Dieser Inhalt ist in der von Ihnen ausgewählten Sprache nicht verfügbar.
Chapter 16. Compilers and development tools
16.1. Changes in toolchain since RHEL 7
The following sections list changes in toolchain since the release of the described components in Red Hat Enterprise Linux 7. See also Release notes for Red Hat Enterprise Linux 8.0.
16.1.1. Changes in GCC in RHEL 8
In Red Hat Enterprise Linux 8, the GCC toolchain is based on the GCC 8.2 release series. Notable changes since Red Hat Enterprise Linux 7 include:
- Numerous general optimizations have been added, such as alias analysis, vectorizer improvements, identical code folding, inter-procedural analysis, store merging optimization pass, and others.
- The Address Sanitizer has been improved.
- The Leak Sanitizer for detection of memory leaks has been added.
- The Undefined Behavior Sanitizer for detection of undefined behavior has been added.
- Debug information can now be produced in the DWARF5 format. This capability is experimental.
- The source code coverage analysis tool GCOV has been extended with various improvements.
- Support for the OpenMP 4.5 specification has been added. Additionally, the offloading features of the OpenMP 4.0 specification are now supported by the C, C++, and Fortran compilers.
- New warnings and improved diagnostics have been added for static detection of certain likely programming errors.
- Source locations are now tracked as ranges rather than points, which allows much richer diagnostics. The compiler now offers “fix-it” hints, suggesting possible code modifications. A spell checker has been added to offer alternative names and ease detecting typos.
Security
GCC has been extended to provide tools to ensure additional hardening of the generated code. Improvements related to security include:
-
The
__builtin_add_overflow
,__builtin_sub_overflow
, and__builtin_mul_overflow
built-in functions for arithmetics with overflow checking have been added. -
The
-fstack-clash-protection
option has been added to generate additional code guarding against stack clash. -
The
-fcf-protection
option was introduced to check target addresses of control-flow instructions for increased program security. -
The new
-Wstringop-truncation
warning option lists calls to bounded string manipulation functions such asstrncat
,strncpy
, orstpncpy
that might truncate the copied string or leave the destination unchanged. -
The
-Warray-bounds
warning option has been improved to detect out-of-bounds array indices and pointer offsets better. -
The
-Wclass-memaccess
warning option has been added to warn about potentially unsafe manipulation of objects of non-trivial class types by raw memory access functions such asmemcpy
orrealloc
.
Architecture and processor support
Improvements to architecture and processor support include:
- Multiple new architecture-specific options for the Intel AVX-512 architecture, a number of its microarchitectures, and Intel Software Guard Extensions (SGX) have been added.
- Code generation can now target the 64-bit ARM architecture LSE extensions, ARMv8.2-A 16-bit Floating-Point Extensions (FPE), and ARMv8.2-A, ARMv8.3-A, and ARMv8.4-A architecture versions.
-
Handling of the
-march=native
option on the ARM and 64-bit ARM architectures has been fixed. - Support for the z13 and z14 processors of the 64-bit IBM Z architecture has been added.
Languages and standards
Notable changes related to languages and standards include:
- The default standard used when compiling code in the C language has changed to C17 with GNU extensions.
- The default standard used when compiling code in the C++ language has changed to C++14 with GNU extensions.
- The C++ runtime library now supports the C++11 and C++14 standards.
-
The C++ compiler now implements the C++14 standard with many new features such as variable templates, aggregates with non-static data member initializers, the extended
constexpr
specifier, sized deallocation functions, generic lambdas, variable-length arrays, digit separators, and others. - Support for the C language standard C11 has been improved: ISO C11 atomics, generic selections, and thread-local storage are now available.
-
The new
__auto_type
GNU C extension provides a subset of the functionality of C++11auto
keyword in the C language. -
The
_FloatN
and_FloatNx
type names specified by the ISO/IEC TS 18661-3:2015 standard are now recognized by the C front end. -
The default standard used when compiling code in the C language has changed to C17 with GNU extensions. This has the same effect as using the
--std=gnu17
option. Previously, the default was C89 with GNU extensions. - GCC can now experimentally compile code using the C++17 language standard and certain features from the C++20 standard.
- Passing an empty class as an argument now takes up no space on the Intel 64 and AMD64 architectures, as required by the platform ABI. Passing or returning a class with only deleted copy and move constructors now uses the same calling convention as a class with a non-trivial copy or move constructor.
