU6k=; b=PhPSoHjEh60WFsFDAr5u cTWQ3ob4HsXfjc0UdS0i01aqwz/QLKlruxjnUxTSWLtRWImCBbex763RdeLV4TNE LxzwW/IWix3YyoK9xx/P92CSTq7SvjD1p8WmrhPPevC4anSUi7yVCkObIm3jB5kk Zj+VhbaBfcWFnaUXB1ywU1s= Received: (qmail 103383 invoked by alias); 5 Dec 2017 12:24:29 -0000 Mailing-List: contact gcc-patches-help@gcc.gnu.org; run by ezmlm Precedence: bulk List-Id: List-Unsubscribe: List-Archive: List-Post: List-Help: Sender: gcc-patches-owner@gcc.gnu.org Delivered-To: mailing list gcc-patches@gcc.gnu.org Received: (qmail 103369 invoked by uid 89); 5 Dec 2017 12:24:27 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-11.1 required=5.0 tests=BAYES_00, GIT_PATCH_2, GIT_PATCH_3, KAM_ASCII_DIVIDERS, RCVD_IN_DNSWL_NONE, SPF_PASS autolearn=ham version=3.3.2 spammy= X-HELO: rock.gnat.com Received: from rock.gnat.com (HELO rock.gnat.com) (205.232.38.15) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Tue, 05 Dec 2017 12:24:21 +0000 Received: from localhost (localhost.localdomain [127.0.0.1]) by filtered-rock.gnat.com (Postfix) with ESMTP id 9EC84116E13; Tue, 5 Dec 2017 07:24:19 -0500 (EST) Received: from rock.gnat.com ([127.0.0.1]) by localhost (rock.gnat.com [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 98CXNKUK1eKP; Tue, 5 Dec 2017 07:24:19 -0500 (EST) Received: from tron.gnat.com (tron.gnat.com [IPv6:2620:20:4000:0:46a8:42ff:fe0e:e294]) by rock.gnat.com (Postfix) with ESMTP id 8DA5C116E10; Tue, 5 Dec 2017 07:24:19 -0500 (EST) Received: by tron.gnat.com (Postfix, from userid 4862) id 8C623379; Tue, 5 Dec 2017 07:24:19 -0500 (EST) Date: Tue, 5 Dec 2017 07:24:19 -0500 From: Pierre-Marie de Rodat To: gcc-patches@gcc.gnu.org Cc: Hristian Kirtchev Subject: [Ada] Warn on weal elaboration model for SPARK Message-ID: <20171205122418.GA16038@adacore.com> MIME-Version: 1.0 Content-Disposition: inline User-Agent: Mutt/1.5.23 (2014-03-12) X-IsSubscribed: yes This patch introduces a check which ensures that SPARK elaboration code is processed using the static elaboration model as it guarantees the highest degree of safety. ------------ -- Source -- ------------ -- spark_pack.ads package SPARK_Pack with SPARK_Mode is pragma Elaborate_Body; type Root is tagged null record; procedure Prim (Obj : Root); type Child is new Root with null record; procedure Prim (Obj : Child); end SPARK_Pack; -- spark_pack.adb with Ada.Text_IO; use Ada.Text_IO; package body SPARK_Pack with SPARK_Mode is procedure Prim (Obj : Root) is begin Put_Line ("Root.Prim"); end Prim; procedure Prim (Obj : Child) is begin Put_Line ("Child.Prim"); end Prim; end SPARK_Pack; ---------------------------- -- Compilation and output -- ---------------------------- $ echo "Static model" $ gcc -c spark_pack.adb $ echo "Relaxed static model" $ gcc -c spark_pack.adb -gnatJ $ echo "Dynamic model" $ gcc -c spark_pack.adb -gnatE $ echo "Relaxed dynamic model" $ gcc -c spark_pack.adb -gnatE -gnatJ Static model Relaxed static model spark_pack.ads:7:04: warning: SPARK elaboration checks require static elaboration model spark_pack.ads:7:04: warning: relaxed elaboration model is in effect Dynamic model spark_pack.ads:4:09: warning: SPARK elaboration checks require static elaboration model spark_pack.ads:4:09: warning: dynamic elaboration model is in effect Relaxed dynamic model spark_pack.ads:4:09: warning: SPARK elaboration checks require static elaboration model spark_pack.ads:4:09: warning: dynamic elaboration model is in effect Tested on x86_64-pc-linux-gnu, committed on trunk 2017-12-05 Hristian Kirtchev * sem_elab.adb: Update the terminology and switch sections. (Check_SPARK_Model_In_Effect): New routine. (Check_SPARK_Scenario): Verify the model in effect for SPARK. (Process_Conditional_ABE_Call_SPARK): Verify the model in effect for SPARK. (Process_Conditional_ABE_Instantiation_SPARK): Verify the model in effect for SPARK. (Process_Conditional_ABE_Variable_Assignment_SPARK): Verify the model in effect for SPARK. Index: sem_elab.adb =================================================================== --- sem_elab.adb (revision 255412) +++ sem_elab.adb (working copy) @@ -117,6 +117,9 @@ -- Terminology -- ----------------- + -- * ABE - An