public inbox for gcc-bugs@sourceware.org help / color / mirror / Atom feed
From: "saulius.grazulis at bti dot vu.lt" <gcc-bugzilla@gcc.gnu.org> To: gcc-bugs@gcc.gnu.org Subject: [Bug ada/115666] New: Cloaking access to subprogram in a record allows storing anonymous access-to-subprogram value Date: Wed, 26 Jun 2024 13:26:38 +0000 [thread overview] Message-ID: <bug-115666-4@http.gcc.gnu.org/bugzilla/> (raw) https://gcc.gnu.org/bugzilla/show_bug.cgi?id=115666 Bug ID: 115666 Summary: Cloaking access to subprogram in a record allows storing anonymous access-to-subprogram value Product: gcc Version: 15.0 Status: UNCONFIRMED Severity: normal Priority: P3 Component: ada Assignee: unassigned at gcc dot gnu.org Reporter: saulius.grazulis at bti dot vu.lt CC: dkm at gcc dot gnu.org Target Milestone: --- Created attachment 58521 --> https://gcc.gnu.org/bugzilla/attachment.cgi?id=58521&action=edit A minimal working example of the access-to-subprogram check circumvention, ready for 'gnatchop' According to the Rationale for Ada 2005. 3.4 Downward closures [1], "[A]nonymous access to subprogram parameters /.../ do not carry an indication of the accessibility level of the actual parameter but simply treat it as if it were infinite (strictly – deeper than anything else). This of course prevents the conversion to the type APT and all is well; this is detected at compile time." However, if the 'access procedure' type (APT) is a field of a record, then a value of such field can be initialized using an anonymous access to procedure value, and later values of such record can be freely copied around, essentially circumventing the check mentioned in [1] and leading to programs that compile without warnings but have unpredictable behavior. NB: This is not the same as bug #84194; that one is fixed in the new compiler. Ref.: [1] Rationale for Ada 2005. 3.4 Downward closures. URL: https://www.adaic.org/resources/add_content/standards/05rat/html/Rat-3-4.html Below is the minimal working example ('minimal-working-example.ada') and a log demonstrating this situation: saulius@pterodaktilis minimal-working-example/ $ gnatchop -w minimal-working-example.ada splitting minimal-working-example.ada into: access_procedure_assignment.adb function_pointers.adb function_pointers.ads saulius@pterodaktilis minimal-working-example/ $ gnatmake -gnata access_procedure_assignment.adb gcc -c -gnata access_procedure_assignment.adb gcc -c -gnata function_pointers.adb gnatbind -x access_procedure_assignment.ali gnatlink access_procedure_assignment.ali # Expected behavior: gnat compiler preventing assignment of the 'Function_Pointer_Wrapper'; # Actuall behaviour: the program compiles without errors or warnings but crashes when run; the run-time behavior is unpredictable (from no error to STORAGE_ERROR to 'segfault', depending on what other code is added): saulius@pterodaktilis minimal-working-example/ $ ./access_procedure_assignment PP.PPtr (B), main scope, after calling 'Evil_Crasher': raised STORAGE_ERROR : stack overflow or erroneous memory access saulius@pterodaktilis minimal-working-example/ $ lsb_release -a No LSB modules are available. Distributor ID: Linuxmint Description: Linux Mint 21.2 Release: 21.2 Codename: victoria saulius@pterodaktilis minimal-working-example/ $ uname -a Linux pterodaktilis 5.15.0-112-generic #122-Ubuntu SMP Thu May 23 07:48:21 UTC 2024 x86_64 x86_64 x86_64 GNU/Linux saulius@pterodaktilis minimal-working-example/ $ gcc -v Using built-in specs. COLLECT_GCC=gcc COLLECT_LTO_WRAPPER=/home/saulius/install/gcc/gcc-gnu-commit-7fada36c778/libexec/gcc/x86_64-pc-linux-gnu/15.0.0/lto-wrapper Target: x86_64-pc-linux-gnu Configured with: ../gcc/configure --prefix=/home/saulius/install/gcc/gcc-gnu-commit-7fada36c778 --enable-languages=c,c++,ada --disable-nls --disable-multilib --enable-shared --enable-threads=posix --enable-__cxa_atexit --enable-clocale=gnu Thread model: posix Supported LTO compression algorithms: zlib gcc version 15.0.0 20240626 (experimental) (GCC) saulius@pterodaktilis minimal-working-example/ $ gnat --version GNAT 15.0.0 20240626 (experimental) Copyright (C) 1996-2024, Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. saulius@pterodaktilis minimal-working-example/ $ which gnat /home/saulius/install/gcc/gcc-gnu-commit-7fada36c778/bin/gnat saulius@pterodaktilis minimal-working-example/ $ (cd ~/src/gcc; git remote -v) origin git://gcc.gnu.org/git/gcc.git (fetch) origin git://gcc.gnu.org/git/gcc.git (push) saulius@pterodaktilis minimal-working-example/ $ (cd ~/src/gcc; git log --oneline -1) 7fada36c778 (HEAD -> master, origin/trunk, origin/master, origin/HEAD) [aarch64] Add support for -mcpu=grace
next reply other threads:[~2024-06-26 13:26 UTC|newest] Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top 2024-06-26 13:26 saulius.grazulis at bti dot vu.lt [this message] 2024-06-26 13:29 ` [Bug ada/115666] " saulius.grazulis at bti dot vu.lt 2024-06-27 10:45 ` ebotcazou at gcc dot gnu.org 2024-06-27 10:52 ` saulius.grazulis at bti dot vu.lt 2024-06-27 10:58 ` saulius.grazulis at bti dot vu.lt 2024-06-27 10:58 ` ebotcazou at gcc dot gnu.org 2024-06-27 11:15 ` saulius.grazulis at bti dot vu.lt
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=bug-115666-4@http.gcc.gnu.org/bugzilla/ \ --to=gcc-bugzilla@gcc.gnu.org \ --cc=gcc-bugs@gcc.gnu.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).