From patchwork Wed Sep 6 10:27:28 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Arnaud Charlet X-Patchwork-Id: 810494 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (mailfrom) smtp.mailfrom=gcc.gnu.org (client-ip=209.132.180.131; helo=sourceware.org; envelope-from=gcc-patches-return-461580-incoming=patchwork.ozlabs.org@gcc.gnu.org; receiver=) Authentication-Results: ozlabs.org; dkim=pass (1024-bit key; unprotected) header.d=gcc.gnu.org header.i=@gcc.gnu.org header.b="G+BLp14F"; dkim-atps=neutral Received: from sourceware.org (server1.sourceware.org [209.132.180.131]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 3xnKXf5dxnz9sBd for ; Wed, 6 Sep 2017 20:27:44 +1000 (AEST) DomainKey-Signature: a=rsa-sha1; c=nofws; d=gcc.gnu.org; h=list-id :list-unsubscribe:list-archive:list-post:list-help:sender:date :from:to:cc:subject:message-id:mime-version:content-type; q=dns; s=default; b=uy6ljNeTQxQyNxfkWoC3eOSnkertErZwHFLFONy8f8hKquseEl bYTgGI5ER/RokhnlrXqLEOgZ1I/cslcMElK9xBFshcKan9Ojx2QjPp+Vau6iG36E Xjf5bB9mH16blv8Az8zfKzWrzl3fSg6k7B+yLyYXqxxPcBakoPkVQtztg= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=gcc.gnu.org; h=list-id :list-unsubscribe:list-archive:list-post:list-help:sender:date :from:to:cc:subject:message-id:mime-version:content-type; s= default; bh=YcsObjrQdZaIXe+kBBz9AklKAL4=; b=G+BLp14Fr8B6Q1tG7uW0 JxiIqXaFxVddqs+QJv/ke34/PELJGBu7Kw9RBKhljmeC6PV8d0Sza8txJSBl77FM v3AdN9s5fEADrtqimDNLqpw13O9dLt63MqgvXJZoGQB2FaqKuOV6eJ1E4wo5H40S UgjOHw7K2LB4l8Hkvh37QjY= Received: (qmail 28818 invoked by alias); 6 Sep 2017 10:27:32 -0000 Mailing-List: contact gcc-patches-help@gcc.gnu.org; run by ezmlm Precedence: bulk List-Id: List-Unsubscribe: List-Archive: List-Post: List-Help: Sender: gcc-patches-owner@gcc.gnu.org Delivered-To: mailing list gcc-patches@gcc.gnu.org Received: (qmail 28648 invoked by uid 89); 6 Sep 2017 10:27:32 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-14.9 required=5.0 tests=AWL, BAYES_00, GIT_PATCH_1, GIT_PATCH_2, GIT_PATCH_3, KAM_ASCII_DIVIDERS, RCVD_IN_DNSWL_NONE, SPF_PASS autolearn=ham version=3.3.2 spammy=Stand, stand X-HELO: rock.gnat.com Received: from rock.gnat.com (HELO rock.gnat.com) (205.232.38.15) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Wed, 06 Sep 2017 10:27:30 +0000 Received: from localhost (localhost.localdomain [127.0.0.1]) by filtered-rock.gnat.com (Postfix) with ESMTP id 8172D56146; Wed, 6 Sep 2017 06:27:28 -0400 (EDT) Received: from rock.gnat.com ([127.0.0.1]) by localhost (rock.gnat.com [127.0.0.1]) (amavisd-new, port 10024) with LMTP id bcA93WUFdxkw; Wed, 6 Sep 2017 06:27:28 -0400 (EDT) Received: from tron.gnat.com (tron.gnat.com [205.232.38.10]) by rock.gnat.com (Postfix) with ESMTP id 6E46C5606C; Wed, 6 Sep 2017 06:27:28 -0400 (EDT) Received: by tron.gnat.com (Postfix, from userid 4192) id 6983732B; Wed, 6 Sep 2017 06:27:28 -0400 (EDT) Date: Wed, 6 Sep 2017 06:27:28 -0400 From: Arnaud Charlet To: gcc-patches@gcc.gnu.org Cc: Yannick Moy Subject: [Ada] Better warning on access to string at negative or null index Message-ID: <20170906102728.GA116496@adacore.com> MIME-Version: 1.0 Content-Disposition: inline User-Agent: Mutt/1.5.23 (2014-03-12) The warning issued when accessing a string at a negative or null index was misleading, suggesting to use S'First - 1 as correct index, which it is obviously not. Add a detection for negative or null index when accessing a standard string, so that an appropriate warning is issued. Also add a corresponding warning for other arrays, which is currently not triggered by this detection mechanism under -gnatww The following compilation shows the new warning: $ gcc -c cstr.adb 1. procedure Cstr (X : in out String; J : Integer := -1) is 2. begin 3. X(0 .. J) := ""; | >>> warning: string index should be positive >>> warning: static expression fails Constraint_Check 4. X(0) := 'c'; | >>> warning: string index should be positive >>> warning: static expression fails Constraint_Check 5. X(0 .. 