diff mbox series

[Ada] Enable checks on runtime by default

Message ID 20201130141712.GA117912@adacore.com
State New
Headers show
Series [Ada] Enable checks on runtime by default | expand

Commit Message

Pierre-Marie de Rodat Nov. 30, 2020, 2:17 p.m. UTC
These checks are not very costly these days and bring additional safety
and security guarantees built into the Ada language, so enable them by
default.

It turns out that enabling checks on s-bitfie.adb makes a latent
visibility bug appeared on strict alignment platform (related to
alignment checks most likely). Workaround it for the time being by
suppressing checks locally.

It also makes visible a latent issue with secondary stack allocation of
0 bytes, now possible with another recent change to allocate the result
of string concatenation sometimes on the secondary stack.

Tested on x86_64-pc-linux-gnu, committed on trunk

gcc/ada/

	* gcc-interface/Makefile.in (GNATLIBFLAGS): Enable checks by
	default.
	* libgnat/s-bitfie.ads: Suppress alignment checks.
	* libgnat/s-bituti.adb: Minor reformatting.
	* libgnat/s-secsta.adb (SS_Allocate): Support Size = 0.
diff mbox series

Patch

diff --git a/gcc/ada/gcc-interface/Makefile.in b/gcc/ada/gcc-interface/Makefile.in
--- a/gcc/ada/gcc-interface/Makefile.in
+++ b/gcc/ada/gcc-interface/Makefile.in
@@ -110,7 +110,7 @@  NO_INLINE_ADAFLAGS = -fno-inline
 NO_OMIT_ADAFLAGS = -fno-omit-frame-pointer
 NO_SIBLING_ADAFLAGS = -fno-optimize-sibling-calls
 NO_REORDER_ADAFLAGS = -fno-toplevel-reorder
-GNATLIBFLAGS = -W -Wall -gnatpg -nostdinc
+GNATLIBFLAGS = -W -Wall -gnatg -nostdinc
 GNATLIBCFLAGS = -g -O2
 # Pretend that _Unwind_GetIPInfo is available for the target by default.  This
 # should be autodetected during the configuration of libada and passed down to


diff --git a/gcc/ada/libgnat/s-bitfie.ads b/gcc/ada/libgnat/s-bitfie.ads
--- a/gcc/ada/libgnat/s-bitfie.ads
+++ b/gcc/ada/libgnat/s-bitfie.ads
@@ -47,6 +47,12 @@  package System.Bitfields is
    pragma Provide_Shift_Operators (Val_2);
    type Val is mod 2**Val_Bits with Alignment => Val_Bytes;
 
+   --  ??? It turns out that enabling checks on the instantiation of
+   --  System.Bitfield_Utils.G makes a latent visibility bug appear on strict
+   --  alignment platforms related to alignment checks. Work around it by
+   --  suppressing these checks explicitly.
+
+   pragma Suppress (Alignment_Check);
    package Utils is new System.Bitfield_Utils.G (Val, Val_2);
 
    procedure Copy_Bitfield


diff --git a/gcc/ada/libgnat/s-bituti.adb b/gcc/ada/libgnat/s-bituti.adb
--- a/gcc/ada/libgnat/s-bituti.adb
+++ b/gcc/ada/libgnat/s-bituti.adb
@@ -317,6 +317,7 @@  package body System.Bitfield_Utils is
                  Get_Val_2 (S_Addr, S_Off, Initial_Size);
                Initial_Val : constant Val :=
                  Get_Bitfield (Initial_Val_2, S_Off, Initial_Size);
+
             begin
                Set_Bitfield
                  (Initial_Val, D_Addr, D_Off, Initial_Size);


diff --git a/gcc/ada/libgnat/s-secsta.adb b/gcc/ada/libgnat/s-secsta.adb
--- a/gcc/ada/libgnat/s-secsta.adb
+++ b/gcc/ada/libgnat/s-secsta.adb
@@ -587,15 +587,18 @@  package body System.Secondary_Stack is
    --  Start of processing for SS_Allocate
 
    begin
-      --  It should not be possible to request an allocation of negative or
-      --  zero size.
-
-      pragma Assert (Storage_Size > 0);
-
       --  Round the requested size up to the nearest multiple of the maximum
       --  alignment to ensure efficient access.
 
-      Mem_Size := Round_Up (Storage_Size);
+      if Storage_Size = 0 then
+         Mem_Size := Memory_Alignment;
+      else
+         --  It should not be possible to request an allocation of negative
+         --  size.
+
+         pragma Assert (Storage_Size >= 0);
+         Mem_Size := Round_Up (Storage_Size);
+      end if;
 
       if Sec_Stack_Dynamic then
          Allocate_Dynamic (Stack, Mem_Size, Addr);