From patchwork Wed May 18 08:43:17 2022
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Pierre-Marie de Rodat <derodat@adacore.com>
X-Patchwork-Id: 54136
Return-Path: <gcc-patches-bounces+patchwork=sourceware.org@gcc.gnu.org>
X-Original-To: patchwork@sourceware.org
Delivered-To: patchwork@sourceware.org
Received: from server2.sourceware.org (localhost [IPv6:::1])
	by sourceware.org (Postfix) with ESMTP id AAA113858002
	for <patchwork@sourceware.org>; Wed, 18 May 2022 08:58:50 +0000 (GMT)
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org AAA113858002
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gcc.gnu.org;
	s=default; t=1652864330;
	bh=BF+YmBn4/sH0sZpsmxrY7V2xFbZzoWHXl1HgPeMmju0=;
	h=Date:To:Subject:List-Id:List-Unsubscribe:List-Archive:List-Post:
	 List-Help:List-Subscribe:From:Reply-To:Cc:From;
	b=KCoe2UGbGA7ObDl6SizDvMSiGYqtb2tLXkBKptF5WsB3eByK7Egnq+CwEJuADmeyR
	 VDJ0G53pUIcwmAoDuXz1CB2EkOBFihWRvAvuUE0v2FrX3Itig4TOPwwQ6pfAP7xpgR
	 nrsas/Xc5N4H5naD+M/+OLxGSu2UYkEpy+xlRVwc=
X-Original-To: gcc-patches@gcc.gnu.org
Delivered-To: gcc-patches@gcc.gnu.org
Received: from mail-wr1-x42a.google.com (mail-wr1-x42a.google.com
 [IPv6:2a00:1450:4864:20::42a])
 by sourceware.org (Postfix) with ESMTPS id 836BE3857823
 for <gcc-patches@gcc.gnu.org>; Wed, 18 May 2022 08:43:18 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 836BE3857823
Received: by mail-wr1-x42a.google.com with SMTP id s28so1511268wrb.7
 for <gcc-patches@gcc.gnu.org>; Wed, 18 May 2022 01:43:18 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20210112;
 h=x-gm-message-state:date:from:to:cc:subject:message-id:mime-version
 :content-disposition;
 bh=BF+YmBn4/sH0sZpsmxrY7V2xFbZzoWHXl1HgPeMmju0=;
 b=3RsWnzhPe8cTmvixiTYE7V/auir/dWUbD41y2V49ZWf6QOh6kx/aagECDmW0PnZSCD
 vfkAbzQecWBpefCI8+Clpv5RHZa7kHx3Tp6zg2kuGpJfQnVHuQ0f5aSyTMTV8ORpQuiK
 i5wCe2y551emnU29tVTImKqm8DPXGUdnYMtmQfa2JtnlTI/6aFG1eh62eVvk2I3U7z3v
 VrQ2Gtf22QURrTWrre9G2PNFPD6t1kWvpLcsv3MN/V0x2syMrnl1ZeVx8J5lpCweRFou
 OyLLHnmEZmZAGBueuMa68toT62nhFQ4U/oiL1qaKCk/I2sMHAvUovyvRJ4Hnucgc6Kh6
 Ebbw==
X-Gm-Message-State: AOAM530WMYPlY1XwRC9ZPMvtKsoYQgEwzy3Rw+Rx10pFDmxFyry9UT0G
 yhNUfld2HT90GiJZ/twuYxSahb2SC/i9RA==
X-Google-Smtp-Source: 
 ABdhPJxRoR9zT5oKdh9Uo8+AjVZ4OsJJTdlbgUXOCimr0Z96v2Kg437r0NmYFQ3msu5PFJRMXAmCOw==
X-Received: by 2002:a05:6000:10d2:b0:20d:e9d:5277 with SMTP id
 b18-20020a05600010d200b0020d0e9d5277mr9817859wrx.566.1652863398078;
 Wed, 18 May 2022 01:43:18 -0700 (PDT)
Received: from adacore.com ([45.147.211.82]) by smtp.gmail.com with ESMTPSA id
 p30-20020a1c545e000000b003942a244f48sm3779244wmi.33.2022.05.18.01.43.17
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Wed, 18 May 2022 01:43:17 -0700 (PDT)
Date: Wed, 18 May 2022 08:43:17 +0000
To: gcc-patches@gcc.gnu.org
Subject: [Ada] Fix proof of runtime units
Message-ID: <20220518084317.GA3341771@adacore.com>
MIME-Version: 1.0
Content-Disposition: inline
X-Spam-Status: No, score=-13.2 required=5.0 tests=BAYES_00, DKIM_SIGNED,
 DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0, RCVD_IN_DNSWL_NONE,
 SPF_HELO_NONE, SPF_PASS, TXREP,
 T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on
 server2.sourceware.org
X-BeenThere: gcc-patches@gcc.gnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Gcc-patches mailing list <gcc-patches.gcc.gnu.org>
List-Unsubscribe: <https://gcc.gnu.org/mailman/options/gcc-patches>,
 <mailto:gcc-patches-request@gcc.gnu.org?subject=unsubscribe>
List-Archive: <https://gcc.gnu.org/pipermail/gcc-patches/>
List-Post: <mailto:gcc-patches@gcc.gnu.org>
List-Help: <mailto:gcc-patches-request@gcc.gnu.org?subject=help>
List-Subscribe: <https://gcc.gnu.org/mailman/listinfo/gcc-patches>,
 <mailto:gcc-patches-request@gcc.gnu.org?subject=subscribe>
X-Patchwork-Original-From: Pierre-Marie de Rodat via Gcc-patches
 <gcc-patches@gcc.gnu.org>
From: Pierre-Marie de Rodat <derodat@adacore.com>
Reply-To: Pierre-Marie de Rodat <derodat@adacore.com>
Cc: Yannick Moy <moy@adacore.com>
Errors-To: gcc-patches-bounces+patchwork=sourceware.org@gcc.gnu.org
Sender: "Gcc-patches"
 <gcc-patches-bounces+patchwork=sourceware.org@gcc.gnu.org>

