I work at Red Hat on GCC, focusing on -fanalyzer, a static analysis pass identifying problems at compile-time. GCC14 introduced a warning for infinite loops, enhancing detection abilities. The -Wanalyzer-out-of-bounds warning detects buffer overflows, now visualized for better understanding. Improved tracking of C string operations with new function attributes enhances analysis accuracy. Taint analysis has been improved to track attacker-controlled inputs. A vulnerability example from the Linux kernel showcases the analyzer’s capabilities. GCC 14 aims for an official release in April 2024, with Fedora 40 Beta already using the prerelease version. Users can experiment with the new compiler features on Compiler Explorer.
https://developers.redhat.com/articles/2024/04/03/improvements-static-analysis-gcc-14-compiler