Chapter 16. Compilers and development tools
16.1. Changes in toolchain since RHEL 7
The following sections list changes in toolchain since the release of the described components in Red Hat Enterprise Linux 7. See also Release notes for Red Hat Enterprise Linux 8.0.
16.1.1. Changes in GCC in RHEL 8
In Red Hat Enterprise Linux 8, the GCC toolchain is based on the GCC 8.2 release series. Notable changes since Red Hat Enterprise Linux 7 include:
- Numerous general optimizations have been added, such as alias analysis, vectorizer improvements, identical code folding, inter-procedural analysis, store merging optimization pass, and others.
- The Address Sanitizer has been improved.
- The Leak Sanitizer for detection of memory leaks has been added.
- The Undefined Behavior Sanitizer for detection of undefined behavior has been added.
- Debug information can now be produced in the DWARF5 format. This capability is experimental.
- The source code coverage analysis tool GCOV has been extended with various improvements.
- Support for the OpenMP 4.5 specification has been added. Additionally, the offloading features of the OpenMP 4.0 specification are now supported by the C, C++, and Fortran compilers.
- New warnings and improved diagnostics have been added for static detection of certain likely programming errors.
- Source locations are now tracked as ranges rather than points, which allows much richer diagnostics. The compiler now offers “fix-it” hints, suggesting possible code modifications. A spell checker has been added to offer alternative names and ease detecting typos.
GCC has been extended to provide tools to ensure additional hardening of the generated code. Improvements related to security include:
__builtin_mul_overflowbuilt-in functions for arithmetics with overflow checking have been added.
-fstack-clash-protectionoption has been added to generate additional code guarding against stack clash.
-fcf-protectionoption was introduced to check target addresses of control-flow instructions for increased program security.
-Wstringop-truncationwarning option lists calls to bounded string manipulation functions such as
stpncpythat might truncate the copied string or leave the destination unchanged.
-Warray-boundswarning option has been improved to detect out-of-bounds array indices and pointer offsets better.
-Wclass-memaccesswarning option has been added to warn about potentially unsafe manipulation of objects of non-trivial class types by raw memory access functions such as
Architecture and processor support
Improvements to architecture and processor support include:
- Multiple new architecture-specific options for the Intel AVX-512 architecture, a number of its microarchitectures, and Intel Software Guard Extensions (SGX) have been added.
- Code generation can now target the 64-bit ARM architecture LSE extensions, ARMv8.2-A 16-bit Floating-Point Extensions (FPE), and ARMv8.2-A, ARMv8.3-A, and ARMv8.4-A architecture versions.
Handling of the
-march=nativeoption on the ARM and 64-bit ARM architectures has been fixed.
- Support for the z13 and z14 processors of the IBM Z architecture has been added.
Languages and standards
Notable changes related to languages and standards include:
- The default standard used when compiling code in the C language has changed to C17 with GNU extensions.
- The default standard used when compiling code in the C++ language has changed to C++14 with GNU extensions.
- The C++ runtime library now supports the C++11 and C++14 standards.
The C++ compiler now implements the C++14 standard with many new features such as variable templates, aggregates with non-static data member initializers, the extended
constexprspecifier, sized deallocation functions, generic lambdas, variable-length arrays, digit separators, and others.
- Support for the C language standard C11 has been improved: ISO C11 atomics, generic selections, and thread-local storage are now available.
__auto_typeGNU C extension provides a subset of the functionality of C++11
autokeyword in the C language.
_FloatNxtype names specified by the ISO/IEC TS 18661-3:2015 standard are now recognized by the C front end.
The default standard used when compiling code in the C language has changed to C17 with GNU extensions. This has the same effect as using the
--std=gnu17option. Previously, the default was C89 with GNU extensions.
- GCC can now experimentally compile code using the C++17 language standard, and certain features from the C++20 standard.
- Passing an empty class as an argument now takes up no space on the Intel 64 and AMD64 architectures, as required by the platform ABI. Passing or returning a class with only deleted copy and move constructors now uses the same calling convention as a class with a non-trivial copy or move constructor.
The value returned by the C++11
alignofoperator has been corrected to match the C
_Alignofoperator and return minimum alignment. To find the preferred alignment, use the GNU extension
The main version of the
libgfortranlibrary for Fortran language code has been changed to 5.
- Support for the Ada (GNAT), GCC Go, and Objective C/C++ languages has been removed. Use the Go Toolset for Go code development.
16.1.2. Security enhancements in GCC in RHEL 8
This section decribes in detail the changes in GCC related to security and added since the release of Red Hat Enterprise Linux 7.0.