-
The value returned by the C++11
alignof
operator has been corrected to match the C_Alignof
operator and return minimum alignment. To find the preferred alignment, use the GNU extension__alignof__
. -
The main version of the
libgfortran
library for Fortran language code has been changed to 5. - Support for the Ada (GNAT), GCC Go, and Objective C/C++ languages has been removed. Use the Go Toolset for Go code development.
Additional resources
- See also the Red Hat Enterprise Linux 8 Release Notes.
- Using Go Toolset
16.1.2. Security enhancements in GCC in RHEL 8
This following are changes in GCC related to security and added since the release of Red Hat Enterprise Linux 7.0.
New warnings
These warning options have been added:
Option | Displays warnings for |
---|---|
|
Calls to bounded string manipulation functions such as |
|
Objects of non-trivial class types manipulated in potentially unsafe ways by raw memory functions such as The warning helps detect calls that bypass user-defined constructors or copy-assignment operators, corrupt virtual table pointers, data members of const-qualified types or references, or member pointers. The warning also detects calls that would bypass access controls to data members. |
| Places where the indentation of the code gives a misleading idea of the block structure of the code to a human reader. |
|
Calls to memory allocation functions where the amount of memory to allocate exceeds size. Works also with functions where the allocation is specified by multiplying two parameters and with any functions decorated with attribute |
|
Calls to memory allocation functions that attempt to allocate zero amount of memory. Works also with functions where the allocation is specified by multiplying two parameters and with any functions decorated with attribute |
|
All calls to the |
|
Calls to the |
| Definitions of Variable Length Arrays (VLA) that can either exceed the specified size or whose bound is not known to be sufficiently constrained. |
|
Both certain and likely buffer overflow in calls to the |
|
Both certain and likely output truncation in calls to the |
|
Buffer overflow in calls to string handling functions such as |
Warning improvements
These GCC warnings have been improved:
-
The
-Warray-bounds
option has been improved to detect more instances of out-of-bounds array indices and pointer offsets. For example, negative or excessive indices into flexible array members and string literals are detected. -
The
-Wrestrict
option introduced in GCC 7 has been enhanced to detect many more instances of overlapping accesses to objects via restrict-qualified arguments to standard memory and string manipulation functions such asmemcpy
andstrcpy
. -
The
-Wnonnull
option has been enhanced to detect a broader set of cases of passing null pointers to functions that expect a non-null argument (decorated with attributenonnull
).
New UndefinedBehaviorSanitizer
A new run-time sanitizer for detecting undefined behavior called UndefinedBehaviorSanitizer has been added. The following options are noteworthy:
Option | Check |
---|---|
| Detect floating-point division by zero. |
| Check that the result of floating-point type to integer conversions do not overflow. |
| Enable instrumentation of array bounds and detect out-of-bounds accesses. |
| Enable alignment checking and detect various misaligned objects. |
| Enable object size checking and detect various out-of-bounds accesses. |
| Enable checking of C++ member function calls, member accesses, and some conversions between pointers to base and derived classes. Additionally, detect when referenced objects do not have correct dynamic type. |
|
Enable strict checking of array bounds. This enables |
| Diagnose arithmetic overflows even on arithmetic operations with generic vectors. |
|
Diagnose at run time invalid arguments to |
|
Perform cheap run-time tests for pointer wrapping. Includes checks from |
New options for AddressSanitizer
These options have been added to AddressSanitizer:
Option | Check |
---|---|
| Warn about comparison of pointers that point to a different memory object. |
| Warn about subtraction of pointers that point to a different memory object. |
| Sanitize variables whose address is taken and used after a scope where the variable is defined. |
Other sanitizers and instrumentation
-
The option
-fstack-clash-protection
has been added to insert probes when stack space is allocated statically or dynamically to reliably detect stack overflows and thus mitigate the attack vector that relies on jumping over a stack guard page provided by the operating system. -
A new option
-fcf-protection=[full|branch|return|none]
has been added to perform code instrumentation and increase program security by checking that target addresses of control-flow transfer instructions (such as indirect function call, function return, indirect jump) are valid.
