From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <poulhies@adacore.com>
Received: from mail-wr1-x42f.google.com (mail-wr1-x42f.google.com [IPv6:2a00:1450:4864:20::42f])
	by sourceware.org (Postfix) with ESMTPS id CD1B6384B12A
	for <gcc-patches@gcc.gnu.org>; Thu,  6 Oct 2022 09:30:19 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org CD1B6384B12A
Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=adacore.com
Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=adacore.com
Received: by mail-wr1-x42f.google.com with SMTP id a10so1741671wrm.12
        for <gcc-patches@gcc.gnu.org>; Thu, 06 Oct 2022 02:30:19 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=adacore.com; s=google;
        h=content-transfer-encoding:mime-version:message-id:date:subject:cc
         :to:from:from:to:cc:subject:date:message-id:reply-to;
        bh=DwN9hrl3UHIXQRqyEZbpWQCdMhp/oUNXNR1XvE724a8=;
        b=Pw0g7BlYcnl46FNmtYslAD5DiGHUVq7JqJ4pFTiv9tvUH3tCoTGfVJkRDWqqn+EQTh
         z3qz0d8GIacKK9YScU+4dz0IgmUR88cNVvcZ9kI7bum1qz2KhYG3r3FtXTd8ZkAXeGKo
         5hn8g2UpYUXwjuU002k3fvGkpCc8XQpALWTEWSyzWKe9BHc3pWUMAab9Jztqz5sG6sAD
         HCcU05GI4C3Sj9wm5DYkJPyXK1a79A6IDqLvm3JDTt7I/8WMJnLy9NnrgGOhe4KOtplY
         FeIOeA9mWPGWlPhhakLMrvR7NZL2uvOABaJGXNI/h191duw8JbDtz/TR/dkMsloDlEH2
         dtqQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20210112;
        h=content-transfer-encoding:mime-version:message-id:date:subject:cc
         :to:from:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=DwN9hrl3UHIXQRqyEZbpWQCdMhp/oUNXNR1XvE724a8=;
        b=c7EZbIxa8UxU0tbXM/stuKWJsLGYZc02Q6ba/RC3LoSSf4v7iHHqgXoStuIvRPOT+g
         IuPTVMJPWb+IJQADFnxshnHQmzmIElQ033dL99y+kujAjMU1iKFpY6cuWiUmF5qzpEI9
         IeDBUD1cca893lBvlOB+m7nsmqHy2kfCPR+vS5eGY4EblYx1PYdLNEp/OQ0A/YEvkLUX
         DbqQfLo0znGkvrtLURkCl71W0o388RtP656VKPsFikPEYWzryEpDrTdzofVKZqAjGYL4
         bnriiPHVTc0CB33qPfuiTV2CIGLUG6cyxpoMFrWl0FgnTon6qpYPg5iyrPFBNi5a0XxF
         6RKw==
X-Gm-Message-State: ACrzQf25aJ2UqVIfqzwWYcIuxJz6N+fPQYmVMjjC92ved7pdPR6OduFj
	PKQ9/Gfp03HVZ5r4wyjcOftTQSg9n3vbgWW3
X-Google-Smtp-Source: AMsMyM6efXUDVZ9YTvs7qG+sidexE6AWlIa9L8sT5+OwYhz2eKwISERrKuyAvHvYZFXHFQL0SU68OQ==
X-Received: by 2002:a5d:400a:0:b0:22e:689d:3566 with SMTP id n10-20020a5d400a000000b0022e689d3566mr2342031wrp.205.1665048618584;
        Thu, 06 Oct 2022 02:30:18 -0700 (PDT)
Received: from poulhies-Precision-5550.lan (static-176-191-105-132.ftth.abo.bbox.fr. [176.191.105.132])
        by smtp.gmail.com with ESMTPSA id a5-20020adfeec5000000b0022e2c38f8basm14836002wrp.14.2022.10.06.02.30.17
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Thu, 06 Oct 2022 02:30:18 -0700 (PDT)
From: =?UTF-8?q?Marc=20Poulhi=C3=A8s?= <poulhies@adacore.com>
To: gcc-patches@gcc.gnu.org
Cc: Alexandre Oliva <oliva@adacore.com>
Subject: [COMMITED] ada: stack scrubbing: exemplify codegen changes
Date: Thu,  6 Oct 2022 11:30:06 +0200
Message-Id: <20221006093006.261475-1-poulhies@adacore.com>
X-Mailer: git-send-email 2.34.1
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Spam-Status: No, score=-13.3 required=5.0 tests=BAYES_00,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,GIT_PATCH_0,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS,TXREP autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org
List-Id: <gcc-patches.gcc.gnu.org>

From: Alexandre Oliva <oliva@adacore.com>

gcc/ada/

	* doc/gnat_rm/security_hardening_features.rst: Add examples of
	codegen changes in stack scrubbing.
	* gnat_rm.texi: Regenerate.

Tested on x86_64-pc-linux-gnu, committed on master.

