[Ada] Type invariant or postcondition may cause uninitialized memory reads

This patch corrects an error in the compiler whereby a function
requiring the generation of a postconditions procedure may cause an
uninitialized memory read when the return type
Has_Unconstrained_Elements or is an unconstrained array.

The error occurs because evaluation of postconditions happens within the
"at end" handler when the temporary result object may go out of scope.
The patch modifies expansion in the above cases to evaluate
postconditions at the point of return instead - in order to guarantee
the result object is valid.

Note that these changes have the side effect of introducing a semantic
bug such that functions returning types with unconstrained elements will
have their postconditions/return type invariants evaluated before
finalization. Work is currently being done to introduce wrappers which
will solve this problem and remove technical debt in this area.

gcc/ada/

	* exp_ch7.adb (Build_Finalizer): Disable late evaluation of
	postconditions for functions returning types which where
	Has_Unconstrained_Elements is true or are unconstrained arrays.

diff --git a/gcc/ada/exp_ch7.adb b/gcc/ada/exp_ch7.adb
index ff7eefa..ae3663e 100644 (file)
--- a/gcc/ada/exp_ch7.adb
+++ b/gcc/ada/exp_ch7.adb
@@ -4247,14 +4247,33 @@ package body Exp_Ch7 is
          --
          --    Postcond_Enable := False;
 
-         Append_To (Top_Decls,
-           Make_Assignment_Statement (Loc,
-             Name       =>
-               New_Occurrence_Of
-                 (Get_Postcond_Enabled (Def_Ent), Loc),
-             Expression =>
-               New_Occurrence_Of
-                 (Standard_False, Loc)));
+         --  Note that we do not disable early evaluation of postconditions
+         --  for return types that are unconstrained or have unconstrained
+         --  elements since the temporary result object could get allocated on
+         --  the stack and be out of scope at the point where we perform late
+         --  evaluation of postconditions - leading to uninitialized memory
+         --  reads.
+
+         --  This disabling of early evaluation can lead to incorrect run-time
+         --  semantics where functions with unconstrained elements will
+         --  have their corresponding postconditions evaluated before
+         --  finalization. The proper solution here is to generate a wrapper
+         --  to capture the result instead of using multiple flags and playing
+         --  with flags which does not even work in all cases ???
+
+         if not Has_Unconstrained_Elements (Etype (Def_Ent))
+           or else (Is_Array_Type (Etype (Def_Ent))
+                     and then not Is_Constrained (Etype (Def_Ent)))
+         then
+            Append_To (Top_Decls,
+              Make_Assignment_Statement (Loc,
+                Name       =>
+                  New_Occurrence_Of
+                    (Get_Postcond_Enabled (Def_Ent), Loc),
+                Expression =>
+                  New_Occurrence_Of
+                    (Standard_False, Loc)));
+         end if;
 
          --  Add the subprogram to the list of declarations an analyze it