Additional resources
For more details and explanation of the values supplied to some of the options above, see the gcc(1) manual page:
$ man gcc
16.1.3. Compatibility-breaking changes in GCC in RHEL 8
C++ ABI change in std::string
and std::list
The Application Binary Interface (ABI) of the std::string
and std::list
classes from the libstdc++
library changed between RHEL 7 (GCC 4.8) and RHEL 8 (GCC 8) to conform to the C++11 standard. The libstdc++
library supports both the old and new ABI, but some other C++ system libraries do not. As a consequence, applications that dynamically link against these libraries will need to be rebuilt. This affects all C++ standard modes, including C++98. It also affects applications built with Red Hat Developer Toolset compilers for RHEL 7, which kept the old ABI to maintain compatibility with the system libraries.
GCC no longer builds Ada, Go, and Objective C/C++ code
Capability for building code in the Ada (GNAT), GCC Go, and Objective C/C++ languages has been removed from the GCC compiler.
To build Go code, use the Go Toolset instead.
16.2. Compiler toolsets
RHEL 8 provides the following compiler toolsets as Application Streams:
- LLVM Toolset provides the LLVM compiler infrastructure framework, the Clang compiler for the C and C++ languages, the LLDB debugger, and related tools for code analysis.
-
Rust Toolset provides the Rust programming language compiler
rustc
, thecargo
build tool and dependency manager, thecargo-vendor
plugin, and required libraries. -
Go Toolset provides the Go programming language tools and libraries. Go is alternatively known as
golang
.
For more details and information about usage, see the compiler toolsets user guides on the Red Hat Developer Tools page.
16.3. Java implementations and Java tools in RHEL 8
The RHEL 8 AppStream repository includes:
-
The
java-11-openjdk
packages, which provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit. -
The
java-1.8.0-openjdk
packages, which provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit. -
The
icedtea-web
packages, which provide an implementation of Java Web Start. -
The
ant
module, providing a Java library and command-line tool for compiling, assembling, testing, and running Java applications.Ant
has been updated to version 1.10. -
The
maven
module, providing a software project management and comprehension tool.Maven
was previously available only as a Software Collection or in the unsupported Optional channel. -
The
scala
module, providing a general purpose programming language for the Java platform.Scala
was previously available only as a Software Collection.
In addition, the java-1.8.0-ibm
packages are distributed through the Supplementary repository. Note that packages in this repository are unsupported by Red Hat.
16.4. Compatibility-breaking changes in GDB
The version of GDB provided in Red Hat Enterprise Linux 8 contains a number of changes that break compatibility, especially for cases where the GDB output is read directly from the terminal. The following sections provide more details about these changes.
Parsing output of GDB is not recommended. Prefer scripts using the Python GDB API or the GDB Machine Interface (MI).
GDBserver now starts inferiors with shell
To enable expansion and variable substitution in inferior command line arguments, GDBserver now starts the inferior in a shell, same as GDB.
To disable using the shell:
-
When using the
target extended-remote
GDB command, disable shell with theset startup-with-shell off
command. -
When using the
target remote
GDB command, disable shell with the--no-startup-with-shell
option of GDBserver.
Example 16.1. Example of shell expansion in remote GDB inferiors
This example shows how running the /bin/echo /*
command through GDBserver differs on Red Hat Enterprise Linux versions 7 and 8:
On RHEL 7:
$ gdbserver --multi :1234 $ gdb -batch -ex 'target extended-remote :1234' -ex 'set remote exec-file /bin/echo' -ex 'file /bin/echo' -ex 'run /*' /*
On RHEL 8:
$ gdbserver --multi :1234 $ gdb -batch -ex 'target extended-remote :1234' -ex 'set remote exec-file /bin/echo' -ex 'file /bin/echo' -ex 'run /*' /bin /boot (...) /tmp /usr /var
gcj
support removed
Support for debugging Java programs compiled with the GNU Compiler for Java (gcj
) has been removed.
New syntax for symbol dumping maintenance commands
The symbol dumping maintenance commands syntax now includes options before file names. As a result, commands that worked with GDB in RHEL 7 do not work in RHEL 8.
