Message ID | e62ca8ff-ff86-b7b7-fb2a-204f87744a2b@gmail.com |
---|---|
State | New |
Headers | show |
Series | [wwwdocs] document new options in gcc-8/changes.html | expand |
Hi,
On 03/04/2018 22:54, Martin Sebor wrote:
> + mutually exclusive attribute specifications and hande such conflicts
handle
Thanks,
Paolo.
Hi again ;)
On 03/04/2018 22:54, Martin Sebor wrote:
> + more consistently. Mutually excclusive attribute specifications are
exclusive
Paolo.
Oh my,
On 03/04/2018 22:54, Martin Sebor wrote:
> + declaration or on distinct declarations of the same entitiy. For
entity
It's getting late here in Italy, I would recommend a systematic check of
the typos.
Paolo.
Attached is an updated diff rebased on top of the latest revision of the file. This new version fixes the typos Paolo pointed out (thanks) and adds a few more options: -Wmissing-attributes, -Wif-not-aligned, and -Wpacked-not-aligned. I used a spell-checker this time to (hopefully) minimize the typos. The rest of the changes are described here: https://gcc.gnu.org/ml/gcc-patches/2018-04/msg00121.html Martin Index: changes.html =================================================================== RCS file: /cvs/gcc/wwwdocs/htdocs/gcc-8/changes.html,v retrieving revision 1.52 diff -u -r1.52 changes.html --- changes.html 4 Apr 2018 17:43:03 -0000 1.52 +++ changes.html 4 Apr 2018 22:21:49 -0000 @@ -1,4 +1,4 @@ -<html> +<!doctype html system> <head> <title>GCC 8 Release Series — Changes, New Features, and Fixes</title> @@ -9,7 +9,7 @@ --> <body> -<h1>GCC 8 Release Series<br />Changes, New Features, and Fixes</h1> +<h1>GCC 8 Release Series<br>Changes, New Features, and Fixes</h1> <p> This page is a "brief" summary of some of the huge number of improvements @@ -113,6 +113,20 @@ possible for the user to have a finer-grained control over the loop unrolling optimization. </li> + <li> + GCC has been enhanced to detect more instances of meaningless or + mutually exclusive attribute specifications and handle such conflicts + more consistently. Mutually exclusive attribute specifications are + ignored with a warning regardless of whether they appear on the same + declaration or on distinct declarations of the same entity. For + example, because the <code>noreturn</code> attribute on the second + declaration below is mutually exclusive with the <code>malloc</code> + attribute on the first, it is ignored and a warning is issued. + <pre> + void* __attribute__ ((malloc)) f (unsigned); + void* __attribute__ ((noreturn)) f (unsigned); + + <span class="boldmagenta">warning: </span>ignoring attribute '<b>noreturn</b>' because it conflicts with attribute '<b>malloc</b>' [<span class="boldmagenta">-Wattributes</span>]</pre></li> </ul> @@ -172,10 +186,77 @@ <ul> <li>New command-line options have been added for the C and C++ compilers: <ul> - <li><code>-Wmultistatement-macros</code> warns about unsafe macros - expanding to multiple statements used as a body of a clause such - as <code>if</code>, <code>else</code>, <code>while</code>, - <code>switch</code>, or <code>for</code>.</li> + <li><code><a href="https://gcc.gnu.org/onlinedocs/gcc-8.1.0/gcc/Warning-Options.html#index-Wmultistatement-macros">-Wmultistatement-macros</a></code> + warns about unsafe macros expanding to multiple statements used + as a body of a statement such as <code>if</code>, <code>else</code>, + <code>while</code>, <code>switch</code>, or <code>for</code>.</li> + <li><code><a href="https://gcc.gnu.org/onlinedocs/gcc-8.1.0/gcc/Warning-Options.html#index-Wstringop-truncation">-Wstringop-truncation</a></code> + warns for calls to bounded string manipulation functions such as + <code>strncat</code>, <code>strncpy</code>, and <code>stpncpy</code> + that might either truncate the copied string or leave the destination + unchanged. For example, the following call to <code>strncat</code> + is diagnosed because it appends just three of the four characters + from the source string.