From patchwork Tue Apr  3 20:54:09 2018
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Martin Sebor <msebor@gmail.com>
X-Patchwork-Id: 894779
Return-Path: 
 <gcc-patches-return-475793-incoming=patchwork.ozlabs.org@gcc.gnu.org>
X-Original-To: incoming@patchwork.ozlabs.org
Delivered-To: patchwork-incoming@bilbo.ozlabs.org
Authentication-Results: ozlabs.org;
	spf=pass (mailfrom) smtp.mailfrom=gcc.gnu.org
	(client-ip=209.132.180.131; helo=sourceware.org;
	envelope-from=gcc-patches-return-475793-incoming=patchwork.ozlabs.org@gcc.gnu.org;
	receiver=<UNKNOWN>)
Authentication-Results: ozlabs.org;
	dmarc=fail (p=none dis=none) header.from=gmail.com
Authentication-Results: ozlabs.org; dkim=pass (1024-bit key;
	unprotected) header.d=gcc.gnu.org header.i=@gcc.gnu.org
	header.b="E41v3YPD"; dkim-atps=neutral
Received: from sourceware.org (server1.sourceware.org [209.132.180.131])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256
	bits)) (No client certificate requested)
	by ozlabs.org (Postfix) with ESMTPS id 40G1YF3QqBz9s0n
	for <incoming@patchwork.ozlabs.org>;
	Wed,  4 Apr 2018 06:54:24 +1000 (AEST)
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gcc.gnu.org; h=list-id
	:list-unsubscribe:list-archive:list-post:list-help:sender:to
	:from:subject:message-id:date:mime-version:content-type; q=dns;
	s=default; b=r0NHmODSO05yPd0+hCSnp+XD4ex3HfPjhkrf2iKimMxIORIOA2
	B1zs4mXrQ3Br9tAqUTZHkE+meq+u2xzAiRfRkSwuc9PZua7swskeVuOGD6jRjp42
	ET6OsOnZubcwfnW4qv2smRBuL/p0iNmMeEozAByJq36DuyprEEE+Xmx5I=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=gcc.gnu.org; h=list-id
	:list-unsubscribe:list-archive:list-post:list-help:sender:to
	:from:subject:message-id:date:mime-version:content-type; s=
	default; bh=eOgplI7Tr6yxFsa8kA53mL0bwyA=; b=E41v3YPD0mbicDSrunCz
	f6VasvfWf265MHAl2um/dlMZo2vMv2GTOBdMYwRw96/K7SGC+HO6dzG+RQmyqlDz
	N7QtFq8KObl0ScCMe6R4mnFfQHfnRI3tTnykCU2IYPr0DOYdoD5V87rkI0H+TZxG
	GsvCPhkYNipXIkYGt/Va29M=
Received: (qmail 108955 invoked by alias); 3 Apr 2018 20:54:17 -0000
Mailing-List: contact gcc-patches-help@gcc.gnu.org; run by ezmlm
Precedence: bulk
List-Id: <gcc-patches.gcc.gnu.org>
List-Unsubscribe: 
 <mailto:gcc-patches-unsubscribe-incoming=patchwork.ozlabs.org@gcc.gnu.org>
List-Archive: <http://gcc.gnu.org/ml/gcc-patches/>
List-Post: <mailto:gcc-patches@gcc.gnu.org>
List-Help: <mailto:gcc-patches-help@gcc.gnu.org>
Sender: gcc-patches-owner@gcc.gnu.org
Delivered-To: mailing list gcc-patches@gcc.gnu.org
Received: (qmail 108943 invoked by uid 89); 3 Apr 2018 20:54:16 -0000
Authentication-Results: sourceware.org; auth=none
X-Virus-Found: No
X-Spam-SWARE-Status: No, score=-11.4 required=5.0 tests=AWL, BAYES_00,
	FREEMAIL_FROM, GIT_PATCH_2, GIT_PATCH_3, KAM_SHORT,
	RCVD_IN_DNSWL_NONE,
	SPF_PASS autolearn=ham version=3.3.2 spammy=qualified, jumping,
	doctype, UD:w3.org
X-HELO: mail-ot0-f177.google.com
Received: from mail-ot0-f177.google.com (HELO mail-ot0-f177.google.com)
	(74.125.82.177) by sourceware.org
	(qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP;
	Tue, 03 Apr 2018 20:54:14 +0000
Received: by mail-ot0-f177.google.com with SMTP id h26-v6so20934228otj.12
	for <gcc-patches@gcc.gnu.org>;
	Tue, 03 Apr 2018 13:54:14 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net;
	s=20161025;
	h=x-gm-message-state:to:from:subject:message-id:date:user-agent
	:mime-version; bh=RhIVERINOYfnK9jUkTSUhKjQeQ7CMobCfG0wQ8jHDtM=;
	b=bvOrRTpgzoLJfXF0T1szuYlQ3gt9WEIrh/E+d0IP6RUv99OY2b0hB6jCThdwzgdbfw
	AIhGZPIGUdfrPypi0SqeY8y5LFFmNvFxSaCtNs+vkAsexpK03JWLcHIPHgX6sqf+tpLh
	6E4RxZRQa9YroOkZThr87lZ6Jzt60QjsVREpfvfkDH9fxGJDo7Q92G/PKGRh65FiUVR0
	rCvUc9TMKzC04KKNq02i8u2B+zVCGAs/+18wHDQUfYnHFBVe60XRq/2Hbo5/vCsqjpan
	eQ0Ef+z+R7xTdVPYL9ibaCZSYDnnkNs4aSBkuUYUPhiYnkWDcBexfRrOCnPUOhqYiy5q
	nMJw==
X-Gm-Message-State: ALQs6tDa1K6tvI5V1pYstqfho4lKAGD/tgfMoYNpWslUikAldkyPzbaz
	fJsR2WijV8H23oUY+xFQXMvogw==
X-Google-Smtp-Source: 
 AIpwx487Vp9AznEi+eCDqL3duse5ozHZbi9Tke0JAn+CxbDaiaW20ayDMA9ZCp0ILWOltld/wN6r3g==
X-Received: by 2002:a9d:4d12:: with SMTP id
	n18-v6mr648428otf.170.1522788852511;
	Tue, 03 Apr 2018 13:54:12 -0700 (PDT)
Received: from localhost.localdomain (174-16-100-37.hlrn.qwest.net.
	[174.16.100.37]) by smtp.gmail.com with ESMTPSA id
	c49-v6sm2333599ote.79.2018.04.03.13.54.11 for
	<gcc-patches@gcc.gnu.org> (version=TLS1_2
	cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
	Tue, 03 Apr 2018 13:54:11 -0700 (PDT)
To: Gcc Patch List <gcc-patches@gcc.gnu.org>
From: Martin Sebor <msebor@gmail.com>
Subject: [wwwdocs] document new options in gcc-8/changes.html
Message-ID: <e62ca8ff-ff86-b7b7-fb2a-204f87744a2b@gmail.com>
Date: Tue, 3 Apr 2018 14:54:09 -0600
User-Agent: Mozilla/5.0 (X11; Linux x86_64;
	rv:45.0) Gecko/20100101 Thunderbird/45.8.0
MIME-Version: 1.0
X-IsSubscribed: yes