attempt to activate, call, or instantiate a scenario which + -- has not been fully elaborated. + -- -- * Bridge target - A type of target. A bridge target is a link between -- scenarios. It is usually a byproduct of expansion and does not have -- any direct ABE ramifications. @@ -421,6 +424,8 @@ -- calls to subprograms which verify the run-time semantics of -- the following assertion pragmas: -- + -- Default_Initial_Condition + -- Initial_Condition -- Invariant -- Invariant'Class -- Post @@ -429,8 +434,8 @@ -- Type_Invariant -- Type_Invariant_Class -- - -- As a result, the assertion expressions of the pragmas will not - -- be processed. + -- As a result, the assertion expressions of the pragmas are not + -- processed. -- -- -gnatd.U ignore indirect calls for static elaboration -- @@ -1044,6 +1049,12 @@ -- Verify that expanded instance Exp_Inst does not precede the generic body -- it instantiates (SPARK RM 7.7(6)). + procedure Check_SPARK_Model_In_Effect (N : Node_Id); + pragma Inline (Check_SPARK_Model_In_Effect); + -- Determine whether a suitable elaboration model is currently in effect + -- for verifying the SPARK rules of scenario N. Emit a warning if this is + -- not the case. + procedure Check_SPARK_Scenario (N : Node_Id); pragma Inline (Check_SPARK_Scenario); -- Top-level dispatcher for verifying SPARK scenarios which are not always @@ -2696,12 +2707,57 @@ end if; end Check_SPARK_Instantiation; + --------------------------------- + -- Check_SPARK_Model_In_Effect -- + --------------------------------- + + SPARK_Model_Warning_Posted : Boolean := False; + -- This flag prevents the same SPARK model-related warning from being + -- emitted multiple times. + + procedure Check_SPARK_Model_In_Effect (N : Node_Id) is + begin + -- Do not emit the warning multiple times as this creates useless noise + + if SPARK_Model_Warning_Posted then + null; + + -- SPARK rule verification requires the "strict" static model + + elsif Static_Elaboration_Checks and not Relaxed_Elaboration_Checks then + null; + + -- Any other combination of models does not guarantee the absence of ABE + -- problems for SPARK rule verification purposes. Note that there is no + -- need to check for the legacy ABE mechanism because the legacy code + -- has its own orthogonal processing for SPARK rules. + + else + SPARK_Model_Warning_Posted := True; + + Error_Msg_N + ("??SPARK elaboration checks require static elaboration model", N); + + if Dynamic_Elaboration_Checks then + Error_Msg_N ("\dynamic elaboration model is in effect", N); + else + pragma Assert (Relaxed_Elaboration_Checks); + Error_Msg_N ("\relaxed elaboration model is in effect", N); + end if; + end if; + end Check_SPARK_Model_In_Effect; + -------------------------- -- Check_SPARK_Scenario -- -------------------------- procedure Check_SPARK_Scenario (N : Node_Id) is begin + -- Ensure that a suitable elaboration model is in effect for SPARK rule + -- verification. + + Check_SPARK_Model_In_Effect (N); + -- Add the current scenario to the stack of active scenarios Push_Active_Scenario (N); @@ -9211,6 +9267,11 @@ Region : Node_Id; begin + -- Ensure that a suitable elaboration model is in effect for SPARK rule + -- verification. + + Check_SPARK_Model_In_Effect (Call); + -- The call and the target body are both in the main unit if Present (Target_Attrs.Body_Decl) @@ -9674,6 +9735,11 @@ Req_Nam : Name_Id; begin + -- Ensure that a suitable elaboration model is in effect for SPARK rule + -- verification. + + Check_SPARK_Model_In_Effect (Inst); + -- A source instantiation imposes an Elaborate[_All] requirement on the -- context of the main unit. Determine whether the context has a pragma -- strong enough to meet the requirement. The check is orthogonal to the @@ -9807,6 +9873,11 @@ Spec_Id : constant Entity_Id := Find_Top_Unit (Var_Decl); begin + -- Ensure that a suitable elaboration model is in effect for SPARK rule + -- verification. + + Check_SPARK_Model_In_Effect (Asmt); + -- Emit an error when an initialized variable declared in a package spec -- without pragma Elaborate_Body is further modified by elaboration code -- within the corresponding body.