From patchwork Mon Oct  4 08:47:27 2021
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Pierre-Marie de Rodat <derodat@adacore.com>
X-Patchwork-Id: 1535988
Return-Path: <gcc-patches-bounces+incoming=patchwork.ozlabs.org@gcc.gnu.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: bilbo.ozlabs.org;
	dkim=pass (1024-bit key;
 unprotected) header.d=gcc.gnu.org header.i=@gcc.gnu.org header.a=rsa-sha256
 header.s=default header.b=VZfCKYWF;
	dkim-atps=neutral
Authentication-Results: ozlabs.org;
 spf=pass (sender SPF authorized) smtp.mailfrom=gcc.gnu.org
 (client-ip=8.43.85.97; helo=sourceware.org;
 envelope-from=gcc-patches-bounces+incoming=patchwork.ozlabs.org@gcc.gnu.org;
 receiver=<UNKNOWN>)
Received: from sourceware.org (server2.sourceware.org [8.43.85.97])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest
 SHA256)
	(No client certificate requested)
	by bilbo.ozlabs.org (Postfix) with ESMTPS id 4HNDrH21JWz9sP7
	for <incoming@patchwork.ozlabs.org>; Mon,  4 Oct 2021 19:47:58 +1100 (AEDT)
Received: from server2.sourceware.org (localhost [IPv6:::1])
	by sourceware.org (Postfix) with ESMTP id 09A61385843A
	for <incoming@patchwork.ozlabs.org>; Mon,  4 Oct 2021 08:47:55 +0000 (GMT)
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 09A61385843A
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gcc.gnu.org;
	s=default; t=1633337275;
	bh=WNeYIgOVTPJ/+/8EMc5x4qs4YYtc7oG9901oLwtRfCw=;
	h=Date:To:Subject:List-Id:List-Unsubscribe:List-Archive:List-Post:
	 List-Help:List-Subscribe:From:Reply-To:Cc:From;
	b=VZfCKYWFin0+JFFFwlo2S8J8+p6M0oaoM1mnUyzRRsJ6Euz81YufokbGuZJ5SQ0X2
	 8cmY8+r+RU6LaopIzvw0D/rAu7pMqNbLJRy9XlXyfBGPQIDAvp/QAAmomQVWh8G7kt
	 oxpA8ZMT3bQV7g4H9azvEk5XkjdfloF871Qva5HQ=
X-Original-To: gcc-patches@gcc.gnu.org
Delivered-To: gcc-patches@gcc.gnu.org
Received: from mail-lf1-x136.google.com (mail-lf1-x136.google.com
 [IPv6:2a00:1450:4864:20::136])
 by sourceware.org (Postfix) with ESMTPS id 6349D3858414
 for <gcc-patches@gcc.gnu.org>; Mon,  4 Oct 2021 08:47:31 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 6349D3858414
Received: by mail-lf1-x136.google.com with SMTP id x27so67992325lfa.9
 for <gcc-patches@gcc.gnu.org>; Mon, 04 Oct 2021 01:47:31 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20210112;
 h=x-gm-message-state:date:from:to:cc:subject:message-id:mime-version
 :content-disposition;
 bh=WNeYIgOVTPJ/+/8EMc5x4qs4YYtc7oG9901oLwtRfCw=;
 b=A3s0LuRBXl8okawy3WJpUISxU1Rjwclhk+8eALxAZznx6kvDu1vKVWcIMEDGH5BdN4
 YU7A+Br/L4CHgvn0V5njgwNC+sk9eVyB/3HQhvGLrbs5OtzYpsn33226mityv9/NJSws
 vHkZloLALAAqJe8VQUNowzsXlkQW1L+c2ZOQNp918icNfW6KpFlCL7IFs9wFIEFYtG4l
 TsTgGuqjGEDu7UH+rvb5Br6oL+xoeD8ZTxwzRe+mDbOmaaQuR1mC5o2VPJFWipDMYbuH
 tKRVhkhtRglSCRAcP9xRPly4CdGLKsZmHa5k7nQf3f58LgBS2PAMETT7b6eAZDAt2yqc
 3rUQ==
X-Gm-Message-State: AOAM533IQmC/h4gNaaEZ3Moj5pfKy8IeCIfM2rNEdlF9W1eLVF8BxP9H
 SmxTKTh9NGDSSW0bFpWiDskQHUctAxFY9Q==
X-Google-Smtp-Source: 
 ABdhPJwP+Rwd8RoZ7pDirJA/PhFgVjshfyFYgYFy+N3F5xGFAVCMq03TT64rqqyFDVLVd0ApjiCHLA==
X-Received: by 2002:a05:6512:3341:: with SMTP id
 y1mr13238975lfd.680.1633337249975;
 Mon, 04 Oct 2021 01:47:29 -0700 (PDT)
Received: from adacore.com ([2a02:2ab8:224:2ce:72b5:e8ff:feef:ee60])
 by smtp.gmail.com with ESMTPSA id d16sm1547641lfv.164.2021.10.04.01.47.28
 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
 Mon, 04 Oct 2021 01:47:29 -0700 (PDT)
Date: Mon, 4 Oct 2021 08:47:27 +0000
To: gcc-patches@gcc.gnu.org
Subject: [Ada] Improve checking for invalid index values when accessing array
 elements
Message-ID: <20211004084727.GA1536092@adacore.com>
MIME-Version: 1.0
Content-Disposition: inline
X-Spam-Status: No, score=-13.0 required=5.0 tests=BAYES_00, DKIM_SIGNED,
 DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0, RCVD_IN_DNSWL_NONE,
 SPF_HELO_NONE, SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.4
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on
 server2.sourceware.org
X-BeenThere: gcc-patches@gcc.gnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Gcc-patches mailing list <gcc-patches.gcc.gnu.org>
List-Unsubscribe: <https://gcc.gnu.org/mailman/options/gcc-patches>,
 <mailto:gcc-patches-request@gcc.gnu.org?subject=unsubscribe>
List-Archive: <https://gcc.gnu.org/pipermail/gcc-patches/>
List-Post: <mailto:gcc-patches@gcc.gnu.org>
List-Help: <mailto:gcc-patches-request@gcc.gnu.org?subject=help>
List-Subscribe: <https://gcc.gnu.org/mailman/listinfo/gcc-patches>,
 <mailto:gcc-patches-request@gcc.gnu.org?subject=subscribe>
X-Patchwork-Original-From: Pierre-Marie de Rodat via Gcc-patches
 <gcc-patches@gcc.gnu.org>
From: Pierre-Marie de Rodat <derodat@adacore.com>
Reply-To: Pierre-Marie de Rodat <derodat@adacore.com>
Cc: Steve Baird <baird@adacore.com>
Errors-To: gcc-patches-bounces+incoming=patchwork.ozlabs.org@gcc.gnu.org
Sender: "Gcc-patches"
 <gcc-patches-bounces+incoming=patchwork.ozlabs.org@gcc.gnu.org>

