A lot of forward progress.

Some work on constification, but a bunch of experiment that still needs
to be undone.

The addition of -fclang-contract-groups=foo=<semantic>, which still
needs better integrating with -fcontract-evaluation-semantic=.

The [[clang::contract_group("foo.bar")]] stuff works really well.
I'll be happy to try it in libc++.

What still needs to be done includes:
  * Coming up with a proper descriptor/format for the compiler-stl
    interface. It seems to me we'll want the ABI to be able to evolve
over time, and so we should pass a pointer to data + data descriptor of
some kind so that the STL can parse version of the header from different
compilers & versions.

  * Everything to do with parsing pre/post in inline member functions.
  * Contract redeclaration checking.
  * Constifying implicit this.
  * Code gen & constant evaluation for result names (and representation
    too).
  * Cleanup around experiments for source location & constification.

Author: EricWF

clang/include/clang/AST/Expr.h

@@ -1235,6 +1235,17 @@ class OpaqueValueExpr : public Expr {
   }
 };
 
+// This enum is silly, but avoids creating overload sets where many adjacent
+// arguments are all convertible to/from bool or int.
+enum class ContractConstification {
+  CC_None,
+  CC_ApplyConst,
+};
+
+constexpr ContractConstification CC_None = ContractConstification::CC_None;
+constexpr ContractConstification CC_ApplyConst =
+    ContractConstification::CC_ApplyConst;
+
 /// A reference to a declared variable, function, enum, etc.
 /// [C99 6.5.1p2]
 ///

clang/include/clang/AST/Stmt.h

@@ -863,6 +863,9 @@ class alignas(void *) Stmt {
 
     LLVM_PREFERRED_TYPE(ContractKind)
     unsigned ContractKind : 2;
+
+    LLVM_PREFERRED_TYPE(unsigned)
+    unsigned NumAttrs : 32 - NumStmtBits - 3;
   };
 
   class CXXNewExprBitfields {

clang/include/clang/AST/StmtCXX.h

@@ -526,11 +526,13 @@ class CoreturnStmt : public Stmt {
 };
 
 enum class ContractKind { Pre, Post, Assert };
+class SemaContractHelper;
 
 class ContractStmt final : public Stmt,
-                           private llvm::TrailingObjects<ContractStmt, Stmt *> {
+                           private llvm::TrailingObjects<ContractStmt, void *> {
   friend class ASTStmtReader;
   friend TrailingObjects;
+  friend class SemaContractHelper;
 
   enum { ResultNameDeclOffset = 0, Count = 1 };
 
@@ -539,32 +541,74 @@ class ContractStmt final : public Stmt,
     return ResultNameDeclOffset + ContractAssertBits.HasResultName;
   }
 
-  Stmt **getSubStmts() { return getTrailingObjects<Stmt *>(); }
+  unsigned attributeOffset() const { return condOffset() + 1; }
 
-  Stmt *const *getSubStmts() const { return getTrailingObjects<Stmt *>(); }
+  Stmt **getSubStmts() {
+    return reinterpret_cast<Stmt **>(getTrailingObjects<void *>());
+  }
+  Stmt *const *getSubStmts() const {
+    return reinterpret_cast<Stmt *const *>(getTrailingObjects<void *>());
+  }
 
   SourceLocation KeywordLoc;
 
