diff options
| author | Hans Wennborg <hans@hanshq.net> | 2019-02-22 08:45:10 +0000 |
|---|---|---|
| committer | Hans Wennborg <hans@hanshq.net> | 2019-02-22 08:45:10 +0000 |
| commit | 90903f44d639117b8c57d061291f4ea2b542bd83 (patch) | |
| tree | 03b5651af9241186d9ad880ede4cde1dd0212d53 | |
| parent | 479033c4108f9556a4b7e6899163be2ef49c1fa7 (diff) | |
| download | clang-90903f44d639117b8c57d061291f4ea2b542bd83.tar.gz | |
ReleaseNotes: -ftrivial-auto-var-init
git-svn-id: https://llvm.org/svn/llvm-project/cfe/branches/release_80@354660 91177308-0d34-0410-b5e6-96231b3b80d8
| -rw-r--r-- | docs/ReleaseNotes.rst | 31 |
1 files changed, 31 insertions, 0 deletions
diff --git a/docs/ReleaseNotes.rst b/docs/ReleaseNotes.rst index c7d62933f4..4c593977e2 100644 --- a/docs/ReleaseNotes.rst +++ b/docs/ReleaseNotes.rst @@ -41,6 +41,37 @@ Major New Features example, due to renaming a class or namespace). See the :ref:`UsersManual <profile_remapping>` for details. +- Clang has new options to initialize automatic variables with either a pattern or with zeroes. The default is still that automatic variables are uninitialized. This isn't meant to change the semantics of C and C++. Rather, it's meant to be a last resort when programmers inadvertently have some undefined behavior in their code. These options aim to make undefined behavior hurt less, which security-minded people will be very happy about. Notably, this means that there's no inadvertent information leak when: + + * The compiler re-uses stack slots, and a value is used uninitialized. + + * The compiler re-uses a register, and a value is used uninitialized. + + * Stack structs / arrays / unions with padding are copied. + + These options only address stack and register information leaks. + + Caveats: + + * Variables declared in unreachable code and used later aren't initialized. This affects goto statements, Duff's device, and other objectionable uses of switch statements. This should instead be a hard-error in any serious codebase. + + * These options don't affect volatile stack variables. + + * Padding isn't fully handled yet. + + How to use it on the command line: + + * ``-ftrivial-auto-var-init=uninitialized`` (the default) + + * ``-ftrivial-auto-var-init=pattern`` + + * ``-ftrivial-auto-var-init=zero`` ``-enable-trivial-auto-var-init-zero-knowing-it-will-be-removed-from-clang`` + + There is also a new attribute to request a variable to not be initialized, mainly to disable initialization of large stack arrays when deemed too expensive: + + * ``int dont_initialize_me __attribute((uninitialized));`` + + Improvements to Clang's diagnostics ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ |