GCC 12's Static Analyzer Adds Taint Mode, Begins Assembly Support

Written by Michael Larabel in GNU on 13 April 2022 at 04:00 AM EDT. Add A Comment
Red Hat continues advancing the GNU Compiler Collection's static analysis capabilities. With the upcoming GCC 12 release are yet more improvements to this still-experimental static analyzer.

Introduced two years ago as part of GCC 10 was a built-in static analyzer accessible via the "-fanalyzer" option. It's been quite a useful addition to GCC though still in an experimental state but getting better with each feature release.

With GCC 12 due to be out in the coming weeks, David Malcolm of Red Hat who has been responsible for much of the -fanalyzer work provided an update on new capabilities.

The static analyzer in GCC 12 now has a warning around use of uninitialized values, a taint mode for C for variables that are untrusted for possible attacker-controlled values entering a program, and reducing the number of false positives emitted by the analyzer. Being able to use GCC's static analyzer on the Linux kernel has also been a focus for this annual development cycle.

It's been as part of the work to support the Linux kernel for static analysis that GCC's -fanalyzer has gained support for some inline Assembly code. Yet another area of focus has been on working towards C++ support, but that is still ongoing and expect to see much more work for GCC 13.

More details on Red Hat's work for improving GCC static analysis can be found via this Red Hat Developers blog post by David Malcolm.
Related News
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week