<pre> + void append (char *buf, size_t bufsize) + { + strncat (buf, ".txt", 3); + } + <span class="boldmagenta">warning: '</span><b>strncat</b>' output truncated copying 3 bytes from a string of length 4 [<span class="boldmagenta">-Wstringop-truncation</span>]</pre> + Similarly, in the following example, the call to <code>strncpy</code> + specifies the size of the destination buffer as the bound. If the + length of the source string is equal to or greater than this size + the result of the copy will not be NUL-terminated. Therefore, + the call is also diagnosed. To avoid the warning, specify + <code>sizeof buf - 1</code> as the bound and set the last element of + the buffer to NUL.<pre> + void copy (const char *s) + { + char buf[80]; + strncpy (buf, s, sizeof buf); + … + } + <span class="boldmagenta">warning: '</span><b>strncpy</b>' specified bound 80 equals destination size [<span class="boldmagenta">-Wstringop-truncation</span>]</pre> + The <code>-Wstringop-truncation</code> option is included in + <code>-Wall</code>.<br> + Note that due to GCC bug <a href="https://gcc.gnu.org/bugzilla/show_bug.cgi?id=82944" title="missing -Wstringop-truncation on strncpy due to system header macro">82944</a>, defining <code>strncat</code>, <code>strncpy</code>, + or <code>stpncpy</code> as a macro in a system header as some + implementations do suppresses the warning.</li> + <li><code><a href="https://gcc.gnu.org/onlinedocs/gcc-8.1.0/gcc/Warning-Options.html#index-Wif-not-aligned">-Wif-not-aligned</a></code> controls warnings issued in response + to invalid uses of objects declared with attribute + <code><a href="https://gcc.gnu.org/onlinedocs/gcc-8.1.0/gcc/Common-Variable-Attributes.html#index-warn_005fif_005fnot_005faligned-variable-attribute">warn_if_not_aligned</a></code>.<br> + The <code>-Wif-not-aligned</code> option is included in + <code>-Wall</code>.</li> + <li><code><a href="https://gcc.gnu.org/onlinedocs/gcc-8.1.0/gcc/Warning-Options.html#index-Wmissing-attributes">-Wmissing-attributes</a></code> warns + when a declaration of a function is missing one or more attributes + that a related function is declared with and whose absence may + adversely affect the correctness or efficiency of generated code. + For example, in C++, the warning is issued when an explicit + specialization of a primary template declared with attribute + <code>alloc_align</code>, <code>alloc_size</code>, + <code>assume_aligned</code>, <code>format</code>, + <code>format_arg</code>, <code>malloc</code>, or <code>nonnull</code> + is declared without it. Attributes <code>deprecated</code>, + <code>error</code>, and <code>warning</code> suppress the warning. + <br> + The <code>-Wmissing-attributes</code> option is included in + <code>-Wall</code>.</li> + <li><code><a href="https://gcc.gnu.org/onlinedocs/gcc-8.1.0/gcc/Warning-Options.html#index-Wpacked-not-aligned">-Wpacked-not-aligned</a></code> warns + when a <code>struct</code> or <code>union</code> declared with + attribute <code>packed</code> defines a member with an explicitly + specified alignment greater than 1. Such a member will wind up + under-aligned. For example, a warning will be issued for + the definition of <code>struct A</code> in the following: + <pre> + struct __attribute__ ((aligned (8))) + S8 { char a[8]; }; + + struct __attribute__ ((packed)) A + { + struct S8 s8; + }; + <span class="boldmagenta">warning: </span> alignment 1 of .<b>struct S</b>. is less than 8 [<span class="boldmagenta">-Wpacked-not-aligned</span></pre> + The <code>-Wpacked-not-aligned</code> option is included in + <code>-Wall</code>.</li> </ul> </li> <li><code>-fno-strict-overflow</code> is now mapped to @@ -183,6 +264,33 @@ is now undefined by default at all optimization levels. Using <code>-fsanitize=signed-integer-overflow</code> is now the preferred way to audit code, <code>-Wstrict-overflow</code> is deprecated.</li> + <li>The <code><a href="https://gcc.gnu.org/onlinedocs/gcc-8.1.0/gcc/Warning-Options.html#index-Warray-bounds">-Warray-bounds</a></code> option has been + improved to detect more instances of out-of-bounds array indices and + pointer offsets. For example, negative or excessive indices into + flexible array members and string literals are detected.</li> + <li>The <code><a href="https://gcc.gnu.org/onlinedocs/gcc-8.1.0/gcc/Warning-Options.html#index-Wrestrict">-Wrestrict</a></code> option introduced in + GCC 7 has been enhanced to detect many more instances of overlapping + accesses to objects via <code>restrict</code>-qualified arguments to + standard memory and string manipulation functions such as + <code>memcpy</code> and <code>strcpy</code>. For example, + the <code>strcpy</code> call in the function below attempts to truncate + the string by replacing its initial characters with the last four. + However, because the function writes the terminating NUL into + <code>a[4]</code>, the copies overlap and the call is diagnosed.