From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 16429 invoked by alias); 12 May 2015 08:07:53 -0000 Mailing-List: contact gcc-patches-help@gcc.gnu.org; run by ezmlm Precedence: bulk List-Id: List-Archive: List-Post: List-Help: Sender: gcc-patches-owner@gcc.gnu.org Received: (qmail 16395 invoked by uid 89); 12 May 2015 08:07:52 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=0.5 required=5.0 tests=BAYES_05,KAM_LAZY_DOMAIN_SECURITY autolearn=no version=3.3.2 X-HELO: rock.gnat.com Received: from rock.gnat.com (HELO rock.gnat.com) (205.232.38.15) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with (AES256-SHA encrypted) ESMTPS; Tue, 12 May 2015 08:07:51 +0000 Received: from localhost (localhost.localdomain [127.0.0.1]) by filtered-rock.gnat.com (Postfix) with ESMTP id 2229A286B1; Tue, 12 May 2015 04:07:50 -0400 (EDT) Received: from rock.gnat.com ([127.0.0.1]) by localhost (rock.gnat.com [127.0.0.1]) (amavisd-new, port 10024) with LMTP id hev-IX652mn1; Tue, 12 May 2015 04:07:50 -0400 (EDT) Received: from kwai.gnat.com (kwai.gnat.com [IPv6:2620:20:4000:0:7a2b:cbff:fe60:cb11]) by rock.gnat.com (Postfix) with ESMTP id 12B4ED39D6; Tue, 12 May 2015 04:07:50 -0400 (EDT) Received: by kwai.gnat.com (Postfix, from userid 4192) id 0EA99439C4; Tue, 12 May 2015 04:07:50 -0400 (EDT) Date: Tue, 12 May 2015 08:11:00 -0000 From: Arnaud Charlet To: gcc-patches@gcc.gnu.org Cc: Robert Dewar Subject: [Ada] Fix undetected overflow case in Ada.Real_Time."/" Message-ID: <20150512080750.GA19742@adacore.com> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="J/dobhs11T7y2rNN" Content-Disposition: inline User-Agent: Mutt/1.5.21 (2010-09-15) X-SW-Source: 2015-05/txt/msg01041.txt.bz2 --J/dobhs11T7y2rNN Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-length: 819 Despite the explicit pragma Unsuppress statements, the case of dividing Time_Span_First by -1 did not raise an exception. Eventually this should be corrected at the compiler or runtime level, but for now, we add an explicit check to ensure that this case is caught. The following test program: 1. with Ada.Real_Time; use Ada.Real_Time; 2. procedure ReaTimOv is 3. Result : Time_Span; 4. begin 5. Result := 6. Ada.Real_Time."/" 7. (Left => Ada.Real_Time.Time_Span_First, 8. Right => -1); 9. end; must yield when executed: raised CONSTRAINT_ERROR : Ada.Real_Time."/": overflow Tested on x86_64-pc-linux-gnu, committed on trunk 2015-05-12 Robert Dewar * a-reatim.adb ("/"): Add explicit check for Time_Span_First / -1. --J/dobhs11T7y2rNN Content-Type: text/plain; charset=us-ascii Content-Disposition: attachment; filename=difs Content-length: 1459 Index: a-reatim.adb =================================================================== --- a-reatim.adb (revision 223033) +++ a-reatim.adb (working copy) @@ -7,7 +7,7 @@ -- B o d y -- -- -- -- Copyright (C) 1991-1994, Florida State University -- --- Copyright (C) 1995-2014, AdaCore -- +-- Copyright (C) 1995-2015, AdaCore -- -- -- -- GNAT is free software; you can redistribute it and/or modify it under -- -- terms of the GNU General Public License as published by the Free Soft- -- @@ -123,6 +123,16 @@ pragma Unsuppress (Overflow_Check); pragma Unsuppress (Division_Check); begin + -- Even though checks are unsuppressed, we need an explicit check for + -- the case of largest negative integer divided by minus one, since + -- some library routines we use fail to catch this case. This will be + -- fixed at the compiler level in the future, at which point this test + -- can be removed. + + if Left = Time_Span_First and then Right = -1 then + raise Constraint_Error with "overflow"; + end if; + return Time_Span (Duration (Left) / Right); end "/"; --J/dobhs11T7y2rNN--