As an example, the following command no longer stores symbols in a file, but produces an error message:
(gdb) maintenance print symbols /tmp/out main.c
The new syntax for the symbol dumping maintenance commands is:
maint print symbols [-pc address] [--] [filename] maint print symbols [-objfile objfile] [-source source] [--] [filename] maint print psymbols [-objfile objfile] [-pc address] [--] [filename] maint print psymbols [-objfile objfile] [-source source] [--] [filename] maint print msymbols [-objfile objfile] [--] [filename]
Thread numbers are no longer global
Previously, GDB used only global thread numbering. The numbering has been extended to be displayed per inferior in the form inferior_num.thread_num
, such as 2.1
. As a consequence, thread numbers in the $_thread
convenience variable and in the InferiorThread.num
Python attribute are no longer unique between inferiors.
GDB now stores a second thread ID per thread, called the global thread ID, which is the new equivalent of thread numbers in previous releases. To access the global thread number, use the $_gthread
convenience variable and InferiorThread.global_num
Python attribute.
For backwards compatibility, the Machine Interface (MI) thread IDs always contains the global IDs.
Example 16.2. Example of GDB thread number changes
On Red Hat Enterprise Linux 7:
# debuginfo-install coreutils $ gdb -batch -ex 'file echo' -ex start -ex 'add-inferior' -ex 'inferior 2' -ex 'file echo' -ex start -ex 'info threads' -ex 'pring $_thread' -ex 'inferior 1' -ex 'pring $_thread' (...) Id Target Id Frame * 2 process 203923 "echo" main (argc=1, argv=0x7fffffffdb88) at src/echo.c:109 1 process 203914 "echo" main (argc=1, argv=0x7fffffffdb88) at src/echo.c:109 $1 = 2 (...) $2 = 1
On Red Hat Enterprise Linux 8:
# dnf debuginfo-install coreutils $ gdb -batch -ex 'file echo' -ex start -ex 'add-inferior' -ex 'inferior 2' -ex 'file echo' -ex start -ex 'info threads' -ex 'pring $_thread' -ex 'inferior 1' -ex 'pring $_thread' (...) Id Target Id Frame 1.1 process 4106488 "echo" main (argc=1, argv=0x7fffffffce58) at ../src/echo.c:109 * 2.1 process 4106494 "echo" main (argc=1, argv=0x7fffffffce58) at ../src/echo.c:109 $1 = 1 (...) $2 = 1
Memory for value contents can be limited
Previously, GDB did not limit the amount of memory allocated for value contents. As a consequence, debugging incorrect programs could cause GDB to allocate too much memory. The max-value-size
setting has been added to enable limiting the amount of allocated memory. The default value of this limit is 64 KiB. As a result, GDB in Red Hat Enterprise Linux 8 will not display too large values, but report that the value is too large instead.
As an example, printing a value defined as char s[128*1024];
produces different results:
-
On Red Hat Enterprise Linux 7,
$1 = 'A' <repeats 131072 times>
-
On Red Hat Enterprise Linux 8,
value requires 131072 bytes, which is more than max-value-size
Sun version of stabs format no longer supported
Support for the Sun version of the stabs
debug file format has been removed. The stabs
format produced by GCC in RHEL with the gcc -gstabs
option is still supported by GDB.
Sysroot handling changes
The set sysroot path
command specifies system root when searching for files needed for debugging. Directory names supplied to this command may now be prefixed with the string target:
to make GDB read the shared libraries from the target system (both local and remote). The formerly available remote:
prefix is now treated as target:
. Additionally, the default system root value has changed from an empty string to target:
for backward compatibility.
The specified system root is prepended to the file name of the main executable, when GDB starts processes remotely, or when it attaches to already running processes (both local and remote). This means that for remote processes, the default value target:
makes GDB always try to load the debugging information from the remote system. To prevent this, run the set sysroot
command before the target remote
command so that local symbol files are found before the remote ones.
HISTSIZE no longer controls GDB command history size
Previously, GDB used the HISTSIZE
environment variable to determine how long command history should be kept. GDB has been changed to use the GDBHISTSIZE
environment variable instead. This variable is specific only to GDB. The possible values and their effects are:
- a positive number - use command history of this size,
-
-1
or an empty string - keep history of all commands, - non-numeric values - ignored.
Completion limiting added
The maximum number of candidates considered during completion can now be limited using the set max-completions
command. To show the current limit, run the show max-completions
command. The default value is 200. This limit prevents GDB from generating excessively large completion lists and becoming unresponsive.