<pre> + void f (void) + { + char a[] = "abcd1234"; + strcpy (a, a + 4); + … + }</pre> + The <code>-Wrestrict</code> option is included in <code>-Wall</code>. + </li> + <li>Several optimizer enhancements have enabled improvements to + the <code><a href="https://gcc.gnu.org/onlinedocs/gcc-8.1.0/gcc/Warning-Options.html#index-Wformat-overflow">-Wformat-overflow</a></code> and + <code><a href="https://gcc.gnu.org/onlinedocs/gcc-8.1.0/gcc/Warning-Options.html#index-Wformat-truncation">-Wformat-truncation</a></code> options. + The warnings detect more instances of buffer overflow and truncation + than in GCC 7 and are better at avoiding certain kinds of false + positives.</li> <li>When reporting mismatching argument types at a function call, the C and C++ compilers now underline both the argument and the pertinent parameter in the declaration. @@ -272,6 +380,28 @@ <h3 id="cxx">C++</h3> <ul> + <li>New command-line options have been added for the C++ compiler to + control warnings: + <ul> + <li><code><a href="https://gcc.gnu.org/onlinedocs/gcc/C_002b_002b-Dialect-Options.html#index-Wclass-memaccess">-Wclass-memaccess</a></code> warns + when objects of non-trivial class types are manipulated in potentially + unsafe ways by raw memory functions such as <code>memcpy</code>, or + <code>realloc</code>. The warning helps detect calls that bypass + user-defined constructors or copy-assignment operators, corrupt + virtual table pointers, data members of <code>const</code>-qualified + types or references, or member pointers. The warning also detects + calls that would bypass access controls to data members. For example, + a call such as: + <pre> + memcpy (&std::cout, &std::cerr, sizeof std::cout);</pre> + results in + <pre> + <span class="boldmagenta">warning: </span>'<b>void* memcpy(void*, const void*, long unsigned int)</b>' writing to an object of type 'std::ostream' {aka 'class std::basic_ostream<char>'} with no trivial copy-assignment [<span class="boldmagenta">-Wclass-memaccess</span>]</pre> + The <code>-Wclass-memaccess</code> option is included in + <code>-Wall</code>. + </li> + </ul> +</li> <li>When reporting on attempts to access private fields of a class or struct, the C++ compiler will now offer fix-it hints showing how to use an accessor function to get at the field in question, if one exists.
Hi Martin
On 05/04/2018 00:28, Martin Sebor wrote:
> + implementations do suppresses the warning.</li>
suppress
Paolo.
Ping: https://gcc.gnu.org/ml/gcc-patches/2018-04/msg00219.html There's one outstanding typo that Paolo noticed since I posted the update. I'll fix that before committing. On 04/04/2018 04:28 PM, Martin Sebor wrote: > Attached is an updated diff rebased on top of the latest revision > of the file. This new version fixes the typos Paolo pointed out > (thanks) and adds a few more options: > > -Wmissing-attributes, -Wif-not-aligned, and -Wpacked-not-aligned. > > I used a spell-checker this time to (hopefully) minimize the typos. > > The rest of the changes are described here: > https://gcc.gnu.org/ml/gcc-patches/2018-04/msg00121.html > > Martin
OK. On Wed, Apr 11, 2018 at 3:13 PM, Martin Sebor <msebor@gmail.com> wrote: > Ping: https://gcc.gnu.org/ml/gcc-patches/2018-04/msg00219.html > > There's one outstanding typo that Paolo noticed since I posted > the update. I'll fix that before committing. > > > On 04/04/2018 04:28 PM, Martin Sebor wrote: >> >> Attached is an updated diff rebased on top of the latest revision >> of the file. This new version fixes the typos Paolo pointed out >> (thanks) and adds a few more options: >> >> -Wmissing-attributes, -Wif-not-aligned, and -Wpacked-not-aligned. >> >> I used a spell-checker this time to (hopefully) minimize the typos. >> >> The rest of the changes are described here: >> https://gcc.gnu.org/ml/gcc-patches/2018-04/msg00121.html >> >> Martin > >
