From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-pf1-x42b.google.com (mail-pf1-x42b.google.com [IPv6:2607:f8b0:4864:20::42b]) by sourceware.org (Postfix) with ESMTPS id 05FFE3858D20 for ; Fri, 20 Oct 2023 11:07:18 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 05FFE3858D20 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=adacore.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=adacore.com ARC-Filter: OpenARC Filter v1.0.0 sourceware.org 05FFE3858D20 Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=2607:f8b0:4864:20::42b ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1697800040; cv=none; b=Q/KJU7haHdjspn19fZvCbuCJLCexXO9opkqZXmjo5G0pDb3v3l2uAzmOhDs275hS1f8YF8DRBMLZx58mju7RFzIyWAfox1LTxGB4UU97wvmhvZ9BB/fOLa9FtfMYOwrohzTpbBK7wPz3shg90AEA4PJjVzajsill+fVWlVp9sPA= ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1697800040; c=relaxed/simple; bh=7irsYE0fhcQD14YqV4ZURYD4Z67L/kqP6rSFf6ohrUU=; h=DKIM-Signature:From:To:Subject:Date:Message-ID:MIME-Version; b=LqRU6nKnzlxLqWgJ1TnwUFWu+NBZuyJ3r9Jn5163+n1hX2lV4TjprCZuLBDkZuqMkrs4r6vdNMTl7HKXbQugHoglh1KVL2gZYGs9fApdB/sL0jEsQvA5/yJfD4qlRlxyytahvtxgyPPZdF17IJ4rx+BW2hZzH368bwX9IOFmIp0= ARC-Authentication-Results: i=1; server2.sourceware.org Received: by mail-pf1-x42b.google.com with SMTP id d2e1a72fcca58-6b1ef786b7fso625222b3a.3 for ; Fri, 20 Oct 2023 04:07:17 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=adacore.com; s=google; t=1697800037; x=1698404837; darn=gcc.gnu.org; h=mime-version:user-agent:message-id:in-reply-to:date:references :organization:subject:cc:to:from:from:to:cc:subject:date:message-id :reply-to; bh=v9dOJtQRgiZSveFr6Jlf82dKAKOZ6Pn+zINg1TzQlfg=; b=b1jbQIC0Dx219owa9CCemcwKbwAY1n1WL0gLIshaQ8xQK7RGNk20TiPR5mdjoFJz62 FdrCQwsRnx9RPSO3o6FlOfIXQoa8quXqVCU6LQNrctJ7eEdA06IKEWjXLKQH/17l1suJ Qk1IXRxjj4Hk8tKv0AP4B///lIQFJbZnaxAO0ife8s+Mu6asBT+dt+X6xyT/JcHIuDgc rP0ngNrw/8aF3VVA0XlX4yCOk8Mf9yn+KBf7IUrby8A7xxmyoEhRmO9PZKIu3wQzArFU M6Ygjm2V3DbU9KbNj/XIAL5rXKnh7GhGHfEgVgKQyAy/BhHM5dBaUSyorLPJEG6R2lLS KZFA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1697800037; x=1698404837; h=mime-version:user-agent:message-id:in-reply-to:date:references :organization:subject:cc:to:from:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=v9dOJtQRgiZSveFr6Jlf82dKAKOZ6Pn+zINg1TzQlfg=; b=ptN7pvuaSlQYf4ZrbOPHuKlL4d/ZNptArmOkhZh9nFkOLg6ok2j/zBuxn6PvtLwfrs YjwvXzBnN4CrYfsxCDpzkAEMDIBVCUzEohIIWg/lfjvPFeYOzIRE2RNSXZ86vgcN+Dtx xOhPc12SvaDWeRWPHtWnaCIso8jQydSwtMoolZvphLACEMGQDZft+w3nbAtGX4p/EdAo zU/nPHnbxMaqgd9/WYlY64RtcdasAMjufLNiOKW7Fk7m63kKmKooSFnKDzZDLq0qGHql el93rzxggDR5FOaku96DCKQ8B2TGAAmOGp4jlcS1Ff6ovy20L2WBPKn9+FisujdX6N0E P1dw== X-Gm-Message-State: AOJu0YxbKW5mhqcnVP9ojwJ1c25YY4DyS1FSk2xdw3hlqhjlM9Gn/Ick nKnV/g3tZKQ4fowVrUTMCY/JsA== X-Google-Smtp-Source: AGHT+IFSQuZjxWAacu9XrplJPb/ltt1IoD/SmzvviBUwXaSekn6Zxj9voVmd0Xs6SR3lcTDII0Uluw== X-Received: by 2002:a05:6a00:2d0b:b0:6be:e54e:a540 with SMTP id fa11-20020a056a002d0b00b006bee54ea540mr1397144pfb.30.1697800036802; Fri, 20 Oct 2023 04:07:16 -0700 (PDT) Received: from free.home ([2804:7f1:2080:7ba0:18cb:7459:1c6c:8dbf]) by smtp.gmail.com with ESMTPSA id n9-20020aa79849000000b00682868714fdsm1330532pfq.95.2023.10.20.04.07.15 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 20 Oct 2023 04:07:16 -0700 (PDT) Received: from livre (livre.home [172.31.160.2]) by free.home (8.15.2/8.15.2) with ESMTPS id 39KB71cm1535518 (version=TLSv1.3 