Jeff Law
Jeff Law's contributions
Stack clash mitigation in GCC, Part 3
Jeff Law
Discover the design principles and performance improvements behind GCC's code generation strategies for defending against stack clash attacks.
Stack Clash mitigation in GCC: Why -fstack-check is not the answer
Jeff Law
This article covers how the -fstack-check capability in GCC works and explains why it is insufficient for mitigating Stack Clash attacks.
Stack Clash Mitigation in GCC -- Background
Jeff Law
It has long been recognized that unconstrained growth of memory usage constitutes a potential denial of service vulnerability. Qualys has shown that such unconstrained growth can be combined with other vulnerabilities and exploited in ways that are more serious. Typically, the heap and stack of a process start at opposite ends of the unused address space and grow towards each other. This maximizes the flexibility to grow the regions over the course of execution of the program without apriori knowing...
Upcoming features in GCC 6
Jeff Law
The GCC project has traditionally made major releases yearly in the March/April timeframe. March is rapidly approaching and the GCC project's engineers are busy polishing things up for the GCC 6 release. I'm going to take a short break from my own release efforts to briefly talk about some of the new features. Warnings GCC strives to implement warnings which help developers catch errors at compile time rather than allow potentially dangerous code to be silently accepted and ultimately deployed...
GCC 5 in Fedora
Jeff Law
+4
Fedora 22 will ship with GCC 5, which brings a whole host of enhancements, among which is a new default C++ ABI. In this article, we'll cover how that ABI transition will work in Fedora. Background - what's an ABI, why is it changing, and what does this mean for developers? Put simply, binary compatibility means applications that are compiled on a combination of an operating system and a particular hardware architecture will load and run similarly across different instances...
Red Hat Enterprise Linux 7 GCC Optimizations - partial inlining indepth
Jeff Law
+1
In this prior post we mentioned several new optimization improvements in GCC for Red Hat Enterprise Linux 7. It's time to dig a little deeper. In this post we will focus on partial inlining/function outlining which are part of the Inter-Procedural Analysis (IPA) framework. Function inlining is a well known technique to improve application performance by expanding the body of a called function into one or more of its call site(s). Function inlining decreases function call overhead, may improve icache...
Improvements in memstomp
Jeff Law
memstomp is an interposition library to detect cases where applications may exhibit undefined behaviour when calling routines within the C library (glibc). The first version of memstomp was focused on detecting cases where source and destination memory regions passed to C library routines such as memcpy overlapped in ways not allowed by the ISO C standard. Matt Newsome's blog post shows how to utilize memstomp to find that class of bugs. For many years, GCC has attempted to eliminate unnecessary...
What’s new in GCC for Red Hat Enterprise Linux 7
Jeff Law
With the recent release of Red Hat Enterprise Linux 7, we have some great new features to pass along. In this post we walk through GCC 4.8 and see what is new for developers. The GNU Compiler Collection, or “gcc” as we like to call it, is a core component of Red Hat Enterprise Linux 7 and provides compilers and runtime libraries for several statically compiled languages, including C, C++ & Fortran. At one level or another, every component of...
Stack clash mitigation in GCC, Part 3
Jeff Law
Discover the design principles and performance improvements behind GCC's code generation strategies for defending against stack clash attacks.
Stack Clash mitigation in GCC: Why -fstack-check is not the answer
Jeff Law
This article covers how the -fstack-check capability in GCC works and explains why it is insufficient for mitigating Stack Clash attacks.
Stack Clash Mitigation in GCC -- Background
Jeff Law
It has long been recognized that unconstrained growth of memory usage constitutes a potential denial of service vulnerability. Qualys has shown that such unconstrained growth can be combined with other vulnerabilities and exploited in ways that are more serious. Typically, the heap and stack of a process start at opposite ends of the unused address space and grow towards each other. This maximizes the flexibility to grow the regions over the course of execution of the program without apriori knowing...
Upcoming features in GCC 6
Jeff Law
The GCC project has traditionally made major releases yearly in the March/April timeframe. March is rapidly approaching and the GCC project's engineers are busy polishing things up for the GCC 6 release. I'm going to take a short break from my own release efforts to briefly talk about some of the new features. Warnings GCC strives to implement warnings which help developers catch errors at compile time rather than allow potentially dangerous code to be silently accepted and ultimately deployed...
GCC 5 in Fedora
Jeff Law
+4
Fedora 22 will ship with GCC 5, which brings a whole host of enhancements, among which is a new default C++ ABI. In this article, we'll cover how that ABI transition will work in Fedora. Background - what's an ABI, why is it changing, and what does this mean for developers? Put simply, binary compatibility means applications that are compiled on a combination of an operating system and a particular hardware architecture will load and run similarly across different instances...
Red Hat Enterprise Linux 7 GCC Optimizations - partial inlining indepth
Jeff Law
+1
In this prior post we mentioned several new optimization improvements in GCC for Red Hat Enterprise Linux 7. It's time to dig a little deeper. In this post we will focus on partial inlining/function outlining which are part of the Inter-Procedural Analysis (IPA) framework. Function inlining is a well known technique to improve application performance by expanding the body of a called function into one or more of its call site(s). Function inlining decreases function call overhead, may improve icache...
Improvements in memstomp
Jeff Law
memstomp is an interposition library to detect cases where applications may exhibit undefined behaviour when calling routines within the C library (glibc). The first version of memstomp was focused on detecting cases where source and destination memory regions passed to C library routines such as memcpy overlapped in ways not allowed by the ISO C standard. Matt Newsome's blog post shows how to utilize memstomp to find that class of bugs. For many years, GCC has attempted to eliminate unnecessary...
What’s new in GCC for Red Hat Enterprise Linux 7
Jeff Law
With the recent release of Red Hat Enterprise Linux 7, we have some great new features to pass along. In this post we walk through GCC 4.8 and see what is new for developers. The GNU Compiler Collection, or “gcc” as we like to call it, is a core component of Red Hat Enterprise Linux 7 and provides compilers and runtime libraries for several statically compiled languages, including C, C++ & Fortran. At one level or another, every component of...