From patchwork Mon May 6 09:17:45 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: =?utf-8?q?Marc_Poulhi=C3=A8s?= X-Patchwork-Id: 1931837 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@legolas.ozlabs.org Authentication-Results: legolas.ozlabs.org; dkim=pass (2048-bit key; secure) header.d=adacore.com header.i=@adacore.com header.a=rsa-sha256 header.s=google header.b=GUxjObkt; dkim-atps=neutral Authentication-Results: legolas.ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=gcc.gnu.org (client-ip=8.43.85.97; helo=server2.sourceware.org; envelope-from=gcc-patches-bounces+incoming=patchwork.ozlabs.org@gcc.gnu.org; receiver=patchwork.ozlabs.org) Received: from server2.sourceware.org (server2.sourceware.org [8.43.85.97]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (secp384r1) server-digest SHA384) (No client certificate requested) by legolas.ozlabs.org (Postfix) with ESMTPS id 4VXwnF4F3tz1xnS for ; Mon, 6 May 2024 19:18:25 +1000 (AEST) Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id D5811385840B for ; Mon, 6 May 2024 09:18:23 +0000 (GMT) X-Original-To: gcc-patches@gcc.gnu.org Delivered-To: gcc-patches@gcc.gnu.org Received: from mail-wm1-x329.google.com (mail-wm1-x329.google.com [IPv6:2a00:1450:4864:20::329]) by sourceware.org (Postfix) with ESMTPS id 44753385ED40 for ; Mon, 6 May 2024 09:17:48 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 44753385ED40 Authentication-Results: sourceware.org; dmarc=pass (p=quarantine dis=none) header.from=adacore.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=adacore.com ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 44753385ED40 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=2a00:1450:4864:20::329 ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1714987070; cv=none; b=DjAAnXGbkr5Bcm4LHJ6/0Y8UvMXzAHIKsyY++8sCfp2fk+Z6zdzBX6WWIXaPf4jlAIkJOsMe+7E5oojOY2ZDrg87kLsU/8YSS5QCFBeUBxBr3QdjG/wjcvj0CUndMNqJmAO5i0IvNVibDduG9ZzCNp0J541gnhO2xWcgHUlvy44= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1714987070; c=relaxed/simple; bh=3/4XhmvwKbUSK5MGWnSVO5uB4+gxcUJBWf4qTkrZ0pI=; h=DKIM-Signature:From:To:Subject:Date:Message-ID:MIME-Version; b=rOhGFkV6jL2eD0aSrKTrRKtBwcpbeOiyvHXH0ZcIQ6fFxn11IDISXMSacZpzpckSCAGgWbhQLbci3gjGDTfnAtrDKReSWoZINCrL0nqdNTpWi4jKMvLznqI7TNoU8/P05a0USZHLMIBKvfv/LDkTAgLyHxHrAzL9A88cXM5nqhI= ARC-Authentication-Results: i=1; server2.sourceware.org Received: by mail-wm1-x329.google.com with SMTP id 5b1f17b1804b1-41ba1ba55e9so13704485e9.3 for ; Mon, 06 May 2024 02:17:48 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=adacore.com; s=google; t=1714987067; x=1715591867; darn=gcc.gnu.org; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=tTbnve6bX9lRkJLcs8QTOiOJTIntK1/CGwAme1YuaSY=; b=GUxjObkto+Jdp2GOSOb5fHez7n0Aj2mFUuPOF+sMRc05fygddiovXBgzouWyWaWpz8 A2mgn3/cszqfZWdxmXwa2g0kK9BoEAA0UiyK4twWOKjKdhWy2vQFAS9kMhE6C64TK2SF six0h0mOFMCaoVkEW4q9x/5gbVXQojCdbW9FUUqDnt0LJOvbhGtgQEcBULmmC3kdGqP0 CZjuUMPyygUJ2ungzdq029HHKIuZ5K844Bmm30HDH5+hr3nJaDSRJR0GpNh08ukwraL2 mGPL/XYvLlSZ38Psg0nlccVEK4UGUB1jEmhlyhbNIvho0mNr7JA6G1Cf2OPrTBpCUSOU y+mQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1714987067; x=1715591867; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=tTbnve6bX9lRkJLcs8QTOiOJTIntK1/CGwAme1YuaSY=; b=aIvNtnkE4I/Cj/VvhG7qhgDcRBs2flonOs9CbyTNwf/Tfg7jqxKaxnFCbYVyaXB0kx klncJL7gw39Vise3N9+8mFkeGVbooSvhX+8ioTBcjt6Q4Y/3kZJlk5gPu7K83U3v5HTB cz6LXpCi0djWIwH2mtPXdZ8OXfq82nckgBSVrsfKV293Q/dokdlc6GKPdFzrEb5F5B23 /iKNQkKjX6QSAUX2Mwxq7ML6noPs0dtrEx3UkWXMXuhCGAMb1g4BuoQrBuGUdT0XWqpi yhM/lySwZgmC12xExZgiFQsnzB0QYdNB0zPis6BZWvJ1rHkdS+6iK5QPf0HptLX81h8b i5kQ== X-Gm-Message-State: AOJu0YwXV52+WuwE0ATjtutOP4FFEZQKmNI9PDZ+Ba5AMlQSr5Tkotuy NEIa0QaK0heP6clCx8WFRYTZW8Map6daxHdBw5Pik2IaZ4IaKDfPtfMahg39RMqpGxFzKTc7ifY = X-Google-Smtp-Source: AGHT+IExPA4JOgY7/kE3gtpMcwLDIZl/VaTj3PjTdPacHxb+0UtcwmWKP7Ws0pgP4KgMXxym8iU6Cw== X-Received: by 2002:a05:600c:3b96:b0:41b:ca45:8263 with SMTP id n22-20020a05600c3b9600b0041bca458263mr6836699wms.12.1714987066951; Mon, 06 May 2024 02:17:46 -0700 (PDT) Received: from localhost.localdomain ([2001:861:3382:1a90:9ea2:39d7:df74:396d]) by smtp.gmail.com with ESMTPSA id s20-20020a05600c45d400b0041bde8ddce9sm19136762wmo.36.2024.05.06.02.17.46 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 06 May 2024 02:17:46 -0700 (PDT) From: =?utf-8?q?Marc_Poulhi=C3=A8s?