{"id":810494,"url":"http://patchwork.ozlabs.org/api/patches/810494/?format=json","web_url":"http://patchwork.ozlabs.org/project/gcc/patch/20170906102728.GA116496@adacore.com/","project":{"id":17,"url":"http://patchwork.ozlabs.org/api/projects/17/?format=json","name":"GNU Compiler Collection","link_name":"gcc","list_id":"gcc-patches.gcc.gnu.org","list_email":"gcc-patches@gcc.gnu.org","web_url":null,"scm_url":null,"webscm_url":null,"list_archive_url":"","list_archive_url_format":"","commit_url_format":""},"msgid":"<20170906102728.GA116496@adacore.com>","list_archive_url":null,"date":"2017-09-06T10:27:28","name":"[Ada] Better warning on access to string at negative or null index","commit_ref":null,"pull_url":null,"state":"new","archived":false,"hash":"544e0d0cdd8fd746ed3532e6dc3e82d6cc97f927","submitter":{"id":4418,"url":"http://patchwork.ozlabs.org/api/people/4418/?format=json","name":"Arnaud Charlet","email":"charlet@adacore.com"},"delegate":null,"mbox":"http://patchwork.ozlabs.org/project/gcc/patch/20170906102728.GA116496@adacore.com/mbox/","series":[{"id":1755,"url":"http://patchwork.ozlabs.org/api/series/1755/?format=json","web_url":"http://patchwork.ozlabs.org/project/gcc/list/?series=1755","date":"2017-09-06T10:27:28","name":"[Ada] Better warning on access to string at negative or null index","version":1,"mbox":"http://patchwork.ozlabs.org/series/1755/mbox/"}],"comments":"http://patchwork.ozlabs.org/api/patches/810494/comments/","check":"pending","checks":"http://patchwork.ozlabs.org/api/patches/810494/checks/","tags":{},"related":[],"headers":{"Return-Path":"","X-Original-To":"incoming@patchwork.ozlabs.org","Delivered-To":["patchwork-incoming@bilbo.ozlabs.org","mailing list gcc-patches@gcc.gnu.org"],"Authentication-Results":["ozlabs.org;\n\tspf=pass (mailfrom) smtp.mailfrom=gcc.gnu.org\n\t(client-ip=209.132.180.131; helo=sourceware.org;\n\tenvelope-from=gcc-patches-return-461580-incoming=patchwork.ozlabs.org@gcc.gnu.org;\n\treceiver=)","ozlabs.org; dkim=pass (1024-bit key;\n\tunprotected) header.d=gcc.gnu.org header.i=@gcc.gnu.org\n\theader.b=\"G+BLp14F\"; dkim-atps=neutral","sourceware.org; auth=none"],"Received":["from sourceware.org (server1.sourceware.org [209.132.180.131])\n\t(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256\n\tbits)) (No client certificate requested)\n\tby ozlabs.org (Postfix) with ESMTPS id 3xnKXf5dxnz9sBd\n\tfor ;\n\tWed, 6 Sep 2017 20:27:44 +1000 (AEST)","(qmail 28818 invoked by alias); 6 Sep 2017 10:27:32 -0000","(qmail 28648 invoked by uid 89); 6 Sep 2017 10:27:32 -0000","from rock.gnat.com (HELO rock.gnat.com) (205.232.38.15) by\n\tsourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP;\n\tWed, 06 Sep 2017 10:27:30 +0000","from localhost (localhost.localdomain [127.0.0.1])\tby\n\tfiltered-rock.gnat.com (Postfix) with ESMTP id 8172D56146;\n\tWed, 6 Sep 2017 06:27:28 -0400 (EDT)","from rock.gnat.com ([127.0.0.1])\tby localhost (rock.gnat.com\n\t[127.0.0.1]) (amavisd-new, port 10024)\twith LMTP id\n\tbcA93WUFdxkw; Wed, 6 Sep 2017 06:27:28 -0400 (EDT)","from tron.gnat.com (tron.gnat.com [205.232.38.10])\tby\n\trock.gnat.com (Postfix) with ESMTP id 6E46C5606C;\n\tWed, 6 Sep 2017 06:27:28 -0400 (EDT)","by tron.gnat.com (Postfix, from userid 4192)\tid 6983732B;\n\tWed, 6 Sep 2017 06:27:28 -0400 (EDT)"],"DomainKey-Signature":"a=rsa-sha1; c=nofws; d=gcc.gnu.org; h=list-id\n\t:list-unsubscribe:list-archive:list-post:list-help:sender:date\n\t:from:to:cc:subject:message-id:mime-version:content-type; q=dns;\n\ts=default; b=uy6ljNeTQxQyNxfkWoC3eOSnkertErZwHFLFONy8f8hKquseEl\n\tbYTgGI5ER/RokhnlrXqLEOgZ1I/cslcMElK9xBFshcKan9Ojx2QjPp+Vau6iG36E\n\tXjf5bB9mH16blv8Az8zfKzWrzl3fSg6k7B+yLyYXqxxPcBakoPkVQtztg=","DKIM-Signature":"v=1; a=rsa-sha1; c=relaxed; d=gcc.gnu.org; h=list-id\n\t:list-unsubscribe:list-archive:list-post:list-help:sender:date\n\t:from:to:cc:subject:message-id:mime-version:content-type; s=\n\tdefault; bh=YcsObjrQdZaIXe+kBBz9AklKAL4=; b=G+BLp14Fr8B6Q1tG7uW0\n\tJxiIqXaFxVddqs+QJv/ke34/PELJGBu7Kw9RBKhljmeC6PV8d0Sza8txJSBl77FM\n\tv3AdN9s5fEADrtqimDNLqpw13O9dLt63MqgvXJZoGQB2FaqKuOV6eJ1E4wo5H40S\n\tUgjOHw7K2LB4l8Hkvh37QjY=","Mailing-List":"contact gcc-patches-help@gcc.gnu.org; run by ezmlm","Precedence":"bulk","List-Id":"","List-Unsubscribe":"","List-Archive":"","List-Post":"","List-Help":"","Sender":"gcc-patches-owner@gcc.gnu.org","X-Virus-Found":"No","X-Spam-SWARE-Status":"No, score=-14.9 required=5.0 tests=AWL, BAYES_00,\n\tGIT_PATCH_1, GIT_PATCH_2, GIT_PATCH_3, KAM_ASCII_DIVIDERS,\n\tRCVD_IN_DNSWL_NONE,\n\tSPF_PASS autolearn=ham version=3.3.2 spammy=Stand, stand","X-HELO":"rock.gnat.com","Date":"Wed, 6 Sep 2017 06:27:28 -0400","From":"Arnaud Charlet ","To":"gcc-patches@gcc.gnu.org","Cc":"Yannick Moy ","Subject":"[Ada] Better warning on access to string at negative or null index","Message-ID":"<20170906102728.GA116496@adacore.com>","MIME-Version":"1.0","Content-Type":"multipart/mixed; boundary=\"82I3+IH0IqGh5yIs\"","Content-Disposition":"inline","User-Agent":"Mutt/1.5.23 (2014-03-12)"},"content":"The warning issued when accessing a string at a negative or null index\nwas misleading, suggesting to use S'First - 1 as correct index, which\nit is obviously not. Add a detection for negative or null index when\naccessing a standard string, so that an appropriate warning is issued.\nAlso add a corresponding warning for other arrays, which is currently\nnot triggered by this detection mechanism under -gnatww\n\nThe following compilation shows the new warning:\n\n $ gcc -c cstr.adb\n\n 1. procedure Cstr (X : in out String; J : Integer := -1) is\n 2. begin\n 3. X(0 .. J) := \"\";\n |\n >>> warning: string index should be positive\n >>> warning: static expression fails Constraint_Check\n\n 4. X(0) := 'c';\n |\n >>> warning: string index should be positive\n >>> warning: static expression fails Constraint_Check\n\n 5. X(0 .. 4) := \"hello\";\n 1 3\n >>> warning: string index should be positive\n >>> warning: static expression fails Constraint_Check\n >>> warning: index for \"X\" may assume lower bound of 1\n >>> warning: suggested replacement: \"X'First + 3\"\n\n 6. end Cstr;\n\nTested on x86_64-pc-linux-gnu, committed on trunk\n\n2017-09-06 Yannick Moy \n\n\t* sem_warn.adb (Warn_On_Suspicious_Index): Improve warning when the\n\tliteral index used to access a string is null or negative.","diff":"Index: