From patchwork Tue Jul 7 09:27:36 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Pierre-Marie de Rodat X-Patchwork-Id: 1324222 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=gcc.gnu.org (client-ip=2620:52:3:1:0:246e:9693:128c; helo=sourceware.org; envelope-from=gcc-patches-bounces@gcc.gnu.org; receiver=) Authentication-Results: ozlabs.org; dmarc=none (p=none dis=none) header.from=adacore.com Received: from sourceware.org (server2.sourceware.org [IPv6:2620:52:3:1:0:246e:9693:128c]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4B1HDT5Wbbz9sRR for ; Tue, 7 Jul 2020 19:28:25 +1000 (AEST) Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id DA3283861838; Tue, 7 Jul 2020 09:27:42 +0000 (GMT) X-Original-To: gcc-patches@gcc.gnu.org Delivered-To: gcc-patches@gcc.gnu.org Received: from rock.gnat.com (rock.gnat.com [IPv6:2620:20:4000:0:a9e:1ff:fe9b:1d1]) by sourceware.org (Postfix) with ESMTP id 934E0386101D for ; Tue, 7 Jul 2020 09:27:37 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.3.2 sourceware.org 934E0386101D Authentication-Results: sourceware.org; dmarc=none (p=none dis=none) header.from=adacore.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=derodat@adacore.com Received: from localhost (localhost.localdomain [127.0.0.1]) by filtered-rock.gnat.com (Postfix) with ESMTP id 77804560FF; Tue, 7 Jul 2020 05:27:36 -0400 (EDT) X-Virus-Scanned: Debian amavisd-new at gnat.com Received: from rock.gnat.com ([127.0.0.1]) by localhost (rock.gnat.com [127.0.0.1]) (amavisd-new, port 10024) with LMTP id ZMbAcTmN0TEL; Tue, 7 Jul 2020 05:27:36 -0400 (EDT) Received: from tron.gnat.com (tron.gnat.com [IPv6:2620:20:4000:0:46a8:42ff:fe0e:e294]) by rock.gnat.com (Postfix) with ESMTP id 6408C560FA; Tue, 7 Jul 2020 05:27:36 -0400 (EDT) Received: by tron.gnat.com (Postfix, from userid 4862) id 60320156; Tue, 7 Jul 2020 05:27:36 -0400 (EDT) Date: Tue, 7 Jul 2020 05:27:36 -0400 From: Pierre-Marie de Rodat To: gcc-patches@gcc.gnu.org Subject: [Ada] Use pragma Unsuppress in Time_IO Message-ID: <20200707092736.GA41542@adacore.com> MIME-Version: 1.0 Content-Disposition: inline User-Agent: Mutt/1.5.23 (2014-03-12) X-Spam-Status: No, score=-8.0 required=5.0 tests=BAYES_00, GIT_PATCH_0, JMQ_SPF_NEUTRAL, KAM_DMARC_STATUS, SPF_HELO_NONE, SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on server2.sourceware.org X-BeenThere: gcc-patches@gcc.gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Gcc-patches mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Bob Duff Errors-To: gcc-patches-bounces@gcc.gnu.org Sender: "Gcc-patches" We are relying on language-defined checks (like slice out of bounds) to detect certain cases of incorrect syntax in time strings. But the run-time system is usually compiled with checks suppressed, so this is erroneous. We were doing something like: X := T'Value (A (Lo .. Hi)); -- Could be out of bounds, or not digits ... if not X'Valid then raise ... That 'Valid happened to work in some cases, but it's technically too late; execution is erroneous before we get there. Also, X could happen to be valid, even though it's uninitialized, in which case we would get a wrong Time value. Tested on x86_64-pc-linux-gnu, committed on trunk gcc/ada/ * libgnat/g-catiio.adb (Value, Parse_ISO_8601): Unsuppress checks, and don't rely on 'Valid. diff --git a/gcc/ada/libgnat/g-catiio.adb b/gcc/ada/libgnat/g-catiio.adb --- a/gcc/ada/libgnat/g-catiio.adb +++ b/gcc/ada/libgnat/g-catiio.adb @@ -654,6 +654,12 @@ package body GNAT.Calendar.Time_IO is Time : out Ada.Calendar.Time; Success : out Boolean) is + pragma Unsuppress (All_Checks); + -- This is necessary because the run-time library is usually compiled + -- with checks suppressed, and we are relying on constraint checks in + -- this code to catch syntax errors in the Date string (e.g. out of + -- bounds slices). + Index : Positive := Date'First; -- The current character scan index. After a call to Advance, Index -- points to the next character. @@ -1021,7 +1027,10 @@ package body GNAT.Calendar.Time_IO is Success := True; exception - when Wrong_Syntax => + when Wrong_Syntax | Constraint_Error => + -- If constraint check fails, we want to behave the same as + -- Wrong_Syntax; we want the caller (Value) to try other + -- allowed syntaxes. Time := Time_Of (Year_Number'First, Month_Number'First, Day_Number'First); Success := False; @@ -1032,6 +1041,8 @@ package body GNAT.Calendar.Time_IO is ----------- function Value (Date : String) return Ada.Calendar.Time is + pragma Unsuppress (All_Checks); -- see comment in Parse_ISO_8601 + D : String (1 .. 21); D_Length : constant Natural := Date'Length; @@ -1281,18 +1292,6 @@ package body GNAT.Calendar.Time_IO is Extract_Time (1, Hour, Minute, Second, Check_Space => False); end if; - -- Sanity checks - - if not Year'Valid - or else not Month'Valid - or else not Day'Valid - or else not Hour'Valid - or else not Minute'Valid - or else not Second'Valid - then - raise Constraint_Error; - end if; - return Time_Of (Year, Month, Day, Hour, Minute, Second); end Value;