+  const Attr *const *getAttrArrayPtr() const {
+    return reinterpret_cast<const Attr *const *>(getTrailingObjects<void *>() +
+                                                 attributeOffset());
+  }
+  const Attr **getAttrArrayPtr() {
+    return const_cast<Attr const **>(reinterpret_cast<Attr **>(
+        getTrailingObjects<void *>() + attributeOffset()));
+  }
+
+  Stmt **getStmtPtr() {
+    return reinterpret_cast<Stmt **>(getTrailingObjects<void *>());
+  }
+
+  Stmt *const *getStmtPtr() const {
+    return reinterpret_cast<Stmt *const *>(getTrailingObjects<void *>());
+  }
+
+  ArrayRef<const Stmt *> getStmts() const {
+    return llvm::ArrayRef(getSubStmts(), ContractAssertBits.HasResultName + 1);
+  }
+
+  void copyAttrs(ArrayRef<const Attr *> Attrs) {
+    assert(Attrs.size() == ContractAssertBits.NumAttrs &&
+           "wrong number of attributes");
+    std::copy(Attrs.begin(), Attrs.end(), getAttrArrayPtr());
+  }
+
 public:
-  ContractStmt(ContractKind CK, SourceLocation KeywordLoc, Expr *Condition)
+  ContractStmt(ContractKind CK, SourceLocation KeywordLoc, Expr *Condition,
+               DeclStmt *RN, ArrayRef<const Attr *> Attrs = {})
       : Stmt(ContractStmtClass), KeywordLoc(KeywordLoc) {
     ContractAssertBits.ContractKind = static_cast<unsigned>(CK);
-    ContractAssertBits.HasResultName = false;
+    ContractAssertBits.HasResultName = RN != nullptr;
+    ContractAssertBits.NumAttrs = Attrs.size();
+    if (RN)
+      setResultNameDecl(RN);
     setCondition(Condition);
+    std::copy(Attrs.begin(), Attrs.end(), getAttrArrayPtr());
   }
 
-  ContractStmt(EmptyShell Empty, ContractKind Kind, bool HasResultName = false)
+  ContractStmt(EmptyShell Empty, ContractKind Kind, bool HasResultName,
+               unsigned NumAttrs = 0)
       : Stmt(ContractStmtClass, Empty) {
     ContractAssertBits.ContractKind = static_cast<unsigned>(Kind);
     ContractAssertBits.HasResultName = HasResultName;
+    ContractAssertBits.NumAttrs = NumAttrs;
+    if (NumAttrs != 0)
+      std::fill_n(getAttrArrayPtr(), NumAttrs, nullptr);
   }
 
   static ContractStmt *Create(const ASTContext &C, ContractKind Kind,
                               SourceLocation KeywordLoc, Expr *Condition,
-                              DeclStmt *ResultNameDecl = nullptr);
+                              DeclStmt *ResultNameDecl,
+                              ArrayRef<const Attr *> Attrs = {});
 
   static ContractStmt *CreateEmpty(const ASTContext &C, ContractKind Kind,
-                                   bool HasResultName = false);
+                                   bool HasResultName, unsigned NumAttrs);
 
   ContractKind getContractKind() const {
     return static_cast<ContractKind>(ContractAssertBits.ContractKind);
@@ -573,34 +617,35 @@ class ContractStmt final : public Stmt,
     ContractAssertBits.ContractKind = static_cast<unsigned>(CK);
   }
 
+  ArrayRef<const Attr *> getAttrs() const {
+    return llvm::ArrayRef(getAttrArrayPtr(), ContractAssertBits.NumAttrs);
+  }
+
   bool hasResultNameDecl() const { return ContractAssertBits.HasResultName; }
 
   DeclStmt *getResultNameDeclStmt() const {
     return hasResultNameDecl()
-               ? static_cast<DeclStmt *>(
-                     getTrailingObjects<Stmt *>()[ResultNameDeclOffset])
+               ? static_cast<DeclStmt *>(getStmtPtr()[ResultNameDeclOffset])
                : nullptr;
   }
 
   ResultNameDecl *getResultNameDecl() const;
 
   void setResultNameDecl(DeclStmt *D) {
     assert(hasResultNameDecl() && "no result name decl");
-    getTrailingObjects<Stmt *>()[ResultNameDeclOffset] = D;
+    getStmtPtr()[ResultNameDeclOffset] = D;
   }
 
-  void setCondition(Expr *E) { getTrailingObjects<Stmt *>()[condOffset()] = E; }
+  void setCondition(Expr *E) { getStmtPtr()[condOffset()] = E; }
 
