GCC 12's Static Analyzer Adds Taint Mode, Begins Assembly Support

Written by Michael Larabel in GNU on 13 April 2022 at 04:00 AM EDT. Add A Comment
GNU
Red Hat continues advancing the GNU Compiler Collection's static analysis capabilities. With the upcoming GCC 12 release are yet more improvements to this still-experimental static analyzer.

Introduced two years ago as part of GCC 10 was a built-in static analyzer accessible via the "-fanalyzer" option. It's been quite a useful addition to GCC though still in an experimental state but getting better with each feature release.

With GCC 12 due to be out in the coming weeks, David Malcolm of Red Hat who has been responsible for much of the -fanalyzer work provided an update on new capabilities.

The static analyzer in GCC 12 now has a warning around use of uninitialized values, a taint mode for C for variables that are untrusted for possible attacker-controlled values entering a program, and reducing the number of false positives emitted by the analyzer. Being able to use GCC's static analyzer on the Linux kernel has also been a focus for this annual development cycle.

It's been as part of the work to support the Linux kernel for static analysis that GCC's -fanalyzer has gained support for some inline Assembly code. Yet another area of focus has been on working towards C++ support, but that is still ongoing and expect to see much more work for GCC 13.

More details on Red Hat's work for improving GCC static analysis can be found via this Red Hat Developers blog post by David Malcolm.
Add A Comment
Related News
GNU Portability Library's Tool Rewritten In Python For 8~100x Better Performance
GCC 14 Compiler Adds AArch64 GNU/Hurd Support
GCC 14 Boasts Nice ASCII Art For Visualizing Buffer Overflows
GNU Poke 4.0 & Poke-ELF 1.0 Released For Dealing With Binary Data
GNU Coreutils 9.5 Can Yield 10~20% Throughput Boost For cp, mv & cat Commands
IBM Posts GCC Patches For -mcpu=power11 Support
About The Author
Michael Larabel

Michael Larabel is the principal author of Phoronix.com and founded the site in 2004 with a focus on enriching the Linux hardware experience. Michael has written more than 20,000 articles covering the state of Linux hardware support, Linux performance, graphics drivers, and other topics. Michael is also the lead developer of the Phoronix Test Suite, Phoromatic, and OpenBenchmarking.org automated benchmarking software. He can be followed via Twitter, LinkedIn, or contacted via MichaelLarabel.com.

Popular News This Week
Rust-Written LAVD Kernel Scheduler Shows Promising Results For Linux Gaming
Former Nouveau Lead Developer Joins NVIDIA, Continues Working On Open-Source Driver
Fedora Linux 40 Cleared For Release Next Week
AMD: "Additional Parts Of The Radeon Stack To Be Open Sourced Throughout The Year"
Fedora Linux 40 Available For Download As A Wonderful Upgrade
Mozilla Finally Begins Offering Firefox ARM64 Linux Binaries
openSUSE Factory Achieves Bit-By-Bit Reproducible Builds
Linux 6.10 Preps A Kernel Panic Screen - Sort Of A "Blue Screen of Death"