Malcolm: The state of static analysis in the GCC 12 compiler

by
corbet
from LWN.net on (#5Y3C5)
David Malcolm has posted anupdate on the state of static analysis in GCC 12.

Some other languages, such as Perl, can track input and flag anyvariable that should not be trusted because it was read from anoutside source such as a web form. Flagging variables in thismanner is called tainting. After a program runs the variablethrough a check, the variable can be untainted, a process calledsanitization.

Our GCC analyzer's taint mode is activated by-fanalyzer-checker=taint (which should be specified inaddition to -fanalyzer). Taint mode attempts to trackattacker-controlled values entering the program and to warn if theyare used without sanitization.

External Content
Source RSS or Atom Feed
Feed Location http://lwn.net/headlines/rss
Feed Title LWN.net
Feed Link https://lwn.net/
Reply 0 comments