GCC 12's Static Analyzer Adds Taint Mode, Begins Assembly Support

Written by Michael Larabel in GNU on 13 April 2022 at 04:00 AM EDT. Add A Comment
GNU
Red Hat continues advancing the GNU Compiler Collection's static analysis capabilities. With the upcoming GCC 12 release are yet more improvements to this still-experimental static analyzer.

Introduced two years ago as part of GCC 10 was a built-in static analyzer accessible via the "-fanalyzer" option. It's been quite a useful addition to GCC though still in an experimental state but getting better with each feature release.

With GCC 12 due to be out in the coming weeks, David Malcolm of Red Hat who has been responsible for much of the -fanalyzer work provided an update on new capabilities.

The static analyzer in GCC 12 now has a warning around use of uninitialized values, a taint mode for C for variables that are untrusted for possible attacker-controlled values entering a program, and reducing the number of false positives emitted by the analyzer. Being able to use GCC's static analyzer on the Linux kernel has also been a focus for this annual development cycle.

It's been as part of the work to support the Linux kernel for static analysis that GCC's -fanalyzer has gained support for some inline Assembly code. Yet another area of focus has been on working towards C++ support, but that is still ongoing and expect to see much more work for GCC 13.

More details on Red Hat's work for improving GCC static analysis can be found via this Red Hat Developers blog post by David Malcolm.
Add A Comment
Related News
Patches Posted For Review Adding COBOL Frontend To GCC Compiler
Glibc 2.41 Adds C23's sinpi / cospi / tanpi Functions
GCC 15 Ends Support For Altera Nios II Embedded Processors
GNU Linux-libre 6.12-gnu Continues Dealing With More Blobs In The Kernel
GCC 15 Compiler Development Shifts From Features To Bug Fixing
GCC 15 Moves C Default Language Version To C23
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week
OpenWrt Affected By Security Issue That Could Have Led To Compromised Build Artifacts
How AMD Is Taking Standard C/C++ Code To Run Directly On GPUs
Linux EFI Zboot Abandoning "Compression Library Museum", Focusing On Gzip & Zstd
Ptyxis Becomes Ubuntu's Recommended Replacement To GNOME Terminal
GNU Shepherd 1.0 Service Manager Released As "Solid Tool" Alternative To systemd
KDE Starts December By Landing A Number Of New Features
NTSYNC Linux Patches Revived To Help Boost Steam Play Gaming Performance
Rust-Based, Memory-Safe PNG Decoders "Vastly Outperform" C-Based PNG Libraries