The attached changes add documentation of some of the options
I worked on for GCC 8.

The links to the GCC 8 manual don't work because there is no
gcc-8 documentation directory.  I have checked them by hand
by substituting the GCC 7 directory.  (I wonder: would it be
possible to populate the GCC 8 documentation directory ahead
of the release to make the checking easier?)

I fixed all the errors for the document pointed out by
the Markup Validator at https://validator.w3.org/check.

Martin

Index: changes.html
===================================================================
RCS file: /cvs/gcc/wwwdocs/htdocs/gcc-8/changes.html,v
retrieving revision 1.50
diff -u -r1.50 changes.html
--- changes.html	1 Apr 2018 22:19:57 -0000	1.50
+++ changes.html	3 Apr 2018 20:47:33 -0000
@@ -1,3 +1,4 @@
+<!doctype html system>
 <html>
 
 <head>
@@ -9,7 +10,7 @@
 -->
 
 <body>
-<h1>GCC 8 Release Series<br />Changes, New Features, and Fixes</h1>
+<h1>GCC 8 Release Series<br>Changes, New Features, and Fixes</h1>
 
 <p>
 This page is a "brief" summary of some of the huge number of improvements
@@ -108,6 +109,20 @@
     thus mitigate the attack vector that relies on jumping over
     a stack guard page as provided by the operating system.
   </li>
+  <li>
+    GCC has been enhanced to detect more instances of meaningless or
+    mutually exclusive attribute specifications and hande such conflicts
+    more consistently.  Mutually excclusive attribute specifications are
+    ignored with a warning regardless of whether they appear on the same
+    declaration or on distinct declarations of the same entitiy.  For
+    example, because the <code>noreturn</code> attribute on the second
+    declaration below is mutually exclusive with the <code>malloc</code>
+    attribute on the first, it is ignored and a warning is issued.
+    <pre>
+      void* __attribute__ ((malloc)) f (unsigned);
+      void* __attribute__ ((noreturn)) f (unsigned);
+
+      <span class="boldmagenta">warning: </span>ignoring attribute '<b>noreturn</b>' because it conflicts with attribute '<b>malloc</b>' [<span class="boldmagenta">-Wattributes</span>]</pre></li>
 </ul>
 
 
@@ -163,10 +178,41 @@
 <ul>
     <li>New command-line options have been added for the C and C++ compilers:
       <ul>
-	<li><code>-Wmultistatement-macros</code> warns about unsafe macros
-	expanding to multiple statements used as a body of a clause such
-	as <code>if</code>, <code>else</code>, <code>while</code>,
-	<code>switch</code>, or <code>for</code>.</li>
+	<li><code><a href="https://gcc.gnu.org/onlinedocs/gcc-8.1.0/gcc/Warning-Options.html#index-Wmultistatement-macros">-Wmultistatement-macros</a></code>
+	  warns about unsafe macros expanding to multiple statements used
+	  as a body of a statement such as <code>if</code>, <code>else</code>,
+	  <code>while</code>, <code>switch</code>, or <code>for</code>.</li>
+	<li><code><a href="https://gcc.gnu.org/onlinedocs/gcc-8.1.0/gcc/Warning-Options.html#index-Wstringop-truncation">-Wstringop-truncation</a></code>
+	  warns for calls to bounded string manipulation functions such as
+	  <code>strncat</code>, <code>strncpy</code>, and <code>stpncpy</code>
+	  that might either truncate the copied string or leave the destination
+	  unchanged.  For example, the following call to <code>strncat</code>
+	  is diagnosed because it appends just three of the four characters
+	  from the source string.<pre>
+	    void append (char *buf, size_t bufsize)
+	    {
+	        strncat (buf, ".txt", 3);
+	    }
