GCC 12's Static Analyzer Adds Taint Mode, Begins Assembly Support
Introduced two years ago as part of GCC 10 was a built-in static analyzer accessible via the "-fanalyzer" option. It's been quite a useful addition to GCC though still in an experimental state but getting better with each feature release.
With GCC 12 due to be out in the coming weeks, David Malcolm of Red Hat who has been responsible for much of the -fanalyzer work provided an update on new capabilities.
The static analyzer in GCC 12 now has a warning around use of uninitialized values, a taint mode for C for variables that are untrusted for possible attacker-controlled values entering a program, and reducing the number of false positives emitted by the analyzer. Being able to use GCC's static analyzer on the Linux kernel has also been a focus for this annual development cycle.
It's been as part of the work to support the Linux kernel for static analysis that GCC's -fanalyzer has gained support for some inline Assembly code. Yet another area of focus has been on working towards C++ support, but that is still ongoing and expect to see much more work for GCC 13.
More details on Red Hat's work for improving GCC static analysis can be found via this Red Hat Developers blog post by David Malcolm.