cipher=TLS_AES_256_GCM_SHA384 bits=256 verify=NOT); Fri, 20 Oct 2023 08:07:02 -0300 From: Alexandre Oliva To: Richard Biener Cc: gcc-patches@gcc.gnu.org, Jeff Law , David Edelsohn , Segher Boessenkool , Kewen Lin Subject: Re: [PATCH v3] Control flow redundancy hardening Organization: Free thinker, does not speak for AdaCore References: Date: Fri, 20 Oct 2023 08:07:01 -0300 In-Reply-To: (Richard Biener's message of "Fri, 20 Oct 2023 08:33:53 +0200") Message-ID: User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux) MIME-Version: 1.0 Content-Type: text/plain X-Scanned-By: MIMEDefang 2.84 X-Spam-Status: No, score=-5.6 required=5.0 tests=BAYES_00,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS,TXREP,WEIRD_QUOTING autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: Thanks. On Oct 20, 2023, Richard Biener wrote: >> for gcc/ada/ChangeLog >> >> * gcc-interface/trans.cc (gigi): Mark __gnat_reraise_zcx with >> ECF_XTHROW. >> (build_raise_check): Likewise for all rcheck subprograms. >> * gcc-interface/utils.cc (handle_expected_throw_attribute): >> New. >> (gnat_internal_attribute_table): Add expected_throw. >> * libgnat/a-except.ads (Raise_Exception): Mark expected_throw. >> (Reraise_Occurrence): Likewise. >> (Raise_Exception_Always): Likewise. >> (Raise_From_Controlled_Operation): Likewise. >> (Reraise_Occurrence_Always): Likewise. >> (Reraise_Occurrence_No_Defer): Likewise. >> * libgnat/a-except.adb >> (Exception_Propagation.Propagate_Exception): Likewise. >> (Complete_And_Propagate_Occurrence): Likewise. >> (Raise_Exception_No_Defer): Likewise. >> (Raise_From_Signal_Handler): Likewise. >> (Raise_With_Msg): Likewise. >> (Raise_With_Location_And_Msg): Likewise. >> (Raise_Constraint_Error): Likewise. >> (Raise_Constraint_Error_Msg): Likewise. >> (Raise_Program_Error): Likewise. >> (Raise_Program_Error_Msg): Likewise. >> (Raise_Storage_Error): Likewise. >> (Raise_Storage_Error_Msg): Likewise. >> (Reraise, Rcheck_*): Likewise. >> * doc/gnat_rm/security_hardening_features.rst (Control Flow >> Redundancy): Add -fhardcfr-check-noreturn-calls=no-xthrow. >> Note the influence of expected_throw. Document >> -fhardcfr-skip-leaf. Some of the above changes had already been contributed, but I had meant to keep these in the commit message, but the ChangeLog checker wouldn't let me. I also had some typos in testsuite filenames in the ChangeLog entries. Since the patch is big, I'm not posting it all again, but here's the corrected set of ChangeLog entries that went in along with it: for gcc/ChangeLog * tree-core.h (ECF_XTHROW): New macro. * tree.cc (set_call_expr): Add expected_throw attribute when ECF_XTHROW is set. (build_common_builtin_node): Add ECF_XTHROW to __cxa_end_cleanup and _Unwind_Resume or _Unwind_SjLj_Resume. * calls.cc (flags_from_decl_or_type): Check for expected_throw attribute to set ECF_XTHROW. * gimple.cc (gimple_build_call_from_tree): Propagate ECF_XTHROW from decl flags to gimple call... (gimple_call_flags): ... and back. * gimple.h (GF_CALL_XTHROW): New gf_mask flag. (gimple_call_set_expected_throw): New. (gimple_call_expected_throw_p): New. * Makefile.in (OBJS): Add gimple-harden-control-flow.o. * builtins.def (BUILT_IN___HARDCFR_CHECK): New. * common.opt (fharden-control-flow-redundancy): New. (-fhardcfr-check-returning-calls): New. (-fhardcfr-check-exceptions): New. (-fhardcfr-check-noreturn-calls=*): New. (Enum