[llvm-branch-commits] [cfe-branch] r354660 - ReleaseNotes: -ftrivial-auto-var-init

Hans Wennborg via llvm-branch-commits llvm-branch-commits at lists.llvm.org
Fri Feb 22 00:45:10 PST 2019 

Author: hans
Date: Fri Feb 22 00:45:10 2019
New Revision: 354660

URL: http://llvm.org/viewvc/llvm-project?rev=354660&view=rev
Log:
ReleaseNotes: -ftrivial-auto-var-init

Modified:
    cfe/branches/release_80/docs/ReleaseNotes.rst

Modified: cfe/branches/release_80/docs/ReleaseNotes.rst
URL: http://llvm.org/viewvc/llvm-project/cfe/branches/release_80/docs/ReleaseNotes.rst?rev=354660&r1=354659&r2=354660&view=diff
==============================================================================
--- cfe/branches/release_80/docs/ReleaseNotes.rst (original)
+++ cfe/branches/release_80/docs/ReleaseNotes.rst Fri Feb 22 00:45:10 2019
@@ -41,6 +41,37 @@ Major New Features
   example, due to renaming a class or namespace).
   See the :ref:`UsersManual <profile_remapping>` for details.
 
+- Clang has new options to initialize automatic variables with either a pattern or with zeroes. The default is still that automatic variables are uninitialized. This isn't meant to change the semantics of C and C++. Rather, it's meant to be a last resort when programmers inadvertently have some undefined behavior in their code. These options aim to make undefined behavior hurt less, which security-minded people will be very happy about. Notably, this means that there's no inadvertent information leak when:
+
+    * The compiler re-uses stack slots, and a value is used uninitialized.
+
+    * The compiler re-uses a register, and a value is used uninitialized.
+
+    * Stack structs / arrays / unions with padding are copied.
+
+  These options only address stack and register information leaks.
+
+  Caveats:
+
+    * Variables declared in unreachable code and used later aren't initialized. This affects goto statements, Duff's device, and other objectionable uses of switch statements. This should instead be a hard-error in any serious codebase.
+
+    * These options don't affect volatile stack variables.
+
+    * Padding isn't fully handled yet.
+
+  How to use it on the command line:
+
+    * ``-ftrivial-auto-var-init=uninitialized`` (the default)
+
+    * ``-ftrivial-auto-var-init=pattern``
+
+    * ``-ftrivial-auto-var-init=zero`` ``-enable-trivial-auto-var-init-zero-knowing-it-will-be-removed-from-clang``
+
+  There is also a new attribute to request a variable to not be initialized, mainly to disable initialization of large stack arrays when deemed too expensive:
+
+    * ``int dont_initialize_me __attribute((uninitialized));``
+
+
 Improvements to Clang's diagnostics
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

More information about the llvm-branch-commits mailing list