GCC 12 Adds Stack Variable Auto-Initialization, Other Security Improvements Forthcoming

Written by Michael Larabel in GNU on 23 September 2021 at 07:17 AM EDT. 20 Comments
GNU
Qing Zhao of Oracle presented yesterday during the LPC2021 GNU Tools Track around the work they and others have been engaged in for improving the security of the GNU Compiler Collection (GCC).

In some areas this GCC security work is about catching up with security features already implemented by LLVM Clang. Among the features have been for zeroing out caller-used registers on return, auto initializing of stack variables, unsigned overflow detection, and more. For instance with GCC 11 is the zero-call-used-regs compiler feature and now with Linux 5.15 that feature can be optionally used to enhance the kernel security.

Slipping under our radar earlier this month was that GCC 12 has landed stack variable auto-initialization. This new GCC 12 security feature can be turned on with the "-ftrivial-auto-var-init=zero" compiler switch. LLVM/Clang saw this security option posted back in 2018.


With the stack variable auto initialization, it leaves GCC still needing to support speculative load hardening, unsigned overflow protection, and control flow integrity improvements to match the Clang security features.

Those wishing to learn more about the GCC security work ongoing by Oracle and others can see the presentation below along with the slides.

Related News
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week