This is the mail archive of the mailing list for the GCC project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

[wwwdocs] document new options in gcc-8/changes.html

The attached changes add documentation of some of the options
I worked on for GCC 8.

The links to the GCC 8 manual don't work because there is no
gcc-8 documentation directory.  I have checked them by hand
by substituting the GCC 7 directory.  (I wonder: would it be
possible to populate the GCC 8 documentation directory ahead
of the release to make the checking easier?)

I fixed all the errors for the document pointed out by
the Markup Validator at

Index: changes.html
RCS file: /cvs/gcc/wwwdocs/htdocs/gcc-8/changes.html,v
retrieving revision 1.50
diff -u -r1.50 changes.html
--- changes.html	1 Apr 2018 22:19:57 -0000	1.50
+++ changes.html	3 Apr 2018 20:47:33 -0000
@@ -1,3 +1,4 @@
+<!doctype html system>
@@ -9,7 +10,7 @@
-<h1>GCC 8 Release Series<br />Changes, New Features, and Fixes</h1>
+<h1>GCC 8 Release Series<br>Changes, New Features, and Fixes</h1>
 This page is a "brief" summary of some of the huge number of improvements
@@ -108,6 +109,20 @@
     thus mitigate the attack vector that relies on jumping over
     a stack guard page as provided by the operating system.
+  <li>
+    GCC has been enhanced to detect more instances of meaningless or
+    mutually exclusive attribute specifications and hande such conflicts
+    more consistently.  Mutually excclusive attribute specifications are
+    ignored with a warning regardless of whether they appear on the same
+    declaration or on distinct declarations of the same entitiy.  For
+    example, because the <code>noreturn</code> attribute on the second
+    declaration below is mutually exclusive with the <code>malloc</code>
+    attribute on the first, it is ignored and a warning is issued.
+    <pre>
+      void* __attribute__ ((malloc)) f (unsigned);
+      void* __attribute__ ((noreturn)) f (unsigned);
+      <span class="boldmagenta">warning: </span>ignoring attribute '<b>noreturn</b>' because it conflicts with attribute '<b>malloc</b>' [<span class="boldmagenta">-Wattributes</span>]</pre></li>
@@ -163,10 +178,41 @@
     <li>New command-line options have been added for the C and C++ compilers:
-	<li><code>-Wmultistatement-macros</code> warns about unsafe macros
-	expanding to multiple statements used as a body of a clause such
-	as <code>if</code>, <code>else</code>, <code>while</code>,
-	<code>switch</code>, or <code>for</code>.</li>
+	<li><code><a href="";>-Wmultistatement-macros</a></code>
+	  warns about unsafe macros expanding to multiple statements used
+	  as a body of a statement such as <code>if</code>, <code>else</code>,
+	  <code>while</code>, <code>switch</code>, or <code>for</code>.</li>
+	<li><code><a href="";>-Wstringop-truncation</a></code>
+	  warns for calls to bounded string manipulation functions such as
+	  <code>strncat</code>, <code>strncpy</code>, and <code>stpncpy</code>
+	  that might either truncate the copied string or leave the destination
+	  unchanged.  For example, the following call to <code>strncat</code>
+	  is diagnosed because it appends just three of the four characters
+	  from the source string.<pre>
+	    void append (char *buf, size_t bufsize)
+	    {
+	        strncat (buf, ".txt", 3);
+	    }
+	    <span class="boldmagenta">warning: '</span><b>strncat</b>' output truncated copying 3 bytes from a string of length 4 [<span class="boldmagenta">-Wstringop-truncation</span>]</pre>
+	  Similarly, in the following example, the call to <code>strncpy</code>
+	  specifies the size of the destination buffer as the bound.  If the
+	  length of the source string is equal to or greater than this size
+	  the result of the copy will not be NUL-terminated.  Therefore,
+	  the call is also diagnosed.  To avoid the warning, specify
