This patch adds a warning on certain occurrences of Subprogram'Access that could cause an access-before-elaboration error.
The following example should give a warning when compiled with the -gnatw.f switch: % gcc -c -gnatw.f -gnatwe elab_acc.adb elab_acc.ads:4:31: warning: Access attribute of "F" before body seen elab_acc.ads:4:31: warning: possible Program_Error on later references % package Elab_Acc is function F return Integer; type Funcy is access function return Integer; F_Ptr : constant Funcy := F'Access; -- Calls to F_Ptr.all before F's body can cause an -- access-before-elaboration error. end Elab_Acc; package body Elab_Acc is function F return Integer is begin return 123; end F; end Elab_Acc; Tested on x86_64-pc-linux-gnu, committed on trunk 2015-01-07 Bob Duff <d...@adacore.com> * sem_elab.adb (Check_Internal_Call_Continue): Give a warning for P'Access, where P is a subprogram in the same package as the P'Access, and the P'Access is evaluated at elaboration time, and occurs before the body of P. For example, "X : T := P'Access;" would allow a subsequent call to X.all to be an access-before-elaboration error; hence the warning. This warning is enabled by the -gnatw.f switch. * opt.ads (Warn_On_Elab_Access): New flag for warning switch. * warnsw.adb (Set_Dot_Warning_Switch): Set Warn_On_Elab_Access. * gnat_ugn.texi: Document the new warning.
Index: gnat_ugn.texi =================================================================== --- gnat_ugn.texi (revision 219252) +++ gnat_ugn.texi (working copy) @@ -5048,6 +5048,23 @@ effect of warning on unreferenced entities other than subprogram formals. +@item -gnatw.f +@emph{Activate warnings on suspicious subprogram 'Access.} +@cindex @option{-gnatw.f} (@command{gcc}) +This switch causes a warning to be generated if @code{P'Access} occurs +in the same package where subprogram P is declared, and the +@code{P'Access} is evaluated at elaboration time, and occurs before +the body of P has been elaborated. For example, if we have +@code{X : T := P'Access;}, then if X.all is subsequently called before +the body of P is elaborated, it could cause +access-before-elaboration. The default is that these warnings are not +generated. + +@item -gnatw.F +@emph{Suppress warnings on suspicious subprogram 'Access.} +@cindex @option{-gnatw.F} (@command{gcc}) +This switch suppresses warnings for suspicious subprogram 'Access. + @item -gnatwg @emph{Activate warnings on unrecognized pragmas.} @cindex @option{-gnatwg} (@command{gcc}) Index: warnsw.adb =================================================================== --- warnsw.adb (revision 219191) +++ warnsw.adb (working copy) @@ -326,6 +326,12 @@ when 'e' => All_Warnings (True); + when 'f' => + Warn_On_Elab_Access := True; + + when 'F' => + Warn_On_Elab_Access := False; + when 'g' => Set_GNAT_Mode_Warnings; Index: sem_elab.adb =================================================================== --- sem_elab.adb (revision 219191) +++ sem_elab.adb (working copy) @@ -1990,10 +1990,21 @@ Inst_Case : constant Boolean := Nkind (N) in N_Generic_Instantiation; begin - -- If not function or procedure call or instantiation, then ignore - -- call (this happens in some error cases and rewriting cases). + -- For P'Access, we want to warn if the -gnatw.f switch is set, and the + -- node comes from source. - if not Nkind_In (N, N_Function_Call, N_Procedure_Call_Statement) + if Nkind (N) = N_Attribute_Reference and then + (not Warn_On_Elab_Access or else not Comes_From_Source (N)) + then + return; + + -- If not function or procedure call, instantiation, or 'Access, then + -- ignore call (this happens in some error cases and rewriting cases). + + elsif not Nkind_In + (N, N_Function_Call, + N_Procedure_Call_Statement, + N_Attribute_Reference) and then not Inst_Case then return; @@ -2001,7 +2012,7 @@ -- Nothing to do if this is a call or instantiation that has already -- been found to be a sure ABE. - elsif ABE_Is_Certain (N) then + elsif Nkind (N) /= N_Attribute_Reference and then ABE_Is_Certain (N) then return; -- Nothing to do if errors already detected (avoid cascaded errors) @@ -2323,7 +2334,7 @@ -- Not that special case, warning and dynamic check is required -- If we have nothing in the call stack, then this is at the outer - -- level, and the ABE is bound to occur. + -- level, and the ABE is bound to occur, unless it's a 'Access. if Elab_Call.Last = 0 then Error_Msg_Warn := SPARK_Mode /= On; @@ -2331,13 +2342,19 @@ if Inst_Case then Error_Msg_NE ("cannot instantiate& before body seen<<", N, Orig_Ent); + elsif Nkind (N) /= N_Attribute_Reference then + Error_Msg_NE + ("cannot call& before body seen<<", N, Orig_Ent); else Error_Msg_NE - ("cannot call& before body seen<<", N, Orig_Ent); + ("Access attribute of & before body seen<<", N, Orig_Ent); + Error_Msg_N ("\possible Program_Error on later references<", N); end if; - Error_Msg_N ("\Program_Error [<<", N); - Insert_Elab_Check (N); + if Nkind (N) /= N_Attribute_Reference then + Error_Msg_N ("\Program_Error [<<", N); + Insert_Elab_Check (N); + end if; -- Call is not at outer level Index: opt.ads =================================================================== --- opt.ads (revision 219280) +++ opt.ads (working copy) @@ -1669,6 +1669,13 @@ -- Set to True to generate warnings for suspicious use of export or -- import pragmas. Modified by use of -gnatwx/X. + Warn_On_Elab_Access : Boolean := False; + -- GNAT + -- Set to True to generate warnings for P'Access in the case where + -- subprogram P is in the same package as the P'Access, and the P'Access is + -- evaluated at package elaboration time, and occurs before the body of P + -- has been elaborated. + Warn_On_Hiding : Boolean := False; -- GNAT -- Set to True to generate warnings if a declared entity hides another