Update to latest version of Why3 caused some proof regressions.
Fix the proof by changing ghost code.

Tested on x86_64-pc-linux-gnu, committed on trunk

gcc/ada/

	* libgnat/s-imagei.adb (Set_Digits): Add assertion.
	* libgnat/s-imgboo.adb (Image_Boolean): Add assertions.
	* libgnat/s-valueu.adb (Scan_Raw_Unsigned): Add assertion.

diff --git a/gcc/ada/libgnat/s-imagei.adb b/gcc/ada/libgnat/s-imagei.adb
--- a/gcc/ada/libgnat/s-imagei.adb
+++ b/gcc/ada/libgnat/s-imagei.adb
@@ -388,6 +388,8 @@ package body System.Image_I is
          Prove_Uns_Of_Non_Positive_Value;
          pragma Assert (Uns_Value rem 10 = Uns_Of_Non_Positive (Value rem 10));
          pragma Assert (Uns_Value rem 10 = Uns (-(Value rem 10)));
+         pragma Assert
+           (Uns_Value = From_Big (Big (Uns_T) / Big_10 ** (Nb_Digits - J)));
 
          Prev_Value := Uns_Value;
          Prev_S := S;


diff --git a/gcc/ada/libgnat/s-imgboo.adb b/gcc/ada/libgnat/s-imgboo.adb
--- a/gcc/ada/libgnat/s-imgboo.adb
+++ b/gcc/ada/libgnat/s-imgboo.adb
@@ -37,6 +37,8 @@ pragma Assertion_Policy (Ghost          => Ignore,
                          Loop_Invariant => Ignore,
                          Assert         => Ignore);
 
+with System.Val_Util;
+
 package body System.Img_Bool
   with SPARK_Mode
 is
@@ -55,9 +57,13 @@ is
       if V then
          S (1 .. 4) := "TRUE";
          P := 4;
+         pragma Assert
+           (System.Val_Util.First_Non_Space_Ghost (S, S'First, S'Last) = 1);
       else
          S (1 .. 5) := "FALSE";
          P := 5;
+         pragma Assert
+           (System.Val_Util.First_Non_Space_Ghost (S, S'First, S'Last) = 1);
       end if;
    end Image_Boolean;
 


diff --git a/gcc/ada/libgnat/s-valueu.adb b/gcc/ada/libgnat/s-valueu.adb
--- a/gcc/ada/libgnat/s-valueu.adb
+++ b/gcc/ada/libgnat/s-valueu.adb
@@ -645,6 +645,7 @@ package body System.Value_U is
 
       Scan_Exponent (Str, Ptr, Max, Expon);
 
+      pragma Assert (Ptr.all = Raw_Unsigned_Last_Ghost (Str, Ptr_Old, Max));
       pragma Assert
         (if Starts_As_Exponent_Format_Ghost (Str (First_Exp .. Max))
          then Expon = Scan_Exponent_Ghost (Str (First_Exp .. Max)));