From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <oliva@adacore.com>
Received: from rock.gnat.com (rock.gnat.com
 [IPv6:2620:20:4000:0:a9e:1ff:fe9b:1d1])
 by sourceware.org (Postfix) with ESMTPS id 9CC1E385840E
 for <gcc-patches@gcc.gnu.org>; Sat, 30 Oct 2021 09:44:43 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 9CC1E385840E
Received: from localhost (localhost.localdomain [127.0.0.1])
 by filtered-rock.gnat.com (Postfix) with ESMTP id 491721161B9;
 Sat, 30 Oct 2021 05:44:43 -0400 (EDT)
X-Virus-Scanned: Debian amavisd-new at gnat.com
Received: from rock.gnat.com ([127.0.0.1])
 by localhost (rock.gnat.com [127.0.0.1]) (amavisd-new, port 10024)
 with LMTP id Zqmg11TpJtWL; Sat, 30 Oct 2021 05:44:43 -0400 (EDT)
Received: from free.home (tron.gnat.com
 [IPv6:2620:20:4000:0:46a8:42ff:fe0e:e294])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by rock.gnat.com (Postfix) with ESMTPS id 1072F1161A6;
 Sat, 30 Oct 2021 05:44:42 -0400 (EDT)
Received: from livre (livre.home [172.31.160.2])
 by free.home (8.15.2/8.15.2) with ESMTPS id 19U9ibqg164511
 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT);
 Sat, 30 Oct 2021 06:44:37 -0300
From: Alexandre Oliva <oliva@adacore.com>
To: Richard Biener <richard.guenther@gmail.com>
Cc: Alexandre Oliva via Gcc-patches <gcc-patches@gcc.gnu.org>
Subject: Re: [PATCH] hardened conditionals
Organization: Free thinker, does not speak for AdaCore
References: <oro87yho3n.fsf@lxoliva.fsfla.org>
 <42A19672-C6EF-4C2F-A826-4CB9EE388B95@gmail.com>
 <orsfx6lpib.fsf@lxoliva.fsfla.org>
 <CAFiYyc3RG66H86aGbf_eh6eUuKLsTV1FzunCN+6temPhwNgm7A@mail.gmail.com>
 <orbl3slpqo.fsf@lxoliva.fsfla.org>
 <CAFiYyc1yNCt64mgNB8edJmScmV-+8p0RcGvJ7hMDMgq_wKXn1A@mail.gmail.com>
 <orczo6jfvo.fsf@lxoliva.fsfla.org>
 <CAFiYyc0+FG+rSysOk+PhiAJem24JQqfEnaYLU0DE0s0TR3zsGQ@mail.gmail.com>
 <orbl3khyfj.fsf@lxoliva.fsfla.org> <orsfwtiyx2.fsf@lxoliva.fsfla.org>
 <CAFiYyc1+=KN7Z6TUh7QAeObNZefNytXVWPjy84YuN-V2FXN64g@mail.gmail.com>
 <ork0hxlrq9.fsf@lxoliva.fsfla.org>
Errors-To: aoliva@lxoliva.fsfla.org
Date: Sat, 30 Oct 2021 06:44:37 -0300
In-Reply-To: <ork0hxlrq9.fsf@lxoliva.fsfla.org> (Alexandre Oliva's message of
 "Thu, 28 Oct 2021 01:04:46 -0300")
Message-ID: <orzgqqoni2.fsf@lxoliva.fsfla.org>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/25.2 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain
X-Scanned-By: MIMEDefang 2.84
X-Spam-Status: No, score=-12.2 required=5.0 tests=BAYES_00, GIT_PATCH_0,
 KAM_DMARC_STATUS, SPF_HELO_NONE, SPF_PASS,
 TXREP autolearn=ham autolearn_force=no version=3.4.4
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on
 server2.sourceware.org
X-BeenThere: gcc-patches@gcc.gnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Gcc-patches mailing list <gcc-patches.gcc.gnu.org>
List-Unsubscribe: <https://gcc.gnu.org/mailman/options/gcc-patches>,
 <mailto:gcc-patches-request@gcc.gnu.org?subject=unsubscribe>
List-Archive: <https://gcc.gnu.org/pipermail/gcc-patches/>
List-Post: <mailto:gcc-patches@gcc.gnu.org>
List-Help: <mailto:gcc-patches-request@gcc.gnu.org?subject=help>
List-Subscribe: <https://gcc.gnu.org/mailman/listinfo/gcc-patches>,
 <mailto:gcc-patches-request@gcc.gnu.org?subject=subscribe>
X-List-Received-Date: Sat, 30 Oct 2021 09:44:45 -0000

FYI, I'm putting in this follow-up tweak to the GNAT manual.


Implied compares in Ada Harded Conditionals documentation

From: Alexandre Oliva <oliva@adacore.com>

Improve the wording on optimizations that prevent compare hardening,
so as to also cover cases in which explicit compares get combined into
operations with implied compares.


for  gcc/ada/ChangeLog

	* doc/gnat_rm/security_hardening_features.rst: Mention
	optimization to operations with implied compares.
---
 .../doc/gnat_rm/security_hardening_features.rst    |    7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/gcc/ada/doc/gnat_rm/security_hardening_features.rst b/gcc/ada/doc/gnat_rm/security_hardening_features.rst
index 52240d7e3dd54..cf76938d91d13 100644
--- a/gcc/ada/doc/gnat_rm/security_hardening_features.rst
+++ b/gcc/ada/doc/gnat_rm/security_hardening_features.rst
@@ -112,14 +112,15 @@ long after boolean expressions are decomposed into separate compares,
 each one turned into either a conditional branch or a compare whose
 result is stored in a boolean variable or temporary.  Compiler
 optimizations, if enabled, may also turn conditional branches into
-stored compares, and vice-versa.  Conditionals may also be optimized
+stored compares, and vice-versa, or into operations with implied
+conditionals (e.g. MIN and MAX).  Conditionals may also be optimized
 out entirely, if their value can be determined at compile time, and
 occasionally multiple compares can be combined into one.
 
 It is thus difficult to predict which of these two options will affect
 a specific compare operation expressed in source code.  Using both
-options ensures that every compare that is not optimized out will be
-hardened.
+options ensures that every compare that is neither optimized out nor
+optimized into implied conditionals will be hardened.
 
 The addition of reversed compares can be observed by enabling the dump
 files of the corresponding passes, through command line options


-- 
Alexandre Oliva, happy hacker                https://FSFLA.org/blogs/lxo/
   Free Software Activist                       GNU Toolchain Engineer
Disinformation flourishes because many people care deeply about injustice
but very few check the facts.  Ask me about <https://stallmansupport.org>