-  Expr *getCond() {
-    return reinterpret_cast<Expr *>(getTrailingObjects<Stmt *>()[condOffset()]);
-  }
+  Expr *getCond() { return static_cast<Expr *>(getStmtPtr()[condOffset()]); }
 
   const Expr *getCond() const {
-    return reinterpret_cast<Expr *>(getTrailingObjects<Stmt *>()[condOffset()]);
+    return static_cast<Expr *>(getStmtPtr()[condOffset()]);
   }
 
   void setCond(Expr *Cond) {
-    getTrailingObjects<Stmt *>()[condOffset()] = reinterpret_cast<Stmt *>(Cond);
+    getStmtPtr()[condOffset()] = reinterpret_cast<Stmt *>(Cond);
   }
 
   SourceLocation getKeywordLoc() const { return KeywordLoc; }
@@ -609,6 +654,10 @@ class ContractStmt final : public Stmt,
     return getCond()->getEndLoc();
   }
 
+  // Return [[clang::contract_group]] attribute group string if specified
+  StringRef getContractGroup() const;
+  ContractEvaluationSemantic getSemantic(const LangOptions &LangOpts) const;
+
   child_range children() {
     return child_range(getSubStmts(), getSubStmts() + condOffset() + 1);
   }

clang/include/clang/Basic/Attr.td

@@ -3262,7 +3262,7 @@ def Unavailable : InheritableAttr {
 
 def ContractGroup : StmtAttr {
   let Spellings = [CXX11<"clang", "contract_group">];
-  let Args = [ StringArgument<"Group">];
+  let Args = [ StringArgument<"Group"> ];
   let Subjects = SubjectList<[ContractStmt], ErrorDiag, "contract_assert">;
   let Documentation = [Undocumented];
 }