On 04/04/2018 05:03 PM, Paolo Carlini wrote: > Hi Martin > > On 05/04/2018 00:28, Martin Sebor wrote: >> + implementations do suppresses the warning.</li> > suppress I was about to fix this but re-reading the full sentence made me realize it's correct as is: Note that due to GCC bug 82944, defining strncat, strncpy, or stpncpy as a macro in a system header as some implementations do suppresses the warning. I've added a comma after the suppresses to make it clearer and checked in revision 1.63. Martin
On Wed, Apr 11, 2018 at 10:02 PM, Martin Sebor <msebor@gmail.com> wrote: > On 04/04/2018 05:03 PM, Paolo Carlini wrote: >> >> Hi Martin >> >> On 05/04/2018 00:28, Martin Sebor wrote: >>> >>> + implementations do suppresses the warning.</li> >> >> suppress > > > I was about to fix this but re-reading the full sentence made > me realize it's correct as is: > > Note that due to GCC bug 82944, defining strncat, strncpy, or > stpncpy as a macro in a system header as some implementations > do suppresses the warning. > > I've added a comma after the suppresses to make it clearer and > checked in revision 1.63. Sounds good, though you will also want a matching comma after "system header". Jason
Index: changes.html =================================================================== RCS file: /cvs/gcc/wwwdocs/htdocs/gcc-8/changes.html,v retrieving revision 1.50 diff -u -r1.50 changes.html --- changes.html 1 Apr 2018 22:19:57 -0000 1.50 +++ changes.html 3 Apr 2018 20:47:33 -0000 @@ -1,3 +1,4 @@ +<!doctype html system> <html> <head> @@ -9,7 +10,7 @@ --> <body> -<h1>GCC 8 Release Series<br />Changes, New Features, and Fixes</h1> +<h1>GCC 8 Release Series<br>Changes, New Features, and Fixes</h1> <p> This page is a "brief" summary of some of the huge number of improvements @@ -108,6 +109,20 @@ thus mitigate the attack vector that relies on jumping over a stack guard page as provided by the operating system. </li> + <li> + GCC has been enhanced to detect more instances of meaningless or + mutually exclusive attribute specifications and hande such conflicts + more consistently. Mutually excclusive attribute specifications are + ignored with a warning regardless of whether they appear on the same + declaration or on distinct declarations of the same entitiy. For + example, because the <code>noreturn</code> attribute on the second + declaration below is mutually exclusive with the <code>malloc</code> + attribute on the first, it is ignored and a warning is issued. + <pre> + void* __attribute__ ((malloc)) f (unsigned); + void* __attribute__ ((noreturn)) f (unsigned); + + <span class="boldmagenta">warning: </span>ignoring attribute '<b>noreturn</b>' because it conflicts with attribute '<b>malloc</b>' [<span class="boldmagenta">-Wattributes</span>]</pre></li> </ul> @@ -163,10 +178,41 @@ <ul> <li>New command-line options have been added for the C and C++ compilers: <ul> - <li><code>-Wmultistatement-macros</code> warns about unsafe macros - expanding to multiple statements used as a body of a clause such - as <code>if</code>, <code>else</code>, <code>while</code>, - <code>switch</code>, or <code>for</code>.</li> + <li><code><a href="https://gcc.gnu.org/onlinedocs/gcc-8.1.0/gcc/Warning-Options.html#index-Wmultistatement-macros">-Wmultistatement-macros</a></code> + warns about unsafe macros expanding to multiple statements used + as a body of a statement such as <code>if</code>, <code>else</code>, + <code>while</code>, <code>switch</code>, or <code>for</code>.</li> + <li><code><a href="https://gcc.gnu.org/onlinedocs/gcc-8.1.0/gcc/Warning-Options.html#index-Wstringop-truncation">-Wstringop-truncation</a></code> + warns for calls to bounded string manipulation functions such as + <code>strncat</code>, <code>strncpy</code>, and <code>stpncpy</code> + that might either truncate the copied string or leave the destination + unchanged. For example, the following call to <code>strncat</code> + is diagnosed because it appends just three of the four characters + from the source string.<pre> + void append (char *buf, size_t bufsize) + { + strncat (buf, ".txt", 3); + } + <span class="boldmagenta">warning: '</span><b>strncat</b>' output truncated copying 3 bytes from a string of length 4 [<span class="boldmagenta">-Wstringop-truncation</span>]</pre> + Similarly, in the following example, the call to <code>strncpy</code> + specifies the size of the destination buffer as the bound. If the + length of the source string is equal to or greater than this size + the result of the copy will not be NUL-terminated. Therefore, + the call is also diagnosed. To avoid the warning, specify + <code>sizeof buf - 1</code> as the bound and set the last element of + the buffer to NUL.