[gcc(refs/users/aoliva/heads/testme)] Expose expected_throw attribute

[Alexandre Oliva <aoliva@gcc.gnu.org>]

https://gcc.gnu.org/g:11842645a31b166a7ac55bd2b2f7aa3ce6596ca8

commit 11842645a31b166a7ac55bd2b2f7aa3ce6596ca8
Author: Alexandre Oliva <oliva@adacore.com>
Date:   Wed Oct 19 20:36:25 2022 -0300

    Expose expected_throw attribute
    
    Mark exception-raising subprograms with expected_throw attribute.
    
    Document the use of the attribute in Control Flow Redundancy.
    
    
    for  gcc/ada/ChangeLog
    
            * libgnat/a-except.ads (Raise_Exception): Mark expected_throw.
            (Reraise_Occurrence): Likewise.
            (Raise_Exception_Always): Likewise.
            (Raise_From_Controlled_Operation): Likewise.
            (Reraise_Occurrence_Always): Likewise.
            (Reraise_Occurrence_No_Defer): Likewise.
            * doc/gnat_rm/security_hardening_features.rt (Control Flow
            Hardening): Note the influence of expected_throw.

Diff:
---
 gcc/ada/doc/gnat_rm/security_hardening_features.rst | 4 +++-
 gcc/ada/libgnat/a-except.ads                        | 8 ++++++++
 2 files changed, 11 insertions(+), 1 deletion(-)

diff --git a/gcc/ada/doc/gnat_rm/security_hardening_features.rst b/gcc/ada/doc/gnat_rm/security_hardening_features.rst
index 80c80cdc805..eb116f8f55a 100644
--- a/gcc/ada/doc/gnat_rm/security_hardening_features.rst
+++ b/gcc/ada/doc/gnat_rm/security_hardening_features.rst
@@ -489,7 +489,9 @@ gets modified as follows:
 
 Verification may also be performed before No_Return calls, whether all
 of them, with :switch:`-fhardcfr-check-noreturn-calls=always`; all but
-internal subprograms involved in exception-raising or -reraising, with
+internal subprograms involved in exception-raising or -reraising or
+subprograms explicitly marked with both :samp:`No_Return` and
+:samp:`Machine_Attribute` :samp:`expected_throw` pragmas, with
 :switch:`-fhardcfr-check-noreturn-calls=not-always` (default); only
 nothrow ones, with :switch:`-fhardcfr-check-noreturn-calls=nothrow`;
 or none, with :switch:`-fhardcfr-check-noreturn-calls=never`.
diff --git a/gcc/ada/libgnat/a-except.ads b/gcc/ada/libgnat/a-except.ads
index af87d6624a9..b0f3bcb78bd 100644
--- a/gcc/ada/libgnat/a-except.ads
+++ b/gcc/ada/libgnat/a-except.ads
@@ -79,11 +79,13 @@ package Ada.Exceptions is
 
    procedure Raise_Exception (E : Exception_Id; Message : String := "");
    pragma No_Return (Raise_Exception);
+   pragma Machine_Attribute (Raise_Exception, "expected_throw");
    --  Note: In accordance with AI-466, CE is raised if E = Null_Id
 
    function Exception_Message (X : Exception_Occurrence) return String;
 
    procedure Reraise_Occurrence (X : Exception_Occurrence);
+   pragma Machine_Attribute (Reraise_Occurrence, "expected_throw");
    --  Note: it would be really nice to give a pragma No_Return for this
    --  procedure, but it would be wrong, since Reraise_Occurrence does return
    --  if the argument is the null exception occurrence. See also procedure
@@ -177,6 +179,7 @@ private
 
    procedure Raise_Exception_Always (E : Exception_Id; Message : String := "");
    pragma No_Return (Raise_Exception_Always);
+   pragma Machine_Attribute (Raise_Exception_Always, "expected_throw");
    pragma Export (Ada, Raise_Exception_Always, "__gnat_raise_exception");
    --  This differs from Raise_Exception only in that the caller has determined
    --  that for sure the parameter E is not null, and that therefore no check
@@ -195,6 +198,9 @@ private
            "__gnat_raise_from_controlled_operation");
    --  Raise Program_Error, providing information about X (an exception raised
    --  during a controlled operation) in the exception message.
+   pragma Machine_Attribute (Raise_From_Controlled_Operation,
+                             "expected_throw");
+   --  Mark it like internal exception-raising subprograms
 
    procedure Reraise_Library_Exception_If_Any;
    pragma Export
@@ -205,6 +211,7 @@ private
 
    procedure Reraise_Occurrence_Always (X : Exception_Occurrence);
    pragma No_Return (Reraise_Occurrence_Always);
+   pragma Machine_Attribute (Reraise_Occurrence_Always, "expected_throw");
    --  This differs from Raise_Occurrence only in that the caller guarantees
    --  that for sure the parameter X is not the null occurrence, and that
    --  therefore this procedure cannot return. The expander uses this routine
@@ -212,6 +219,7 @@ private
 
    procedure Reraise_Occurrence_No_Defer (X : Exception_Occurrence);
    pragma No_Return (Reraise_Occurrence_No_Defer);
+   pragma Machine_Attribute (Reraise_Occurrence_No_Defer, "expected_throw");
    --  Exactly like Reraise_Occurrence, except that abort is not deferred
    --  before the call and the parameter X is known not to be the null
    --  occurrence. This is used in generated code when it is known that abort