From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: by sourceware.org (Postfix, from userid 2140) id 9718C385356F; Wed, 24 Aug 2022 16:53:03 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 9718C385356F DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gcc.gnu.org; s=default; t=1661359983; bh=9UNydKQDNLj0vCCTg1TRESfRTVBmYVM95jeJStyRgTY=; h=From:To:Subject:Date:From; b=w0FDfGaY7mgqWJzw7Kxzcnz8Zqd0Hn+LVW2AQLlZpY2f1V7ZvwK3MFJGS98BMJDH+ LRcDmp94kD0JoWu3+luLG/SRF7yQeqqrNr6rbLTGn9q9pwE2YoBjilR8eDmp7951BL FRSJi52kNHQjX17pRB6F3ypiEWV5LLBhCj3bAFOk= Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: Alexandre Oliva To: gcc-cvs@gcc.gnu.org Subject: [gcc(refs/users/aoliva/heads/testme)] hardcfr docs: add checking at exceptions and noreturn calls X-Act-Checkin: gcc X-Git-Author: Alexandre Oliva X-Git-Refname: refs/users/aoliva/heads/testme X-Git-Oldrev: 88092167547fe32bb3ac36239d8643cd63ea8f9c X-Git-Newrev: 27964f6ee0310bfa250ed5ccd54efb8623dcce93 Message-Id: <20220824165303.9718C385356F@sourceware.org> Date: Wed, 24 Aug 2022 16:53:03 +0000 (GMT) List-Id: https://gcc.gnu.org/g:27964f6ee0310bfa250ed5ccd54efb8623dcce93 commit 27964f6ee0310bfa250ed5ccd54efb8623dcce93 Author: Alexandre Oliva Date: Wed Aug 24 13:37:00 2022 -0300 hardcfr docs: add checking at exceptions and noreturn calls Diff: --- gcc/ada/doc/gnat_rm/security_hardening_features.rst | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/gcc/ada/doc/gnat_rm/security_hardening_features.rst b/gcc/ada/doc/gnat_rm/security_hardening_features.rst index f5fdc8e46b4..b7803cde588 100644 --- a/gcc/ada/doc/gnat_rm/security_hardening_features.rst +++ b/gcc/ada/doc/gnat_rm/security_hardening_features.rst @@ -263,11 +263,16 @@ For each block that is marked as visited, the mechanism checks that at least one of its predecessors, and at least one of its successors, are also marked as visited. -Verification is performed just before returning. Subprogram -executions that complete by raising or propagating an exception bypass -verification-and-return points. A subprogram that can only complete -by raising or propagating an exception may have instrumentation -disabled altogether. +Verification is performed just before returns, tail- and noreturn +calls. Furthermore, any subprogram from which an exception may +escape, i.e., that may raise or propagate an exception that isn't +handled internally, is automatically enclosed by a cleanup handler +that performs verification. When a noreturn call returns control to +its caller through an exception, verification will have already been +performed before the call, but it will take place again when the +caller reaches the next verification point, whether it is the end of +the enclosing cleanup handler, a return or reraise statement after the +exception is otherwise handled, or even another noreturn call. The instrumentation for hardening with control flow redundancy can be observed in dump files generated by the command-line option