<pre> + void copy (const char *s) + { + char buf[80]; + strncpy (buf, s, sizeof buf); + … + } + <span class="boldmagenta">warning: '</span><b>strncpy</b>' specified bound 80 equals destination size [<span class="boldmagenta">-Wstringop-truncation</span>]</pre> + The <code>-Wstringop-truncation</code> option is included in + <code>-Wall</code>.<br> + Note that due to GCC bug <a href="https://gcc.gnu.org/bugzilla/show_bug.cgi?id=82944" title="missing -Wstringop-truncation on strncpy due to system header macro">82944</a>, defining <code>strncat</code>, <code>strncpy</code>, + or <code>stpncpy</code> as a macro in a system header as some + implementations do suppresses the warning.</li> </ul> </li> <li><code>-fno-strict-overflow</code> is now mapped to @@ -174,11 +220,57 @@ is now undefined by default at all optimization levels. Using <code>-fsanitize=signed-integer-overflow</code> is now the preferred way to audit code, <code>-Wstrict-overflow</code> is deprecated.</li> + <li>The <code><a href="https://gcc.gnu.org/onlinedocs/gcc-8.1.0/gcc/Warning-Options.html#index-Warray-bounds">-Warray-bounds</a></code> option has been + improved to detect more instances of out-of-bounds array indices and + pointer offsets. For example, negative or excessive indices into + flexible array members and string literals are detected.</li> + <li>The <code><a href="https://gcc.gnu.org/onlinedocs/gcc-8.1.0/gcc/Warning-Options.html#index-Wrestrict">-Wrestrict</a></code> option introduced in + GCC 7 has been enhanced to detect many more instances of overlapping + accesses to objects via <code>restrict</code>-qualified arguments to + standard memory and string manipulation functions such as + <code>memcpy</code> and <code>strcpy</code>. For example, + the <code>strcpy</code> call in the function below attempts to truncate + the string by replacing its initial characters with the last four. + However, because the function writes the terminating NUL into + <code>a[4]</code>, the copies overlap and the call is diagnosed.<pre> + void f (void) + { + char a[] = "abcd1234"; + strcpy (a, a + 4); + … + }</pre> + The <code>-Wrestrict</code> option is included in <code>-Wall</code>. + </li> + <li>Several optimizer enhancements have enabled improvements to + the <code><a href="https://gcc.gnu.org/onlinedocs/gcc-8.1.0/gcc/Warning-Options.html#index-Wformat-overflow">-Wformat-overflow</a></code> and + <code><a href="https://gcc.gnu.org/onlinedocs/gcc-8.1.0/gcc/Warning-Options.html#index-Wformat-truncation">-Wformat-truncation</a></code> options. + The warnings detect more instances of buffer overflow and truncation + than in GCC 7 and are better at avoiding certain kinds of false + positives.</li> </ul> <h3 id="cxx">C++</h3> <ul> - <li></li> + <li>New command-line options have been added for the C++ compiler: + <ul> + <li><code><a href="https://gcc.gnu.org/onlinedocs/gcc/C_002b_002b-Dialect-Options.html#index-Wclass-memaccess">-Wclass-memaccess</a></code> warns + when objects of non-trivial class types are manipulated in potentially + unsafe ways by raw memory functions such as <code>memcpy</code>, or + <code>realloc</code>. The warning helps detect calls that bypass + user-defined constructors or copy-assignment operators, corrupt + virtual table pointers, data members of <code>const</code>-qualified + types or references, or member pointers. The warning also detects + calls that would bypass access controls to data members. For example, + a call such as: + <pre> + memcpy (&std::cout, &std::cerr, sizeof std::cout);</pre> + results in + <pre> + <span class="boldmagenta">warning: </span>'<b>void* memcpy(void*, const void*, long unsigned int)</b>' writing to an object of type 'std::ostream' {aka 'class std::basic_ostream<char>'} with no trivial copy-assignment [<span class="boldmagenta">-Wclass-memaccess</span>]</pre> + The <code>-Wclass-memaccess</code> is included in <code>-Wall</code>. + </li> + </ul> +</li> </ul> <h3 id="fortran">Fortran</h3>