public inbox for gcc-cvs-wwwdocs@sourceware.org
help / color / mirror / Atom feed
* gcc-wwwdocs branch master updated. 8b91d06aae7c55dd7265292240d0e0118980cf72
@ 2022-04-12 14:00 David Malcolm
  0 siblings, 0 replies; only message in thread
From: David Malcolm @ 2022-04-12 14:00 UTC (permalink / raw)
  To: gcc-cvs-wwwdocs

This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "gcc-wwwdocs".

The branch, master has been updated
       via  8b91d06aae7c55dd7265292240d0e0118980cf72 (commit)
      from  825e08cc639eb27289f8700431438d0909be10dc (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 8b91d06aae7c55dd7265292240d0e0118980cf72
Author: David Malcolm <dmalcolm@redhat.com>
Date:   Tue Apr 12 09:59:03 2022 -0400

    gcc-12: analyzer changes

diff --git a/htdocs/gcc-12/changes.html b/htdocs/gcc-12/changes.html
index 4652304d..d907ed22 100644
--- a/htdocs/gcc-12/changes.html
+++ b/htdocs/gcc-12/changes.html
@@ -749,6 +749,121 @@ function Multiply (S1, S2 : Sign) return Sign is
 <!-- .................................................................. -->
 <!-- <h2>Documentation improvements</h2> -->
 
