From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: by sourceware.org (Postfix, from userid 2140) id AE340385DC31; Wed, 24 Aug 2022 22:59:36 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org AE340385DC31 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gcc.gnu.org; s=default; t=1661381976; bh=WPgEeaz3AMhUow3wriTzLaTbMC+1L/iZIHgnlORMjp8=; h=From:To:Subject:Date:From; b=T1IV/WlxKXOnBOqzZfQdcfzXuTihvDwDHFTFoD0zHGb9Q9/q31g7r2CWomZ32fP0L joAtqZ2T+b14KjS3dB6NUieP6sRCH1aTaQJ1ushxXlYXgKqswSM/4iQn6Ddw3X4/BI XB5sXmGHSRTLs991Y1QQvY4YtimU5wT2eAAk8hUQ= Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: Alexandre Oliva To: gcc-cvs@gcc.gnu.org Subject: [gcc(refs/users/aoliva/heads/testme)] hardcfr docs: add checking at exceptions and noreturn calls X-Act-Checkin: gcc X-Git-Author: Alexandre Oliva X-Git-Refname: refs/users/aoliva/heads/testme X-Git-Oldrev: c7cc3fa861a35b4f67a6842143d817367c548c56 X-Git-Newrev: f2eb2a1c61110fbed1729123656bb58aa035d251 Message-Id: <20220824225936.AE340385DC31@sourceware.org> Date: Wed, 24 Aug 2022 22:59:36 +0000 (GMT) List-Id: https://gcc.gnu.org/g:f2eb2a1c61110fbed1729123656bb58aa035d251 commit f2eb2a1c61110fbed1729123656bb58aa035d251 Author: Alexandre Oliva Date: Wed Aug 24 19:58:01 2022 -0300 hardcfr docs: add checking at exceptions and noreturn calls Diff: --- gcc/ada/doc/gnat_rm/security_hardening_features.rst | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/gcc/ada/doc/gnat_rm/security_hardening_features.rst b/gcc/ada/doc/gnat_rm/security_hardening_features.rst index f5fdc8e46b4..b7803cde588 100644 --- a/gcc/ada/doc/gnat_rm/security_hardening_features.rst +++ b/gcc/ada/doc/gnat_rm/security_hardening_features.rst @@ -263,11 +263,16 @@ For each block that is marked as visited, the mechanism checks that at least one of its predecessors, and at least one of its successors, are also marked as visited. -Verification is performed just before returning. Subprogram -executions that complete by raising or propagating an exception bypass -verification-and-return points. A subprogram that can only complete -by raising or propagating an exception may have instrumentation -disabled altogether. +Verification is performed just before returns, tail- and noreturn +calls. Furthermore, any subprogram from which an exception may +escape, i.e., that may raise or propagate an exception that isn't +handled internally, is automatically enclosed by a cleanup handler +that performs verification. When a noreturn call returns control to +its caller through an exception, verification will have already been +performed before the call, but it will take place again when the +caller reaches the next verification point, whether it is the end of +the enclosing cleanup handler, a return or reraise statement after the +exception is otherwise handled, or even another noreturn call. The instrumentation for hardening with control flow redundancy can be observed in dump files generated by the command-line option