Two improvements to the previous change on this topic:

1) Add a guard to prevent a call to Number_Of_Dimensions that would pass
   in a non-array type. This is needed in error cases (see ACATS test
   B95094C).

2) Do not generate the new validity checks in the case where the
   index type in question has a specified Default_Initial_Value aspect
   (which rules out the possibility that an object is invalid because it
   is uninitialized).

Tested on x86_64-pc-linux-gnu, committed on trunk

gcc/ada/

	* exp_ch4.adb (Expand_N_Indexed_Component): The two improvements
	described above.

diff --git a/gcc/ada/exp_ch4.adb b/gcc/ada/exp_ch4.adb
--- a/gcc/ada/exp_ch4.adb
+++ b/gcc/ada/exp_ch4.adb
@@ -7255,11 +7255,15 @@ package body Exp_Ch4 is
       --  Generate index and validity checks
 
       declare
-         Dims_Checked : Dimension_Set (Dimensions => Number_Dimensions (T));
+         Dims_Checked : Dimension_Set (Dimensions =>
+                                         (if Is_Array_Type (T)
+                                          then Number_Dimensions (T)
+                                          else 1));
          --  Dims_Checked is used to avoid generating two checks (one in
          --  Generate_Index_Checks, one in Apply_Subscript_Validity_Checks)
          --  for the same index value in cases where the index check eliminates
-         --  the need for the validity check.
+         --  the need for the validity check. The Is_Array_Type test avoids
+         --  cascading errors.
 
       begin
          Generate_Index_Checks (N, Checks_Generated => Dims_Checked);
@@ -7284,6 +7288,27 @@ package body Exp_Ch4 is
                --  If Validity_Check_Subscripts is True then we need to
                --  ensure validity, so we adjust Dims_Checked accordingly.
                Dims_Checked.Elements := (others => False);
+
+            elsif Is_Array_Type (T) then
+               --  We are only adding extra validity checks here to
+               --  deal with uninitialized variables (but this includes
+               --  assigning one uninitialized variable to another). Other
+               --  ways of producing invalid objects imply erroneousness, so
+               --  the compiler can do whatever it wants for those cases.
+               --  If an index type has the Default_Value aspect specified,
+               --  then we don't have to worry about the possibility of an
+               --  uninitialized variable, so no need for these extra
+               --  validity checks.
+
+               declare
+                  Idx : Node_Id := First_Index (T);
+               begin
+                  for No_Check_Needed of Dims_Checked.Elements loop
+                     No_Check_Needed := No_Check_Needed
+                       or else Has_Aspect (Etype (Idx), Aspect_Default_Value);
+                     Next_Index (Idx);
+                  end loop;
+               end;
             end if;
 
             Apply_Subscript_Validity_Checks