---
 .../gnat_rm/security_hardening_features.rst   | 52 ++++++++++++++++++
 gcc/ada/gnat_rm.texi                          | 53 ++++++++++++++++++-
 2 files changed, 103 insertions(+), 2 deletions(-)

diff --git a/gcc/ada/doc/gnat_rm/security_hardening_features.rst b/gcc/ada/doc/gnat_rm/security_hardening_features.rst
index f5fdc8e46b4..e36d47517dc 100644
--- a/gcc/ada/doc/gnat_rm/security_hardening_features.rst
+++ b/gcc/ada/doc/gnat_rm/security_hardening_features.rst
@@ -74,6 +74,58 @@ or a variable.)
      --  scrubbing of the stack space used by that subprogram.
 
 
+Given these declarations, Foo has its type and body modified as
+follows:
+
+.. code-block:: ada
+
+     function Foo (<WaterMark> : in out System.Address) returns Integer
+     is
+       --  ...
+     begin
+       <__strub_update> (<WaterMark>);  --  Updates the stack WaterMark.
+       --  ...
+     end;
+
+
+whereas its callers are modified from:
+
+.. code-block:: ada
+
+     X := Foo;
+
+to:
+
+.. code-block:: ada
+
+     declare
+       <WaterMark> : System.Address;
+     begin
+       <__strub_enter> (<WaterMark>);  -- Initialize <WaterMark>.
+       X := Foo (<WaterMark>);
+       <__strub_leave> (<WaterMark>);  -- Scrubs stack up to <WaterMark>.
+     end;
+
+
+As for Bar, because it is strubbed in internal mode, its callers are
+not modified.  Its definition is modified roughly as follows:
+
+.. code-block:: ada
+
+     procedure Bar is
+       <WaterMark> : System.Address;
+       procedure Strubbed_Bar (<WaterMark> : in out System.Address) is
+       begin
+         <__strub_update> (<WaterMark>);  --  Updates the stack WaterMark.
+         -- original Bar body.
+       end Strubbed_Bar;
+     begin
+       <__strub_enter> (<WaterMark>);  -- Initialize <WaterMark>.
+       Strubbed_Bar (<WaterMark>);
+       <__strub_leave> (<WaterMark>);  -- Scrubs stack up to <WaterMark>.
+     end Bar;
+
+
 There are also :switch:`-fstrub={choice}` command-line options to
 control default settings.  For usage and more details on the
 command-line options, on the ``strub`` attribute, and their use with
diff --git a/gcc/ada/gnat_rm.texi b/gcc/ada/gnat_rm.texi
index 64f2e796d8a..ff1845661a4 100644
--- a/gcc/ada/gnat_rm.texi
+++ b/gcc/ada/gnat_rm.texi
@@ -3,7 +3,7 @@
 @setfilename gnat_rm.info
 @documentencoding UTF-8
 @ifinfo
-@*Generated by Sphinx 5.1.1.@*
+@*Generated by Sphinx 5.2.3.@*
 @end ifinfo
 @settitle GNAT Reference Manual
 @defindex ge
@@ -19,7 +19,7 @@
 
 @copying
 @quotation
-GNAT Reference Manual , Sep 23, 2022
+GNAT Reference Manual , Oct 04, 2022
 
 AdaCore
 
@@ -28734,6 +28734,55 @@ pragma Machine_Attribute (Var, "strub");
 --  scrubbing of the stack space used by that subprogram.
 @end example
 
+Given these declarations, Foo has its type and body modified as
+follows:
+
+@example
+function Foo (<WaterMark> : in out System.Address) returns Integer
+is
+  --  ...
+begin
+  <__strub_update> (<WaterMark>);  --  Updates the stack WaterMark.
+  --  ...
+end;
+@end example
+
+whereas its callers are modified from:
+
+@example
+X := Foo;
+@end example
+
+to:
+
+@example
+declare
+  <WaterMark> : System.Address;
+begin
+  <__strub_enter> (<WaterMark>);  -- Initialize <WaterMark>.
+  X := Foo (<WaterMark>);
+  <__strub_leave> (<WaterMark>);  -- Scrubs stack up to <WaterMark>.
+end;
+@end example
+
+As for Bar, because it is strubbed in internal mode, its callers are
+not modified.  Its definition is modified roughly as follows:
+
+@example
+procedure Bar is
+  <WaterMark> : System.Address;
+  procedure Strubbed_Bar (<WaterMark> : in out System.Address) is
+  begin
+    <__strub_update> (<WaterMark>);  --  Updates the stack WaterMark.
+    -- original Bar body.
+  end Strubbed_Bar;
+begin
+  <__strub_enter> (<WaterMark>);  -- Initialize <WaterMark>.
+  Strubbed_Bar (<WaterMark>);
+  <__strub_leave> (<WaterMark>);  -- Scrubs stack up to <WaterMark>.
+end Bar;
+@end example
+
 There are also @code{-fstrub=`choice'} command-line options to
 control default settings.  For usage and more details on the
 command-line options, on the @code{strub} attribute, and their use with
-- 
2.34.1