hardcfr_check_noreturn_calls): New. (fhardcfr-skip-leaf): New. * doc/invoke.texi: Document them. (hardcfr-max-blocks, hardcfr-max-inline-blocks): New params. * flag-types.h (enum hardcfr_noret): New. * gimple-harden-control-flow.cc: New. * params.opt (-param=hardcfr-max-blocks=): New. (-param=hradcfr-max-inline-blocks=): New. * passes.def (pass_harden_control_flow_redundancy): Add. * tree-pass.h (make_pass_harden_control_flow_redundancy): Declare. * doc/extend.texi: Document expected_throw attribute. for gcc/ada/ChangeLog * gcc-interface/trans.cc (gigi): Mark __gnat_reraise_zcx with ECF_XTHROW. (build_raise_check): Likewise for all rcheck subprograms. for gcc/c-family/ChangeLog * c-attribs.cc (handle_expected_throw_attribute): New. (c_common_attribute_table): Add expected_throw. for gcc/cp/ChangeLog * decl.cc (push_throw_library_fn): Mark with ECF_XTHROW. * except.cc (build_throw): Likewise __cxa_throw, _ITM_cxa_throw, __cxa_rethrow. for gcc/testsuite/ChangeLog * c-c++-common/torture/harden-cfr.c: New. * c-c++-common/harden-cfr-noret-never-O0.c: New. * c-c++-common/torture/harden-cfr-noret-never.c: New. * c-c++-common/torture/harden-cfr-noret-noexcept.c: New. * c-c++-common/torture/harden-cfr-noret-nothrow.c: New. * c-c++-common/torture/harden-cfr-noret.c: New. * c-c++-common/torture/harden-cfr-notail.c: New. * c-c++-common/torture/harden-cfr-returning.c: New. * c-c++-common/torture/harden-cfr-tail.c: New. * c-c++-common/torture/harden-cfr-abrt-always.c: New. * c-c++-common/torture/harden-cfr-abrt-never.c: New. * c-c++-common/torture/harden-cfr-abrt-no-xthrow.c: New. * c-c++-common/torture/harden-cfr-abrt-nothrow.c: New. * c-c++-common/torture/harden-cfr-abrt.c: New. * c-c++-common/torture/harden-cfr-always.c: New. * c-c++-common/torture/harden-cfr-never.c: New. * c-c++-common/torture/harden-cfr-no-xthrow.c: New. * c-c++-common/torture/harden-cfr-nothrow.c: New. * c-c++-common/torture/harden-cfr-bret-always.c: New. * c-c++-common/torture/harden-cfr-bret-never.c: New. * c-c++-common/torture/harden-cfr-bret-noopt.c: New. * c-c++-common/torture/harden-cfr-bret-noret.c: New. * c-c++-common/torture/harden-cfr-bret-no-xthrow.c: New. * c-c++-common/torture/harden-cfr-bret-nothrow.c: New. * c-c++-common/torture/harden-cfr-bret-retcl.c: New. * c-c++-common/torture/harden-cfr-bret.c: New. * g++.dg/harden-cfr-throw-always-O0.C: New. * g++.dg/harden-cfr-throw-returning-O0.C: New. * g++.dg/torture/harden-cfr-noret-always-no-nothrow.C: New. * g++.dg/torture/harden-cfr-noret-never-no-nothrow.C: New. * g++.dg/torture/harden-cfr-noret-no-nothrow.C: New. * g++.dg/torture/harden-cfr-throw-always.C: New. * g++.dg/torture/harden-cfr-throw-never.C: New. * g++.dg/torture/harden-cfr-throw-no-xthrow.C: New. * g++.dg/torture/harden-cfr-throw-no-xthrow-expected.C: New. * g++.dg/torture/harden-cfr-throw-nothrow.C: New. * g++.dg/torture/harden-cfr-throw-nocleanup.C: New. * g++.dg/torture/harden-cfr-throw-returning.C: New. * g++.dg/torture/harden-cfr-throw.C: New. * gcc.dg/torture/harden-cfr-noret-no-nothrow.c: New. * gcc.dg/torture/harden-cfr-tail-ub.c: New. * gnat.dg/hardcfr.adb: New. for libgcc/ChangeLog * Makefile.in (LIB2ADD): Add hardcfr.c. * hardcfr.c: New. -- Alexandre Oliva, happy hacker https://FSFLA.org/blogs/lxo/ Free Software Activist GNU Toolchain Engineer More tolerance and less prejudice are key for inclusion and diversity Excluding neuro-others for not behaving ""normal"" is *not* inclusive