This article sheds light on how warnings work in GCC, why some warnings are false, and when warnings might not be output. Also discussed are the trade-offs made when implementing checks in GCC.
To detect common programming errors, GCC 8 contains a number of new warnings and enhancements to existing checkers to help find non-obvious bugs in C and C++ code. This article focuses on those that deal with inadvertent string truncation and discusses some of the approaches to avoiding the underlying problems.
Overview The week of April 3, I attended a meeting of WG14, the C standardization committee, in Markham, ON. Markham is a suburb of Toronto about 40 minutes drive north. Unlike Toronto itself, it's not a particularly interesting destination. We had four days of rain followed by snow, freezing temperatures, and the wind, which was perfect for spending time indoors and made it easy to resist any temptation to go sightseeing. Location The meeting was hosted by IBM at their...
A few months ago, I had to write some internal GCC passes to perform static analysis on the GNU C Library (glibc). I figured I might as well write them as plugins since they were unlikely to see the light of day outside of my little sandbox. Being a long time GCC contributor, but having no experience writing plugins I thought it'd be a good way to eat our own dog food, and perhaps write about my experience. Unfortunately, I...
Introduction GCC has a rich set of features designed to help detect many kinds of programming errors. Of particular interest are those that corrupt the memory of a running program and, in some cases, makes it vulnerable to security threats. Since 2006, GCC has provided a solution to detect and prevent a subset of buffer overflows in C and C++ programs. Although it is based on compiler technology, it's best known under the name Fortify Source derived from the synonymous...
Trip Report: October 2016 WG14 Meeting In October 2016, I attended the WG14 (C language committee) meeting in Pittsburgh, Pennsylvania. The meeting was hosted by the Computer Emergency Response Team ( CERT) at the Software Engineering Institute ( SEI) at Carnegie Mellon University ( CMU). We had 25 representatives from 18 organizations in attendance, including CERT, Cisco, IBM, INRIA, Intel, LDRA, Oracle, Perennial, Plum Hall, Siemens, and the University of Cambridge. It was a productive four days spent on two...
Continued from Part 1. Static Initialization The C and C++ standards specify that ...the default (zero) initialization for objects with static or thread-local storage duration is guaranteed to produce a valid state. This means that, for example, defining an atomic object at file scope without an initializer as shown below is guaranteed to initialize it to a default state and default (zero) value. atomic_int counter; Other than zero-initialization, the standards require that atomic objects with static and thread storage duration...
Introduction Following the lead of C++, along with a memory model describing the requirements and semantics of multithreaded programs, the C11 standard adopted a proposal for a set of atomic types and operations into the language. This change has made it possible to write portable multi-threaded software that efficiently manipulates objects indivisibly and without data races. The atomic types are fully interoperable between the two languages so that programs can be developed that share objects of atomic types across the...