sem_warn.adb\n===================================================================\n--- sem_warn.adb\t(revision 251772)\n+++ sem_warn.adb\t(working copy)\n@@ -46,6 +46,7 @@\n with Snames; use Snames;\n with Stand; use Stand;\n with Stringt; use Stringt;\n+with Tbuild; use Tbuild;\n with Uintp; use Uintp;\n \n package body Sem_Warn is\n@@ -3878,6 +3879,13 @@\n procedure Warn1;\n -- Generate first warning line\n \n+ procedure Warn_On_Index_Below_Lower_Bound;\n+ -- Generate a warning on indexing the array with a literal value\n+ -- below the lower bound of the index type.\n+\n+ procedure Warn_On_Literal_Index;\n+ -- Generate a warning on indexing the array with a literal value\n+\n ----------------------\n -- Length_Reference --\n ----------------------\n@@ -3903,21 +3911,31 @@\n (\"?w?index for& may assume lower bound of^\", X, Ent);\n end Warn1;\n \n- -- Start of processing for Test_Suspicious_Index\n+ -------------------------------------\n+ -- Warn_On_Index_Below_Lower_Bound --\n+ -------------------------------------\n \n- begin\n- -- Nothing to do if subscript does not come from source (we don't\n- -- want to give garbage warnings on compiler expanded code, e.g. the\n- -- loops generated for slice assignments. Such junk warnings would\n- -- be placed on source constructs with no subscript in sight).\n+ procedure Warn_On_Index_Below_Lower_Bound is\n+ begin\n+ if Is_Standard_String_Type (Typ) then\n+ Discard_Node\n+ (Compile_Time_Constraint_Error\n+ (N => X,\n+ Msg => \"?w?string index should be positive\"));\n+ else\n+ Discard_Node\n+ (Compile_Time_Constraint_Error\n+ (N => X,\n+ Msg => \"?w?index out of the allowed range\"));\n+ end if;\n+ end Warn_On_Index_Below_Lower_Bound;\n \n- if not Comes_From_Source (Original_Node (X)) then\n- return;\n- end if;\n+ ---------------------------\n+ -- Warn_On_Literal_Index --\n+ ---------------------------\n \n- -- Case where subscript is a constant integer\n-\n- if Nkind (X) = N_Integer_Literal then\n+ procedure Warn_On_Literal_Index is\n+ begin\n Warn1;\n \n -- Case where original form of subscript is an integer literal\n@@ -4037,7 +4055,35 @@\n Error_Msg_FE -- CODEFIX\n (\"\\?w?suggested replacement: `&~`\", Original_Node (X), Ent);\n end if;\n+ end Warn_On_Literal_Index;\n \n+ -- Start of processing for Test_Suspicious_Index\n+\n+ begin\n+ -- Nothing to do if subscript does not come from source (we don't\n+ -- want to give garbage warnings on compiler expanded code, e.g. the\n+ -- loops generated for slice assignments. Such junk warnings would\n+ -- be placed on source constructs with no subscript in sight).\n+\n+ if not Comes_From_Source (Original_Node (X)) then\n+ return;\n+ end if;\n+\n+ -- Case where subscript is a constant integer\n+\n+ if Nkind (X) = N_Integer_Literal then\n+\n+ -- Case where subscript is lower than the lowest possible bound.\n+ -- This might be the case for example when programmers try to\n+ -- access a string at index 0, as they are used to in other\n+ -- programming languages like C.\n+\n+ if Intval (X) < Low_Bound then\n+ Warn_On_Index_Below_Lower_Bound;\n+ else\n+ Warn_On_Literal_Index;\n+ end if;\n+\n -- Case where subscript is of the form X'Length\n \n elsif Length_Reference (X) then\n","prefixes":["Ada"]}