These warning options have been added:
|Option||Displays warnings for|
| || |
Calls to bounded string manipulation functions such as
| || |
Objects of non-trivial class types manipulated in potentially unsafe ways by raw memory functions such as
The warning helps detect calls that bypass user-defined constructors or copy-assignment operators, corrupt virtual table pointers, data members of const-qualified types or references, or member pointers. The warning also detects calls that would bypass access controls to data members.
| || |
Places where the indentation of the code gives a misleading idea of the block structure of the code to a human reader.
| || |
Calls to memory allocation functions where the amount of memory to allocate exceeds size. Works also with functions where the allocation is specified by multiplying two parameters, and with any functions decorated with attribute
| || |
Calls to memory allocation functions that attempt to allocate zero amount of memory. Works also with functions where the allocation is specified by multiplying two parameters, and with any functions decorated with attribute
| || |
All calls to the
| || |
Calls to the
| || |
Definitions of Variable Length Arrays (VLA) that can either exceed the specified size or whose bound is not known to be sufficiently constrained.
| || |
Both certain and likely buffer overflow in calls to the
| || |
Both certain and likely output truncation in calls to the
| || |
Buffer overflow in calls to string handling functions such as
These GCC warnings have been improved:
-Warray-boundsoption has been improved to detect more instances of out-of-bounds array indices and pointer offsets. For example, negative or excessive indices into flexible array members and string literals are detected.
-Wrestrictoption introduced in GCC 7 has been enhanced to detect many more instances of overlapping accesses to objects via restrict-qualified arguments to standard memory and string manipulation functions such as
-Wnonnulloption has been enhanced to detect a broader set of cases of passing null pointers to functions that expect a non-null argument (decorated with attribute
A new run-time sanitizer for detecting undefined behavior called UndefinedBehaviorSanitizer has been added. The following options are noteworthy:
| || |
Detect floating-point division by zero.
| || |
Check that the result of floating-point type to integer conversions do not overflow.
| || |
Enable instrumentation of array bounds and detect out-of-bounds accesses.
| || |
Enable alignment checking and detect various misaligned objects.
| || |
Enable object size checking and detect various out-of-bounds accesses.
| || |
Enable checking of C++ member function calls, member accesses and some conversions between pointers to base and derived classes. Additonally, detect when referenced objects do not have correct dynamic type.
| || |
Enable strict checking of array bounds. This enables
| || |
Diagnose arithmetic overflows even on arithmetic operations with generic vectors.
| || |
Diagnose at run time invalid arguments to
| || |
Perform cheap run time tests for pointer wrapping. Includes checks from
New options for AddressSanitizer
These options have been added to AddressSanitizer:
| || |
Warn about comparison of pointers that point to a different memory object.
| || |
Warn about subtraction of pointers that point to a different memory object.
| || |
Sanitize variables whose address is taken and used after a scope where the variable is defined.
Other sanitizers and instrumentation
-fstack-clash-protectionhas been added to insert probes when stack space is allocated statically or dynamically to reliably detect stack overflows and thus mitigate the attack vector that relies on jumping over a stack guard page provided by the operating system.
A new option
-fcf-protection=[full|branch|return|none]has been added to perform code instrumentation and increase program security by checking that target addresses of control-flow transfer instructions (such as indirect function call, function return, indirect jump) are valid.
For more details and explanation of the values supplied to some of the options above, see the gcc(1) manual page:
$ man gcc
16.2. Compiler toolsets
RHEL 8.0 provides the following compiler toolsets as Application Streams:
- Clang and LLVM Toolset 7.0.1, which provides the LLVM compiler infrastructure framework, the Clang compiler for the C and C++ languages, the LLDB debugger, and related tools for code analysis. See the Using Clang and LLVM Toolset document.
Rust Toolset 1.31, which provides the Rust programming language compiler
cargobuild tool and dependency manager, the
cargo-vendorplugin, and required libraries. See the Using Rust Toolset document.
Go Toolset 1.11.5, which provides the Go programming language tools and libraries. Go is alternatively known as
golang. See the Using Go Toolset document.
16.3. Java implementations and Java tools in RHEL 8
The RHEL 8 AppStream repository includes:
java-11-openjdkpackages, which provide the OpenJDK 11 Java Runtime Environment and the OpenJDK 11 Java Software Development Kit.
java-1.8.0-openjdkpackages, which provide the OpenJDK 8 Java Runtime Environment and the OpenJDK 8 Java Software Development Kit.
icedtea-webpackages, which provide an implementation of Java Web Start.
antmodule, providing a Java library and command-line tool for compiling, assembling, testing, and running Java applications.
Anthas been updated to version 1.10.
mavenmodule, providing a software project management and comprehension tool.
Mavenwas previously available only as a Software Collection or in the unsupported Optional channel.
scalamodule, providing a general purpose programming language for the Java platform.
Scalawas previously available only as a Software Collection.
In addition, the
java-1.8.0-ibm packages are distributed through the Supplementary repository. Note that packages in this repository are unsupported by Red Hat.
