public inbox for gcc-cvs-wwwdocs@sourceware.org help / color / mirror / Atom feed
From: David Malcolm <dmalcolm@sourceware.org> To: gcc-cvs-wwwdocs@gcc.gnu.org Subject: gcc-wwwdocs branch master updated. 8b91d06aae7c55dd7265292240d0e0118980cf72 Date: Tue, 12 Apr 2022 14:00:52 +0000 (GMT) [thread overview] Message-ID: <20220412140052.5EBE53858D28@sourceware.org> (raw) This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "gcc-wwwdocs". The branch, master has been updated via 8b91d06aae7c55dd7265292240d0e0118980cf72 (commit) from 825e08cc639eb27289f8700431438d0909be10dc (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 8b91d06aae7c55dd7265292240d0e0118980cf72 Author: David Malcolm <dmalcolm@redhat.com> Date: Tue Apr 12 09:59:03 2022 -0400 gcc-12: analyzer changes diff --git a/htdocs/gcc-12/changes.html b/htdocs/gcc-12/changes.html index 4652304d..d907ed22 100644 --- a/htdocs/gcc-12/changes.html +++ b/htdocs/gcc-12/changes.html @@ -749,6 +749,121 @@ function Multiply (S1, S2 : Sign) return Sign is <!-- .................................................................. --> <!-- <h2>Documentation improvements</h2> --> +<h2 id="analyzer">Improvements to Static Analyzer</h2> +<ul> + <li>The analyzer has gained a <a href="https://gcc.gnu.org/onlinedocs/gcc/Static-Analyzer-Options.html#index-Wanalyzer-use-of-uninitialized-value"><code>-Wanalyzer-use-of-uninitialized-value</code></a> + warning, similar to + <a href="https://gcc.gnu.org/onlinedocs/gcc/Warning-Options.html#index-Wuninitialized"><code>-Wuninitialized</code></a> + and + <a href="https://gcc.gnu.org/onlinedocs/gcc/Warning-Options.html#index-Wmaybe-uninitialized"><code>-Wmaybe-uninitialized</code></a>, + but based on an interprocedural path-sensitive analysis + (<a href="https://gcc.gnu.org/PR95006">PR95006</a>). + <p>Such warnings are not disabled by the new + <a href="https://gcc.gnu.org/onlinedocs/gcc/Optimize-Options.html#index-ftrivial-auto-var-init"><code>-ftrivial-auto-var-init</code></a> + (see below), as the latter is considered a mitigation option.</p> + </li> + <li><a href="https://gcc.gnu.org/onlinedocs/gcc/Static-Analyzer-Options.html#index-Wanalyzer-write-to-const"><code>-Wanalyzer-write-to-const</code></a> + and + <a href="https://gcc.gnu.org/onlinedocs/gcc/Static-Analyzer-Options.html#index-Wanalyzer-write-to-string-literal"><code>-Wanalyzer-write-to-string-literal</code></a> + will now check for + <a href="https://gcc.gnu.org/onlinedocs/gcc/Common-Function-Attributes.html"><code>__attribute__ ((access, ....))</code></a> + on calls to externally-defined functions, and complain about read-only + regions pointed to by arguments marked with a <code>write_only</code> + or <code>read_write</code> attribute + (<a href="https://gcc.gnu.org/PR104793">PR104793</a>). + </li> + <li>The analyzer's "taint" mode, activated by + <a href="https://gcc.gnu.org/onlinedocs/gcc/Static-Analyzer-Options.html#index-fanalyzer-checker"><code>-fanalyzer-checker=taint</code></a> + (in addition to <a href="https://gcc.gnu.org/onlinedocs/gcc/Static-Analyzer-Options.html#index-fanalyzer"><code>-fanalyzer</code></a>), + has gained four new taint-based warnings: + <ul> + <li><a href="https://gcc.gnu.org/onlinedocs/gcc/Static-Analyzer-Options.html#index-Wanalyzer-tainted-allocation-size"><code>-Wanalyzer-tainted-allocation-size</code></a> + for e.g. attacker-controlled <code>malloc</code> + and <code>alloca</code>, + </li> + <li><a href="https://gcc.gnu.org/onlinedocs/gcc/Static-Analyzer-Options.html#index-Wanalyzer-tainted-divisor"><code>-Wanalyzer-tainted-divisor</code></a> + for detecting where an attacker can inject a divide-by-zero, + </li> + <li><a href="https://gcc.gnu.org/onlinedocs/gcc/Static-Analyzer-Options.html#index-Wanalyzer-tainted-offset"><code>-Wanalyzer-tainted-offset</code></a> + for attacker-controlled pointer offsets, + </li> + <li><a href="https://gcc.gnu.org/onlinedocs/gcc/Static-Analyzer-Options.html#index-Wanalyzer-tainted-size"><code>-Wanalyzer-tainted-size</code></a> + for attacker-controlled values being used as a size parameter to + calls to <code>memset</code> or to functions marked with + <a href="https://gcc.gnu.org/onlinedocs/gcc/Common-Function-Attributes.html"><code>__attribute__ ((access, ....))