+<h2 id="analyzer">Improvements to Static Analyzer</h2>
+<ul>
+  <li>The analyzer has gained a <a href="https://gcc.gnu.org/onlinedocs/gcc/Static-Analyzer-Options.html#index-Wanalyzer-use-of-uninitialized-value"><code>-Wanalyzer-use-of-uninitialized-value</code></a>
+    warning, similar to
+    <a href="https://gcc.gnu.org/onlinedocs/gcc/Warning-Options.html#index-Wuninitialized"><code>-Wuninitialized</code></a>
+    and
+    <a href="https://gcc.gnu.org/onlinedocs/gcc/Warning-Options.html#index-Wmaybe-uninitialized"><code>-Wmaybe-uninitialized</code></a>,
+    but based on an interprocedural path-sensitive analysis
+    (<a href="https://gcc.gnu.org/PR95006">PR95006</a>).
+    <p>Such warnings are not disabled by the new
+      <a href="https://gcc.gnu.org/onlinedocs/gcc/Optimize-Options.html#index-ftrivial-auto-var-init"><code>-ftrivial-auto-var-init</code></a>
+      (see below), as the latter is considered a mitigation option.</p>
+  </li>
+  <li><a href="https://gcc.gnu.org/onlinedocs/gcc/Static-Analyzer-Options.html#index-Wanalyzer-write-to-const"><code>-Wanalyzer-write-to-const</code></a>
+    and
+    <a href="https://gcc.gnu.org/onlinedocs/gcc/Static-Analyzer-Options.html#index-Wanalyzer-write-to-string-literal"><code>-Wanalyzer-write-to-string-literal</code></a>
+    will now check for
+    <a href="https://gcc.gnu.org/onlinedocs/gcc/Common-Function-Attributes.html"><code>__attribute__ ((access, ....))</code></a>
+    on calls to externally-defined functions, and complain about read-only
+    regions pointed to by arguments marked with a <code>write_only</code>
+    or <code>read_write</code> attribute
+    (<a href="https://gcc.gnu.org/PR104793">PR104793</a>).
+  </li>
+  <li>The analyzer's "taint" mode, activated by
+    <a href="https://gcc.gnu.org/onlinedocs/gcc/Static-Analyzer-Options.html#index-fanalyzer-checker"><code>-fanalyzer-checker=taint</code></a>
+    (in addition to <a href="https://gcc.gnu.org/onlinedocs/gcc/Static-Analyzer-Options.html#index-fanalyzer"><code>-fanalyzer</code></a>),
+    has gained four new taint-based warnings:
+    <ul>
+      <li><a href="https://gcc.gnu.org/onlinedocs/gcc/Static-Analyzer-Options.html#index-Wanalyzer-tainted-allocation-size"><code>-Wanalyzer-tainted-allocation-size</code></a>
+        for e.g. attacker-controlled <code>malloc</code>
+	and <code>alloca</code>,
+      </li>
+      <li><a href="https://gcc.gnu.org/onlinedocs/gcc/Static-Analyzer-Options.html#index-Wanalyzer-tainted-divisor"><code>-Wanalyzer-tainted-divisor</code></a>
+        for detecting where an attacker can inject a divide-by-zero,
+      </li>
+      <li><a href="https://gcc.gnu.org/onlinedocs/gcc/Static-Analyzer-Options.html#index-Wanalyzer-tainted-offset"><code>-Wanalyzer-tainted-offset</code></a>
+        for attacker-controlled pointer offsets,
+      </li>
+      <li><a href="https://gcc.gnu.org/onlinedocs/gcc/Static-Analyzer-Options.html#index-Wanalyzer-tainted-size"><code>-Wanalyzer-tainted-size</code></a>
+        for attacker-controlled values being used as a size parameter to
+	calls to <code>memset</code> or to functions marked with
+	<a href="https://gcc.gnu.org/onlinedocs/gcc/Common-Function-Attributes.html"><code>__attribute__ ((access, ....))</code></a>.
+      </li>
+    </ul>
+    <p>The existing
+      <a href="https://gcc.gnu.org/onlinedocs/gcc/Static-Analyzer-Options.html#index-Wanalyzer-tainted-array-index"><code>-Wanalyzer-tainted-array-index</code></a>
+      has been reworded to talk about "attacker-controlled" rather than
+      "tainted" values, for consistency with the new warnings.
+    </p>
+    <p>A new <a href="https://gcc.gnu.org/onlinedocs/gcc/Common-Function-Attributes.html#index-tainted_005fargs-function-attribute"><code>__attribute__ ((tainted_args))</code></a> has been
+      added to the C and C++ frontends, usable on functions, and on
+      function pointer callback fields in structs.  The analyzer's taint
+      mode will treat all parameters and buffers pointed to by parameters
+      of such functions as being attacked-controlled, such as for
+      annotating system calls in an operating system kernel as being an
+      "attack surface".
+    </p>
+  </li>
+  <li>The analyzer now respects
+    <a href="https://gcc.gnu.org/onlinedocs/gcc/Common-Function-Attributes.html#index-const-function-attribute"><code>__attribute__((const))</code></a>:
+    it will treat such functions as returning the same value when given
+    the same inputs (<a href="https://gcc.gnu.org/PR104434">PR104434</a>),
+    and as having no side effects (<a href="https://gcc.gnu.org/PR104576">PR104576</a>).
+    </li>
+  <li>The analyzer is now able to split its analysis into multiple
+    execution paths in places where there isn't a split in the control
+    flow graph.  For example, it now handles <code>realloc</code> calls by
+    splitting the execution path into three possible outcomes for the
+    call:
+    <ul>
+      <li>failure, returning <code>NULL</code></li>
+      <li>success, growing the buffer in-place without moving it</li>
+      <li>success, allocating a new buffer, copying the content of the old
+      buffer to it, and freeing the old buffer</li>
+    </ul>
+  </li>
+  <li>The analyzer's interprocedural path exploration logic is now able to
+    track calls through function pointers.
+  </li>
+  <li>The analyzer now makes the assumption that if we know PTR is non-NULL,
+    then (PTR + OFFSET) is also non-NULL.  This isn't strictly true, but
+    eliminates false positives in practice
+    (<a href="https://gcc.gnu.org/PR101962">PR101962</a>).
+  </li>
+  <li>The analyzer has gained some initial support for inline assembler
+    code.  This is extremely limited, and is purely to help suppress
+    false positives when analyzing the Linux kernel, which makes heavy
+    use of inline assembler (<a href="https://gcc.gnu.org/PR101570">PR101570</a>).
+  </li>
+  <li>The way the analyzer tracks the state of memory along an execution
+    path has been improved in various ways for GCC 12:
+    <ul>
+      <li>An optimization for representing bulk updates to memory (e.g.
+	zero fills) has been removed as it never worked well.  In GCC 12
+	it has been replaced with a simpler and more accurate approach,
+	eliminating many false positives
+	(<a href="https://gcc.gnu.org/PR95006">PR95006</a>).
+      </li>
+      <li>Various optimizations have been added, speeding up the analysis
+	on a particularly problematic source file from 4 minutes down to
+	17 seconds
+	(<a href="https://gcc.gnu.org/PR104943">PR104943</a>,
+	<a href="https://gcc.gnu.org/PR104954">PR104954</a>, and
+	<a href="https://gcc.gnu.org/PR104955">PR104955</a>).
+      </li>
+      <li>The analyzer now tracks the sizes of dynamically-allocated regions,
+	both on the heap (via <code>malloc</code> etc) and stack
+	(via <code>alloca</code>), though none of the analyzer warnings make
+	use of this yet in GCC 12.</li>
+    </ul>
+  </li>
+  <li>The analyzer's handling of switch statements has been rewritten,
+    fixing various bugs.
+  </li>
+</ul>
 
 <!-- .................................................................. -->
 <!-- <h2 id="plugins">Improvements for plugin authors</h2> -->

-----------------------------------------------------------------------

Summary of changes:
 htdocs/gcc-12/changes.html | 115 +++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 115 insertions(+)


hooks/post-receive
-- 
gcc-wwwdocs


^ permalink raw reply	[flat|nested] only message in thread

only message in thread, other threads:[~2022-04-12 14:00 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-04-12 14:00 gcc-wwwdocs branch master updated. 8b91d06aae7c55dd7265292240d0e0118980cf72 David Malcolm

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).