clang/include/clang/Basic/ContractOptions.h

@@ -0,0 +1,115 @@
+//===- ContractsOptions.h - C++ Contract Options ----------------*- C++ -*-===//
+//
+// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
+// See https://llvm.org/LICENSE.txt for license information.
+// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
+//
+//===----------------------------------------------------------------------===//
+//
+/// \file
+/// Defines common enums and types used by contracts and contract attributes.
+//
+//===----------------------------------------------------------------------===//
+
+#ifndef LLVM_CLANG_BASIC_CONTRACT_OPTIONS_H
+#define LLVM_CLANG_BASIC_CONTRACT_OPTIONS_H
+
+#include "clang/Basic/LLVM.h"
+#include "llvm/ADT/StringMap.h"
+#include "llvm/ADT/StringRef.h"
+#include <cassert>
+#include <cstdint>
+#include <functional>
+#include <optional>
+#include <string>
+#include <vector>
+
+namespace clang {
+using llvm::StringRef;
+
+enum class ContractGroupDiagnostic {
+  // The remaining values map to %select values in diagnostics in both
+  // DiagnosticSemaKinds.td and DiagnosticDriverKinds.td.
+  InvalidFirstChar,
+  InvalidChar,
+  InvalidLastChar,
+  EmptySubGroup,
+  Empty,
+  InvalidSemantic,
+};
+
+/// Contract evaluation mode. Determines whether to check contracts, and
+// whether contract failures cause compile errors.
+enum class ContractEvaluationSemantic {
+  Invalid = -1,
+
+  // Contracts are parsed, syntax checked and type checked, but never evaluated.
+  // FIXME(EricWF): This doesn't yet map to an actual enumerator in
+  //  std::contracts::evaluation_semantic
+  Ignore = 0,
+
+  // Contracts are run, failures are reported, and when a contract fails the
+  // program is terminated. The compiler can assume after contracts statements
+  // that the contracts hold.
+  Enforce = 1,
+
+  // Contracts are run, and failures are reported, but contract failures do not
+  // logically stop execution of the program, nor can the compiler assume
+  // contracts are true for optimizing.
+  Observe = 2,
+
+  // Contracts are run, failures cause an immediate trap
+  // FIXME(EricWF): This doesn't yet map to an actual enumerator in
+  //  std::contracts::evaluation_semantic
+  QuickEnforce = 3,
+};
+
+/// Represents the set of contract groups that have been enabled or disabled
+/// on the command line using '-fclang-contract-groups='.
+///
+/// A contract group is a string consisting of identifiers join by '.'. For
+/// example, "a.b.c" is a contract group with three subgroups.
+///
+/// When determining if a particular contract check is enabled, we check if
+/// the user has enabled/disabled the group/subgroup that the check belongs to,
+/// in order of specificity. For example, passing
+///   '-fclang-contract-groups=-std,+std.hardening,-std.hardening.foo'
+/// will enable 'std.hardening.baz', but disable 'std.hardening.foo.bar' and
+/// 'std.baz'.
+///
+/// TODO(EricWF): Should we match in the same manner as clang-tidy checks?
+///    Specifically, allow the use of '*' and drop all notion of groups?
+class ContractOptions {
+public:
+  ContractOptions() = default;
+
+public:
+  using DiagnoseGroupFunc =
+      std::function<void(ContractGroupDiagnostic, StringRef, StringRef)>;
+
+  static bool validateContractGroup(llvm::StringRef GroupAndValue,
+                                    const DiagnoseGroupFunc &Diagnoser);
+
+  std::vector<std::string> serializeContractGroupArgs() const;
+
+  void parseContractGroups(const std::vector<std::string> &Groups,
+                           const DiagnoseGroupFunc &Diagnoser);
+
+  void addUnparsedContractGroup(StringRef GroupAndValue,
+                                const DiagnoseGroupFunc &Diagnoser);
+
+  ContractEvaluationSemantic getSemanticForGroup(llvm::StringRef Group) const;
+  void setGroupSemantic(llvm::StringRef Group,
+                        ContractEvaluationSemantic Semantic);
+
+  /// The default semantics for contracts.
+  ContractEvaluationSemantic DefaultSemantic =
+      ContractEvaluationSemantic::Enforce;
+
+  /// The semantics for each contract group, if specified.
+  llvm::StringMap<ContractEvaluationSemantic> SemanticsByGroup;
+};
+
+} // namespace clang
+
+#endif // LLVM_CLANG_BASIC_CONTRACT_OPTIONS_H

clang/include/clang/Basic/DiagnosticDriverKinds.td

@@ -816,4 +816,16 @@ def err_drv_triple_version_invalid : Error<
 
 def warn_missing_include_dirs : Warning<
   "no such include directory: '%0'">, InGroup<MissingIncludeDirs>, DefaultIgnore;
+
+
+def err_drv_contract_group_name_invalid : Error<
+  "contract group name %select{"
+     "\"%1\" cannot start with '%2'"
+    "|\"%1\" cannot contain '%2'"
+    "|\"%1\" cannot end with '%2'"
+    "|\"%1\" cannot contain empty subgroup \"%2\""
+    "|cannot be empty"
+    "|\"%2\" is an invalid value"
+    "}0">;
+
 }

clang/include/clang/Basic/DiagnosticSemaKinds.td

@@ -11905,6 +11905,21 @@ def err_deduced_auto_result_name_without_body : Error<
 def err_result_name_not_allowed : Error<
   "result name %0 not allowed outside of post condition specifier">;
 
+// Diagnose clang::contract_group attribute strings
+def err_contract_group_attribute_invalid_group : Error<
+  "clang::contract_group group %select{"
+     "\"%1\" cannot start with '%2'"
+    "|\"%1\" cannot contain '%2'"
+    "|\"%1\" cannot end with '%2'"
+    "|\"%1\" cannot contain empty subgroup \"%2\""
+    "|cannot be empty"
+    "|<cannot-happen-here>"
+    "}0">;
+
+
+def err_contract_group_redeclared : Error<
+  "clang::contract_group attribute appears more than once">;
+
 } // end of contracts issues
 let CategoryName = "Documentation Issue" in {
 def warn_not_a_doxygen_trailing_member_comment : Warning<