</code></a>. + </li> + </ul> + <p>The existing + <a href="https://gcc.gnu.org/onlinedocs/gcc/Static-Analyzer-Options.html#index-Wanalyzer-tainted-array-index"><code>-Wanalyzer-tainted-array-index</code></a> + has been reworded to talk about "attacker-controlled" rather than + "tainted" values, for consistency with the new warnings. + </p> + <p>A new <a href="https://gcc.gnu.org/onlinedocs/gcc/Common-Function-Attributes.html#index-tainted_005fargs-function-attribute"><code>__attribute__ ((tainted_args))</code></a> has been + added to the C and C++ frontends, usable on functions, and on + function pointer callback fields in structs. The analyzer's taint + mode will treat all parameters and buffers pointed to by parameters + of such functions as being attacked-controlled, such as for + annotating system calls in an operating system kernel as being an + "attack surface". + </p> + </li> + <li>The analyzer now respects + <a href="https://gcc.gnu.org/onlinedocs/gcc/Common-Function-Attributes.html#index-const-function-attribute"><code>__attribute__((const))</code></a>: + it will treat such functions as returning the same value when given + the same inputs (<a href="https://gcc.gnu.org/PR104434">PR104434</a>), + and as having no side effects (<a href="https://gcc.gnu.org/PR104576">PR104576</a>). + </li> + <li>The analyzer is now able to split its analysis into multiple + execution paths in places where there isn't a split in the control + flow graph. For example, it now handles <code>realloc</code> calls by + splitting the execution path into three possible outcomes for the + call: + <ul> + <li>failure, returning <code>NULL</code></li> + <li>success, growing the buffer in-place without moving it</li> + <li>success, allocating a new buffer, copying the content of the old + buffer to it, and freeing the old buffer</li> + </ul> + </li> + <li>The analyzer's interprocedural path exploration logic is now able to + track calls through function pointers. + </li> + <li>The analyzer now makes the assumption that if we know PTR is non-NULL, + then (PTR + OFFSET) is also non-NULL. This isn't strictly true, but + eliminates false positives in practice + (<a href="https://gcc.gnu.org/PR101962">PR101962</a>). + </li> + <li>The analyzer has gained some initial support for inline assembler + code. This is extremely limited, and is purely to help suppress + false positives when analyzing the Linux kernel, which makes heavy + use of inline assembler (<a href="https://gcc.gnu.org/PR101570">PR101570</a>). + </li> + <li>The way the analyzer tracks the state of memory along an execution + path has been improved in various ways for GCC 12: + <ul> + <li>An optimization for representing bulk updates to memory (e.g. + zero fills) has been removed as it never worked well. In GCC 12 + it has been replaced with a simpler and more accurate approach, + eliminating many false positives + (<a href="https://gcc.gnu.org/PR95006">PR95006</a>). + </li> + <li>Various optimizations have been added, speeding up the analysis + on a particularly problematic source file from 4 minutes down to + 17 seconds + (<a href="https://gcc.gnu.org/PR104943">PR104943</a>, + <a href="https://gcc.gnu.org/PR104954">PR104954</a>, and + <a href="https://gcc.gnu.org/PR104955">PR104955</a>). + </li> + <li>The analyzer now tracks the sizes of dynamically-allocated regions, + both on the heap (via <code>malloc</code> etc) and stack + (via <code>alloca</code>), though none of the analyzer warnings make + use of this yet in GCC 12.</li> + </ul> + </li> + <li>The analyzer's handling of switch statements has been rewritten, + fixing various bugs. + </li> +</ul> <!-- .................................................................. --> <!-- <h2 id="plugins">Improvements for plugin authors</h2> --> ----------------------------------------------------------------------- Summary of changes: htdocs/gcc-12/changes.html | 115 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 115 insertions(+) hooks/post-receive -- gcc-wwwdocs
reply other threads:[~2022-04-12 14:00 UTC|newest] Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=20220412140052.5EBE53858D28@sourceware.org \ --to=dmalcolm@sourceware.org \ --cc=gcc-cvs-wwwdocs@gcc.gnu.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).