+	  <code>sizeof buf - 1</code> as the bound and set the last element of
+	  the buffer to NUL.<pre>
+	    void copy (const char *s)
+	    {
+	        char buf[80];
+	        strncpy (buf, s, sizeof buf);
+	        &hellip;
+	    }
+	    <span class="boldmagenta">warning: '</span><b>strncpy</b>' specified bound 80 equals destination size [<span class="boldmagenta">-Wstringop-truncation</span>]</pre>
+	  The <code>-Wstringop-truncation</code> option is included in
+	  <code>-Wall</code>.<br>
+	  Note that due to GCC bug <a href=""; title="missing -Wstringop-truncation on strncpy due to system header macro">82944</a>, defining <code>strncat</code>, <code>strncpy</code>,
+	  or <code>stpncpy</code> as a macro in a system header as some
+	  implementations do suppresses the warning.</li>
     <li><code>-fno-strict-overflow</code> is now mapped to
@@ -174,11 +220,57 @@
      is now undefined by default at all optimization levels.  Using
      <code>-fsanitize=signed-integer-overflow</code> is now the preferred
      way to audit code, <code>-Wstrict-overflow</code> is deprecated.</li>
+    <li>The <code><a href="";>-Warray-bounds</a></code> option has been
+      improved to detect more instances of out-of-bounds array indices and
+      pointer offsets.  For example, negative or excessive indices into
+      flexible array members and string literals are detected.</li>
+    <li>The <code><a href="";>-Wrestrict</a></code> option introduced in
+      GCC 7 has been enhanced to detect many more instances of overlapping
+      accesses to objects via <code>restrict</code>-qualified arguments to
+      standard memory and string manipulation functions such as
+      <code>memcpy</code> and <code>strcpy</code>.  For example,
+      the <code>strcpy</code> call in the function below attempts to truncate
+      the string by replacing its initial characters with the last four.
+      However, because the function writes the terminating NUL into
+      <code>a[4]</code>, the copies overlap and the call is diagnosed.<pre>
+	void f (void)
+	{
+	    char a[] = "abcd1234";
+	    strcpy (a, a + 4);
+	    &hellip;
+	}</pre>
+      The <code>-Wrestrict</code> option is included in <code>-Wall</code>.
+    </li>
+    <li>Several optimizer enhancements have enabled improvements to
+      the <code><a href="";>-Wformat-overflow</a></code> and
+      <code><a href="";>-Wformat-truncation</a></code> options.
+      The warnings detect more instances of buffer overflow and truncation
+      than in GCC 7 and are better at avoiding certain kinds of false
+      positives.</li>
 <h3 id="cxx">C++</h3>
-  <li></li>
+  <li>New command-line options have been added for the C++ compiler:
+    <ul>
+      <li><code><a href="";>-Wclass-memaccess</a></code> warns
+      when objects of non-trivial class types are manipulated in potentially
+      unsafe ways by raw memory functions such as <code>memcpy</code>, or
+      <code>realloc</code>.  The warning helps detect calls that bypass
+      user-defined constructors or copy-assignment operators, corrupt
+      virtual table pointers, data members of <code>const</code>-qualified
+      types or references, or member pointers.  The warning also detects
+      calls that would bypass access controls to data members.  For example,
+      a call such as:
+      <pre>
+	memcpy (&amp;std::cout, &amp;std::cerr, sizeof std::cout);</pre>
+      results in
+      <pre>
+	<span class="boldmagenta">warning: </span>'<b>void* memcpy(void*, const void*, long unsigned int)</b>' writing to an object of type 'std::ostream' {aka 'class std::basic_ostream&lt;char&gt;'} with no trivial copy-assignment [<span class="boldmagenta">-Wclass-memaccess</span>]</pre>
+      The <code>-Wclass-memaccess</code> is included in <code>-Wall</code>.
+      </li>
+  </ul>
 <h3 id="fortran">Fortran</h3>

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]