From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <aoliva@sourceware.org>
Received: by sourceware.org (Postfix, from userid 2140)
 id 083A6385AC30; Wed, 10 Aug 2022 23:51:33 +0000 (GMT)
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 083A6385AC30
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: Alexandre Oliva <aoliva@gcc.gnu.org>
To: gcc-cvs@gcc.gnu.org
Subject: [gcc(refs/users/aoliva/heads/testme)] hardcfr docs: add checking at
 exceptions and noreturn calls
X-Act-Checkin: gcc
X-Git-Author: Alexandre Oliva <oliva@adacore.com>
X-Git-Refname: refs/users/aoliva/heads/testme
X-Git-Oldrev: 55ff57d87260178ba62e888b102f117995543d8b
X-Git-Newrev: 0ab4e8d54edbf52d34639dedcea3cb19eddb1b7a
Message-Id: <20220810235133.083A6385AC30@sourceware.org>
Date: Wed, 10 Aug 2022 23:51:33 +0000 (GMT)
X-BeenThere: gcc-cvs@gcc.gnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Gcc-cvs mailing list <gcc-cvs.gcc.gnu.org>
List-Unsubscribe: <https://gcc.gnu.org/mailman/options/gcc-cvs>,
 <mailto:gcc-cvs-request@gcc.gnu.org?subject=unsubscribe>
List-Archive: <https://gcc.gnu.org/pipermail/gcc-cvs/>
List-Help: <mailto:gcc-cvs-request@gcc.gnu.org?subject=help>
List-Subscribe: <https://gcc.gnu.org/mailman/listinfo/gcc-cvs>,
 <mailto:gcc-cvs-request@gcc.gnu.org?subject=subscribe>
X-List-Received-Date: Wed, 10 Aug 2022 23:51:33 -0000

https://gcc.gnu.org/g:0ab4e8d54edbf52d34639dedcea3cb19eddb1b7a

commit 0ab4e8d54edbf52d34639dedcea3cb19eddb1b7a
Author: Alexandre Oliva <oliva@adacore.com>
Date:   Wed Aug 10 20:43:29 2022 -0300

    hardcfr docs: add checking at exceptions and noreturn calls

Diff:
---
 gcc/ada/doc/gnat_rm/security_hardening_features.rst | 15 ++++++++++-----
 1 file changed, 10 insertions(+), 5 deletions(-)

diff --git a/gcc/ada/doc/gnat_rm/security_hardening_features.rst b/gcc/ada/doc/gnat_rm/security_hardening_features.rst
index f5fdc8e46b4..b7803cde588 100644
--- a/gcc/ada/doc/gnat_rm/security_hardening_features.rst
+++ b/gcc/ada/doc/gnat_rm/security_hardening_features.rst
@@ -263,11 +263,16 @@ For each block that is marked as visited, the mechanism checks that at
 least one of its predecessors, and at least one of its successors, are
 also marked as visited.
 
-Verification is performed just before returning.  Subprogram
-executions that complete by raising or propagating an exception bypass
-verification-and-return points.  A subprogram that can only complete
-by raising or propagating an exception may have instrumentation
-disabled altogether.
+Verification is performed just before returns, tail- and noreturn
+calls.  Furthermore, any subprogram from which an exception may
+escape, i.e., that may raise or propagate an exception that isn't
+handled internally, is automatically enclosed by a cleanup handler
+that performs verification.  When a noreturn call returns control to
+its caller through an exception, verification will have already been
+performed before the call, but it will take place again when the
+caller reaches the next verification point, whether it is the end of
+the enclosing cleanup handler, a return or reraise statement after the
+exception is otherwise handled, or even another noreturn call.
 
 The instrumentation for hardening with control flow redundancy can be
 observed in dump files generated by the command-line option