From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: by sourceware.org (Postfix, from userid 2209) id 5EBE53858D28; Tue, 12 Apr 2022 14:00:52 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 5EBE53858D28 To: gcc-cvs-wwwdocs@gcc.gnu.org Subject: gcc-wwwdocs branch master updated. 8b91d06aae7c55dd7265292240d0e0118980cf72 X-Git-Refname: refs/heads/master X-Git-Reftype: branch X-Git-Oldrev: 825e08cc639eb27289f8700431438d0909be10dc X-Git-Newrev: 8b91d06aae7c55dd7265292240d0e0118980cf72 Message-Id: <20220412140052.5EBE53858D28@sourceware.org> Date: Tue, 12 Apr 2022 14:00:52 +0000 (GMT) From: David Malcolm X-BeenThere: gcc-cvs-wwwdocs@gcc.gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Gcc-cvs-wwwdocs mailing list List-Unsubscribe: , List-Archive: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 12 Apr 2022 14:00:52 -0000 This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "gcc-wwwdocs". The branch, master has been updated via 8b91d06aae7c55dd7265292240d0e0118980cf72 (commit) from 825e08cc639eb27289f8700431438d0909be10dc (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 8b91d06aae7c55dd7265292240d0e0118980cf72 Author: David Malcolm Date: Tue Apr 12 09:59:03 2022 -0400 gcc-12: analyzer changes diff --git a/htdocs/gcc-12/changes.html b/htdocs/gcc-12/changes.html index 4652304d..d907ed22 100644 --- a/htdocs/gcc-12/changes.html +++ b/htdocs/gcc-12/changes.html @@ -749,6 +749,121 @@ function Multiply (S1, S2 : Sign) return Sign is +

Improvements to Static Analyzer

+
    +
  • The analyzer has gained a -Wanalyzer-use-of-uninitialized-value + warning, similar to + -Wuninitialized + and + -Wmaybe-uninitialized, + but based on an interprocedural path-sensitive analysis + (PR95006). +

    Such warnings are not disabled by the new + -ftrivial-auto-var-init + (see below), as the latter is considered a mitigation option.

    +
    • +
  • -Wanalyzer-write-to-const + and + -Wanalyzer-write-to-string-literal + will now check for + __attribute__ ((access, ....)) + on calls to externally-defined functions, and complain about read-only + regions pointed to by arguments marked with a write_only + or read_write attribute + (PR104793). +
    • +
  • The analyzer's "taint" mode, activated by + -fanalyzer-checker=taint + (in addition to -fanalyzer), + has gained four new taint-based warnings: + +

    The existing + -Wanalyzer-tainted-array-index + has been reworded to talk about "attacker-controlled" rather than + "tainted" values, for consistency with the new warnings. +

    +

    A new __attribute__ ((tainted_args)) has been + added to the C and C++ frontends, usable on functions, and on + function pointer callback fields in structs. The analyzer's taint + mode will treat all parameters and buffers pointed to by parameters + of such functions as being attacked-controlled, such as for + annotating system calls in an operating system kernel as being an + "attack surface". +

    +
    • +
  • The analyzer now respects + __attribute__((const)): + it will treat such functions as returning the same value when given + the same inputs (PR104434), + and as having no side effects (PR104576). +
    • +
  • The analyzer is now able to split its analysis into multiple + execution paths in places where there isn't a split in the control + flow graph. For example, it now handles realloc calls by + splitting the execution path into three possible outcomes for the + call: +
      +
    • failure, returning NULL
      • +
    • success, growing the buffer in-place without moving it
      • +
    • success, allocating a new buffer, copying the content of the old + buffer to it, and freeing the old buffer
      • +
    +
    • +
  • The analyzer's interprocedural path exploration logic is now able to + track calls through function pointers. +
    • +
  • The analyzer now makes the assumption that if we know PTR is non-NULL, + then (PTR + OFFSET) is also non-NULL. This isn't strictly true, but + eliminates false positives in practice + (PR101962). +
    • +
  • The analyzer has gained some initial support for inline assembler + code. This is extremely limited, and is purely to help suppress + false positives when analyzing the Linux kernel, which makes heavy + use of inline assembler (PR101570). +
    • +
  • The way the analyzer tracks the state of memory along an execution + path has been improved in various ways for GCC 12: +
      +
    • An optimization for representing bulk updates to memory (e.g. + zero fills) has been removed as it never worked well. In GCC 12 + it has been replaced with a simpler and more accurate approach, + eliminating many false positives + (PR95006). +
      • +
    • Various optimizations have been added, speeding up the analysis + on a particularly problematic source file from 4 minutes down to + 17 seconds + (PR104943, + PR104954, and + PR104955). +
      • +
    • The analyzer now tracks the sizes of dynamically-allocated regions, + both on the heap (via malloc etc) and stack + (via alloca), though none of the analyzer warnings make + use of this yet in GCC 12.
      • +
    +
    • +
  • The analyzer's handling of switch statements has been rewritten, + fixing various bugs. +
    • +
----------------------------------------------------------------------- Summary of changes: htdocs/gcc-12/changes.html | 115 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 115 insertions(+) hooks/post-receive -- gcc-wwwdocs