From 65d76c55931c076d674def3e6bd035f875e2c55c Mon Sep 17 00:00:00 2001
From: Bob Duff <duff@adacore.com>
Date: Tue, 23 Aug 2022 12:51:01 -0400
Subject: [PATCH] [Ada] Fix bugs in check-related warnings.

Make sure warnings about wrong-length aggregates don't get
suppressed. Such a warning (in a with-ed unit) can be the only
explanation for an error about No_Elaboration_Code violations.

Avoid passing a bogus "#" to Error_Msg. We really should never
construct message templates by concatenating strings that can
come from input data, but there are too many cases of that to
clean up. The message template parameters should really be
of a type other than String, to avoid these kinds of bugs,
but again, that's too much work to clean up now.

gcc/ada/

	* checks.adb
	(Selected_Length_Checks): In the message for an aggregate that has
	too few or too many elements, add "!!" to make sure the warning
	gets printed in with'ed units. Note that we have to put "!!"
	before the "??", because Compile_Time_Constraint_Error detects
	warnings by comparing the last character of the message with '?'
	(which is bit dubious, but we're not changing that here).
	(Length_Mismatch_Info_Message): Use Unat for some things that
	can't be negative. Specify Decimal instead of Auto in calls to
	UI_Image.
	* sem_util.adb
	(Compile_Time_Constraint_Error): Minor.
	* uintp.adb
	(Image_Uint): It's always better to initialize objects on their
	declaration.
---
 gcc/ada/checks.adb   | 27 +++++++++++++++++----------
 gcc/ada/sem_util.adb |  2 --
 gcc/ada/uintp.adb    |  4 +---
 3 files changed, 18 insertions(+), 15 deletions(-)

diff --git a/gcc/ada/checks.adb b/gcc/ada/checks.adb
index 26d5a4e220e3..8fa16b802dee 100644
--- a/gcc/ada/checks.adb
+++ b/gcc/ada/checks.adb
@@ -9951,8 +9951,8 @@ package body Checks is
       --    Typ'Length /= Exp'Length
 
       function Length_Mismatch_Info_Message
-        (Left_Element_Count  : Uint;
-         Right_Element_Count : Uint) return String;
+        (Left_Element_Count  : Unat;
+         Right_Element_Count : Unat) return String;
       --  Returns a message indicating how many elements were expected
       --  (Left_Element_Count) and how many were found (Right_Element_Count).
 
@@ -10150,14 +10150,14 @@ package body Checks is
       ----------------------------------
 
       function Length_Mismatch_Info_Message
-        (Left_Element_Count  : Uint;
-         Right_Element_Count : Uint) return String
+        (Left_Element_Count  : Unat;
+         Right_Element_Count : Unat) return String
       is
 
-         function Plural_Vs_Singular_Ending (Count : Uint) return String;
+         function Plural_Vs_Singular_Ending (Count : Unat) return String;
          --  Returns an empty string if Count is 1; otherwise returns "s"
 
-         function Plural_Vs_Singular_Ending (Count : Uint) return String is
+         function Plural_Vs_Singular_Ending (Count : Unat) return String is
          begin
             if Count = 1 then
                return "";
@@ -10167,12 +10167,19 @@ package body Checks is
          end Plural_Vs_Singular_Ending;
 
       begin
-         return "expected " & UI_Image (Left_Element_Count)
+         return "expected "
+                  & UI_Image (Left_Element_Count, Format => Decimal)
                   & " element"
                   & Plural_Vs_Singular_Ending (Left_Element_Count)
-                  & "; found " & UI_Image (Right_Element_Count)
+                  & "; found "
+                  & UI_Image (Right_Element_Count, Format => Decimal)
                   & " element"
                   & Plural_Vs_Singular_Ending (Right_Element_Count);
+         --  "Format => Decimal" above is needed because otherwise UI_Image
+         --  can sometimes return a hexadecimal number 16#...#, but "#" means
+         --  something special to Errout. A previous version used the default
+         --  Auto, which was essentially the same bug as documented here:
+         --  https://xkcd.com/327/ .
       end Length_Mismatch_Info_Message;
 
       -----------------
@@ -10371,14 +10378,14 @@ package body Checks is
                            if L_Length > R_Length then
                               Add_Check
                                 (Compile_Time_Constraint_Error
-                                  (Wnode, "too few elements for}??", T_Typ,
+                                  (Wnode, "too few elements for}!!??", T_Typ,
                                    Extra_Msg => Length_Mismatch_Info_Message
                                                   (L_Length, R_Length)));
 
                            elsif L_Length < R_Length then
                               Add_Check
                                 (Compile_Time_Constraint_Error
-                                  (Wnode, "too many elements for}??", T_Typ,
+                                  (Wnode, "too many elements for}!!??", T_Typ,
                                    Extra_Msg => Length_Mismatch_Info_Message
                                                   (L_Length, R_Length)));
                            end if;
diff --git a/gcc/ada/sem_util.adb b/gcc/ada/sem_util.adb
index 4a12f080bcae..5d83956398b5 100644
--- a/gcc/ada/sem_util.adb
+++ b/gcc/ada/sem_util.adb
@@ -6691,8 +6691,6 @@ package body Sem_Util is
       Wmsg : Boolean;
       Eloc : Source_Ptr;
 
-   --  Start of processing for Compile_Time_Constraint_Error
-
    begin
       --  If this is a warning, convert it into an error if we are in code
       --  subject to SPARK_Mode being set On, unless Warn is True to force a
diff --git a/gcc/ada/uintp.adb b/gcc/ada/uintp.adb
index 921c1d279560..248298acded8 100644
--- a/gcc/ada/uintp.adb
+++ b/gcc/ada/uintp.adb
@@ -300,11 +300,9 @@ package body Uintp is
 
       function Better_In_Hex return Boolean is
          T16 : constant Valid_Uint := Uint_2**Int'(16);
-         A   : Valid_Uint;
+         A   : Valid_Uint := UI_Abs (Input);
 
       begin
-         A := UI_Abs (Input);
-
          --  Small values up to 2**16 can always be in decimal
 
          if A < T16 then