= To: gcc-patches@gcc.gnu.org Cc: Yannick Moy Subject: [COMMITTED] ada: Prevent inlining in GNATprove for memory leaks Date: Mon, 6 May 2024 11:17:45 +0200 Message-ID: <20240506091745.1584778-1-poulhies@adacore.com> X-Mailer: git-send-email 2.43.2 MIME-Version: 1.0 X-Spam-Status: No, score=-13.6 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: gcc-patches@gcc.gnu.org X-Mailman-Version: 2.1.30 Precedence: list List-Id: Gcc-patches mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: gcc-patches-bounces+incoming=patchwork.ozlabs.org@gcc.gnu.org From: Yannick Moy In some cases, inlining a call in GNATprove could lead to missing a memory leak. Recognize such cases and do not inline such calls. gcc/ada/ * inline.adb (Call_Can_Be_Inlined_In_GNATprove_Mode): Add case to prevent inlining of call. * inline.ads: Likewise. * sem_res.adb (Resolve_Call): Update comment and message. Tested on x86_64-pc-linux-gnu, committed on master. --- gcc/ada/inline.adb | 58 +++++++++++++++++++++++++++++++++++++++++++++ gcc/ada/inline.ads | 5 ++-- gcc/ada/sem_res.adb | 5 ++-- 3 files changed, 64 insertions(+), 4 deletions(-) diff --git a/gcc/ada/inline.adb b/gcc/ada/inline.adb index 2ec92ca9dff..98bed860760 100644 --- a/gcc/ada/inline.adb +++ b/gcc/ada/inline.adb @@ -1460,10 +1460,47 @@ package body Inline is (N : Node_Id; Subp : Entity_Id) return Boolean is + function Has_Dereference (N : Node_Id) return Boolean; + -- Return whether N contains an explicit dereference + + --------------------- + -- Has_Dereference -- + --------------------- + + function Has_Dereference (N : Node_Id) return Boolean is + + function Process (N : Node_Id) return Traverse_Result; + -- Process one node in search for dereference + + ------------- + -- Process -- + ------------- + + function Process (N : Node_Id) return Traverse_Result is + begin + if Nkind (N) = N_Explicit_Dereference then + return Abandon; + else + return OK; + end if; + end Process; + + function Traverse is new Traverse_Func (Process); + -- Traverse tree to look for dereference + + begin + return Traverse (N) = Abandon; + end Has_Dereference; + + -- Local variables + F : Entity_Id; A : Node_Id; begin + -- Check if inlining may lead to missing a check on type conversion of + -- input parameters otherwise. + F := First_Formal (Subp); A := First_Actual (N); while Present (F) loop @@ -1480,6 +1517,27 @@ package body Inline is Next_Actual (A); end loop; + -- Check if inlining may lead to introducing temporaries of access type, + -- which can lead to missing checks for memory leaks. This can only + -- come from an (IN-)OUT parameter transformed into a renaming by SPARK + -- expansion, whose side-effects are removed, and a dereference in the + -- corresponding actual. If the formal itself is of a deep type (it has + -- access subcomponents), the subprogram already cannot be inlined in + -- GNATprove mode. + + F := First_Formal (Subp); + A := First_Actual (N); + while Present (F) loop + if Ekind (F) /= E_In_Parameter + and then Has_Dereference (A) + then + return False; + end if; + + Next_Formal (F); + Next_Actual (A); + end loop; + return True; end Call_Can_Be_Inlined_In_GNATprove_Mode; diff --git a/gcc/ada/inline.ads b/gcc/ada/inline.ads index 3df0a01b65d..bc90c0ce6d8 100644 --- a/gcc/ada/inline.ads +++ b/gcc/ada/inline.ads @@ -146,8 +146,9 @@ package Inline is (N : Node_Id; Subp : Entity_Id) return Boolean; -- Returns False if the call in node N to subprogram Subp cannot be inlined - -- in GNATprove mode, because it may lead to missing a check on type - -- conversion of input parameters otherwise. Returns True otherwise. + -- in GNATprove mode, because it may otherwise lead to missing a check + -- on type conversion of input parameters, or a missing memory leak on + -- an output parameter. Returns True otherwise. function Can_Be_Inlined_In_GNATprove_Mode (Spec_Id : Entity_Id; diff --git a/gcc/ada/sem_res.adb b/gcc/ada/sem_res.adb index 075c0d85ccd..67062c6b32b 100644 --- a/gcc/ada/sem_res.adb +++ b/gcc/ada/sem_res.adb @@ -7329,11 +7329,12 @@ package body Sem_Res is ("cannot inline & (in while loop condition)?", N, Nam_UA); -- Do not inline calls which would possibly lead to missing a - -- type conversion check on an input parameter. + -- type conversion check on an input parameter or a memory leak + -- on an output parameter. elsif not Call_Can_Be_Inlined_In_GNATprove_Mode (N, Nam) then Cannot_Inline - ("cannot inline & (possible check on input parameters)?", + ("cannot inline & (possible check on parameters)?", N, Nam_UA); -- Otherwise, inline the call, issuing an info message when