As an example, the output after the input p <tab><tab>
is:
-
on RHEL 7:
Display all 29863 possibilities? (y or n)
-
on RHEL 8:
Display all 200 possibilities? (y or n)
HP-UX XDB compatibility mode removed
The -xdb
option for the HP-UX XDB compatibility mode has been removed from GDB.
Handling signals for threads
Previously, GDB could deliver a signal to the current thread instead of the thread for which the signal was actually sent. This bug has been fixed, and GDB now always passes the signal to the correct thread when resuming execution.
Additionally, the signal
command now always correctly delivers the requested signal to the current thread. If the program is stopped for a signal and the user switched threads, GDB asks for confirmation.
Breakpoint modes always-inserted off and auto merged
The breakpoint always-inserted
setting has been changed. The auto
value and corresponding behavior has been removed. The default value is now off
. Additionally, the off
value now causes GDB to not remove breakpoints from the target until all threads stop.
remotebaud commands no longer supported
The set remotebaud
and show remotebaud
commands are no longer supported. Use the set serial baud
and show serial baud
commands instead.
16.5. Compatibility-breaking changes in compilers and development tools
librtkaio removed
With this update, the librtkaio library has been removed. This library provided high-performance real-time asynchronous I/O access for some files, which was based on Linux kernel Asynchronous I/O support (KAIO).
As a result of the removal:
-
Applications using the
LD_PRELOAD
method to load librtkaio display a warning about a missing library, load the librt library instead and run correctly. -
Applications using the
LD_LIBRARY_PATH
method to load librtkaio load the librt library instead and run correctly, without any warning. -
Applications using the
dlopen()
system call to access librtkaio directly load the librt library instead.
Users of librtkaio have the following options:
- Use the fallback mechanism described above, without any changes to their applications.
- Change code of their applications to use the librt library, which offers a compatible POSIX-compliant API.
- Change code of their applications to use the libaio library, which offers a compatible API.
Both librt and libaio can provide comparable features and performance under specific conditions.
Note that the libaio package has Red Hat compatibility level of 2, while librtk and the removed librtkaio level 1.
For more details, see https://fedoraproject.org/wiki/Changes/GLIBC223_librtkaio_removal
Sun RPC and NIS interfaces removed from glibc
The glibc
library no longer provides Sun RPC and NIS interfaces for new applications. These interfaces are now available only for running legacy applications. Developers must change their applications to use the libtirpc
library instead of Sun RPC and libnsl2
instead of NIS. Applications can benefit from IPv6 support in the replacement libraries.
The nosegneg
libraries for 32-bit Xen have been removed
Previously, the glibc
i686 packages contained an alternative glibc
build, which avoided the use of the thread descriptor segment register with negative offsets (nosegneg
). This alternative build was only used in the 32-bit version of the Xen Project hypervisor without hardware virtualization support, as an optimization to reduce the cost of full paravirtualization. These alternative builds are no longer used and they have been removed.
make
new operator !=
causes a different interpretation of certain existing makefile syntax
The !=
shell assignment operator has been added to GNU make
as an alternative to the $(shell …)
function to increase compatibility with BSD makefiles. As a consequence, variables with name ending in exclamation mark and immediately followed by assignment such as variable!=value
are now interpreted as the shell assignment. To restore the previous behavior, add a space after the exclamation mark, such as variable! =value
.
For more details and differences between the operator and the function, see the GNU make
manual.
Valgrind library for MPI debugging support removed
The libmpiwrap.so
wrapper library for Valgrind provided by the valgrind-openmpi
package has been removed. This library enabled Valgrind to debug programs using the Message Passing Interface (MPI). This library was specific to the Open MPI implementation version in previous versions of Red Hat Enterprise Linux.
Users of libmpiwrap.so
are encouraged to build their own version from upstream sources specific to their MPI implementation and version. Supply these custom-built libraries to Valgrind using the LD_PRELOAD
technique.
Development headers and static libraries removed from valgrind-devel
Previously, the valgrind-devel
sub-package used to include development files for developing custom valgrind tools. This update removes these files because they do not have a guaranteed API, have to be linked statically, and are unsupported. The valgrind-devel
package still does contain the development files for valgrind-aware programs and header files such as valgrind.h
, callgrind.h
, drd.h
, helgrind.h
, and memcheck.h
, which are stable and well-supported.