+	    <span class="boldmagenta">warning: '</span><b>strncat</b>' output truncated copying 3 bytes from a string of length 4 [<span class="boldmagenta">-Wstringop-truncation</span>]</pre>
+	  Similarly, in the following example, the call to <code>strncpy</code>
+	  specifies the size of the destination buffer as the bound.  If the
+	  length of the source string is equal to or greater than this size
+	  the result of the copy will not be NUL-terminated.  Therefore,
+	  the call is also diagnosed.  To avoid the warning, specify
+	  <code>sizeof buf - 1</code> as the bound and set the last element of
+	  the buffer to NUL.<pre>
+	    void copy (const char *s)
+	    {
+	        char buf[80];
+	        strncpy (buf, s, sizeof buf);
+	        &hellip;
+	    }
+	    <span class="boldmagenta">warning: '</span><b>strncpy</b>' specified bound 80 equals destination size [<span class="boldmagenta">-Wstringop-truncation</span>]</pre>
+	  The <code>-Wstringop-truncation</code> option is included in
+	  <code>-Wall</code>.<br>
+	  Note that due to GCC bug <a href="https://gcc.gnu.org/bugzilla/show_bug.cgi?id=82944" title="missing -Wstringop-truncation on strncpy due to system header macro">82944</a>, defining <code>strncat</code>, <code>strncpy</code>,
+	  or <code>stpncpy</code> as a macro in a system header as some
+	  implementations do suppresses the warning.</li>
       </ul>
     </li>
     <li><code>-fno-strict-overflow</code> is now mapped to
@@ -174,11 +220,57 @@
      is now undefined by default at all optimization levels.  Using
      <code>-fsanitize=signed-integer-overflow</code> is now the preferred
      way to audit code, <code>-Wstrict-overflow</code> is deprecated.</li>
+    <li>The <code><a href="https://gcc.gnu.org/onlinedocs/gcc-8.1.0/gcc/Warning-Options.html#index-Warray-bounds">-Warray-bounds</a></code> option has been
+      improved to detect more instances of out-of-bounds array indices and
+      pointer offsets.  For example, negative or excessive indices into
+      flexible array members and string literals are detected.</li>
+    <li>The <code><a href="https://gcc.gnu.org/onlinedocs/gcc-8.1.0/gcc/Warning-Options.html#index-Wrestrict">-Wrestrict</a></code> option introduced in
+      GCC 7 has been enhanced to detect many more instances of overlapping
+      accesses to objects via <code>restrict</code>-qualified arguments to
+      standard memory and string manipulation functions such as
+      <code>memcpy</code> and <code>strcpy</code>.  For example,
+      the <code>strcpy</code> call in the function below attempts to truncate
+      the string by replacing its initial characters with the last four.
+      However, because the function writes the terminating NUL into
+      <code>a[4]</code>, the copies overlap and the call is diagnosed.<pre>
+	void f (void)
+	{
+	    char a[] = "abcd1234";
+	    strcpy (a, a + 4);
+	    &hellip;
+	}</pre>
+      The <code>-Wrestrict</code> option is included in <code>-Wall</code>.
+    </li>
+    <li>Several optimizer enhancements have enabled improvements to
+      the <code><a href="https://gcc.gnu.org/onlinedocs/gcc-8.1.0/gcc/Warning-Options.html#index-Wformat-overflow">-Wformat-overflow</a></code> and
+      <code><a href="https://gcc.gnu.org/onlinedocs/gcc-8.1.0/gcc/Warning-Options.html#index-Wformat-truncation">-Wformat-truncation</a></code> options.
+      The warnings detect more instances of buffer overflow and truncation
+      than in GCC 7 and are better at avoiding certain kinds of false
+      positives.</li>
 </ul>
 