4) := "hello"; 1 3 >>> warning: string index should be positive >>> warning: static expression fails Constraint_Check >>> warning: index for "X" may assume lower bound of 1 >>> warning: suggested replacement: "X'First + 3" 6. end Cstr; Tested on x86_64-pc-linux-gnu, committed on trunk 2017-09-06 Yannick Moy * sem_warn.adb (Warn_On_Suspicious_Index): Improve warning when the literal index used to access a string is null or negative. Index: sem_warn.adb =================================================================== --- sem_warn.adb (revision 251772) +++ sem_warn.adb (working copy) @@ -46,6 +46,7 @@ with Snames; use Snames; with Stand; use Stand; with Stringt; use Stringt; +with Tbuild; use Tbuild; with Uintp; use Uintp; package body Sem_Warn is @@ -3878,6 +3879,13 @@ procedure Warn1; -- Generate first warning line + procedure Warn_On_Index_Below_Lower_Bound; + -- Generate a warning on indexing the array with a literal value + -- below the lower bound of the index type. + + procedure Warn_On_Literal_Index; + -- Generate a warning on indexing the array with a literal value + ---------------------- -- Length_Reference -- ---------------------- @@ -3903,21 +3911,31 @@ ("?w?index for& may assume lower bound of^", X, Ent); end Warn1; - -- Start of processing for Test_Suspicious_Index + ------------------------------------- + -- Warn_On_Index_Below_Lower_Bound -- + ------------------------------------- - begin - -- Nothing to do if subscript does not come from source (we don't - -- want to give garbage warnings on compiler expanded code, e.g. the - -- loops generated for slice assignments. Such junk warnings would - -- be placed on source constructs with no subscript in sight). + procedure Warn_On_Index_Below_Lower_Bound is + begin + if Is_Standard_String_Type (Typ) then + Discard_Node + (Compile_Time_Constraint_Error + (N => X, + Msg => "?w?string index should be positive")); + else + Discard_Node + (Compile_Time_Constraint_Error + (N => X, + Msg => "?w?index out of the allowed range")); + end if; + end Warn_On_Index_Below_Lower_Bound; - if not Comes_From_Source (Original_Node (X)) then - return; - end if; + --------------------------- + -- Warn_On_Literal_Index -- + --------------------------- - -- Case where subscript is a constant integer - - if Nkind (X) = N_Integer_Literal then + procedure Warn_On_Literal_Index is + begin Warn1; -- Case where original form of subscript is an integer literal @@ -4037,7 +4055,35 @@ Error_Msg_FE -- CODEFIX ("\?w?suggested replacement: `&~`", Original_Node (X), Ent); end if; + end Warn_On_Literal_Index; + -- Start of processing for Test_Suspicious_Index + + begin + -- Nothing to do if subscript does not come from source (we don't + -- want to give garbage warnings on compiler expanded code, e.g. the + -- loops generated for slice assignments. Such junk warnings would + -- be placed on source constructs with no subscript in sight). + + if not Comes_From_Source (Original_Node (X)) then + return; + end if; + + -- Case where subscript is a constant integer + + if Nkind (X) = N_Integer_Literal then + + -- Case where subscript is lower than the lowest possible bound. + -- This might be the case for example when programmers try to + -- access a string at index 0, as they are used to in other + -- programming languages like C. + + if Intval (X) < Low_Bound then + Warn_On_Index_Below_Lower_Bound; + else + Warn_On_Literal_Index; + end if; + -- Case where subscript is of the form X'Length elsif Length_Reference (X) then