 <h3 id="cxx">C++</h3>
 <ul>
-  <li></li>
+  <li>New command-line options have been added for the C++ compiler:
+    <ul>
+      <li><code><a href="https://gcc.gnu.org/onlinedocs/gcc/C_002b_002b-Dialect-Options.html#index-Wclass-memaccess">-Wclass-memaccess</a></code> warns
+      when objects of non-trivial class types are manipulated in potentially
+      unsafe ways by raw memory functions such as <code>memcpy</code>, or
+      <code>realloc</code>.  The warning helps detect calls that bypass
+      user-defined constructors or copy-assignment operators, corrupt
+      virtual table pointers, data members of <code>const</code>-qualified
+      types or references, or member pointers.  The warning also detects
+      calls that would bypass access controls to data members.  For example,
+      a call such as:
+      <pre>
+	memcpy (&amp;std::cout, &amp;std::cerr, sizeof std::cout);</pre>
+      results in
+      <pre>
+	<span class="boldmagenta">warning: </span>'<b>void* memcpy(void*, const void*, long unsigned int)</b>' writing to an object of type 'std::ostream' {aka 'class std::basic_ostream&lt;char&gt;'} with no trivial copy-assignment [<span class="boldmagenta">-Wclass-memaccess</span>]</pre>
+      The <code>-Wclass-memaccess</code> is included in <code>-Wall</code>.
+      </li>
+  </ul>
+</li>
 </ul>
 
 <h3 id="fortran">Fortran</h3>