16.4. Compatibility-breaking changes in GDB
The version of GDB provided in Red Hat Enterprise Linux 8 contains a number of changes that break compatibility, especially for cases where the GDB output is read directly from the terminal. The following sections provide more details about these changes.
Parsing output of GDB is not recommended. Prefer scripts using the Python GDB API or the GDB Machine Interface (MI).
GDBserver now starts inferiors with shell
To enable expansion and variable substitution in inferior command line arguments, GDBserver now starts the inferior in a shell, same as GDB.
To disable using the shell:
When using the
target extended-remoteGDB command, disable shell with the
set startup-with-shell offcommand.
When using the
target remoteGDB command, disable shell with the
--no-startup-with-shelloption of GDBserver.
Example 16.1. Example of shell expansion in remote GDB inferiors
This example shows how running the
/bin/echo /* command through GDBserver differs on Red Hat Enterprise Linux versions 7 and 8:
On RHEL 7:
$ gdbserver --multi :1234 $ gdb -batch -ex 'target extended-remote :1234' -ex 'set remote exec-file /bin/echo' -ex 'file /bin/echo' -ex 'run /*' /*
On RHEL 8:
$ gdbserver --multi :1234 $ gdb -batch -ex 'target extended-remote :1234' -ex 'set remote exec-file /bin/echo' -ex 'file /bin/echo' -ex 'run /*' /bin /boot (...) /tmp /usr /var
gcj support removed
Support for debugging Java programs compiled with the GNU Compiler for Java (
gcj) has been removed.
New syntax for symbol dumping maintenance commands
The symbol dumping maintenance commands syntax now includes options before file names. As a result, commands that worked with GDB in RHEL 7 do not work in RHEL 8.
As an example, the following command no longer stores symbols in a file, but produces an error message:
(gdb) maintenance print symbols /tmp/out main.c
The new syntax for the symbol dumping maintenance commands is:
maint print symbols [-pc address] [--] [filename] maint print symbols [-objfile objfile] [-source source] [--] [filename] maint print psymbols [-objfile objfile] [-pc address] [--] [filename] maint print psymbols [-objfile objfile] [-source source] [--] [filename] maint print msymbols [-objfile objfile] [--] [filename]
Thread numbers are no loger global
Previously, GDB used only global thread numbering. The numbering has been extended to be displayed per inferior in the form
inferior_num.thread_num, such as
2.1. As consequence, thread numbers in the
$_thread convenience variable and in the
InferiorThread.num Python attribute are no longer unique between inferiors.
GDB now stores a second thread ID per thread, called the global thread ID, which is the new equivalent of thread numbers in previous releases. To access the global thread number, use the
$_gthread convenience variable and
InferiorThread.global_num Python attribute.
For backwards compatibility, the Machine Interface (MI) thread IDs always contains the global IDs.
Example 16.2. Example of GDB thread number changes
On Red Hat Enterprise Linux 7:
# debuginfo-install coreutils $ gdb -batch -ex 'file echo' -ex start -ex 'add-inferior' -ex 'inferior 2' -ex 'file echo' -ex start -ex 'info threads' -ex 'pring $_thread' -ex 'inferior 1' -ex 'pring $_thread' (...) Id Target Id Frame * 2 process 203923 "echo" main (argc=1, argv=0x7fffffffdb88) at src/echo.c:109 1 process 203914 "echo" main (argc=1, argv=0x7fffffffdb88) at src/echo.c:109 $1 = 2 (...) $2 = 1
On Red Hat Enterprise Linux 8:
# dnf debuginfo-install coreutils $ gdb -batch -ex 'file echo' -ex start -ex 'add-inferior' -ex 'inferior 2' -ex 'file echo' -ex start -ex 'info threads' -ex 'pring $_thread' -ex 'inferior 1' -ex 'pring $_thread' (...) Id Target Id Frame 1.1 process 4106488 "echo" main (argc=1, argv=0x7fffffffce58) at ../src/echo.c:109 * 2.1 process 4106494 "echo" main (argc=1, argv=0x7fffffffce58) at ../src/echo.c:109 $1 = 1 (...) $2 = 1
Memory for value contents can be limited
Previously, GDB did not limit the amount of memory allocated for value contents. As a consequence, debugging incorrect programs could cause GDB to allocate too much memory. The
max-value-size setting has been added to enable limiting the amount of allocated memory. The default value of this limit is 64 KiB. As a result, GDB in Red Hat Enterprise Linux 8 will not display too large values, but report that the value is too large instead.
As an example, printing a value defined as
char s[128*1024]; produces different results:
On Red Hat Enterprise Linux 7,
$1 = 'A' <repeats 131072 times>
On Red Hat Enterprise Linux 8,
value requires 131072 bytes, which is more than max-value-size
Sun version of stabs format no longer supported
Support for the Sun version of the
stabs debug file format has been removed. The
stabs format produced by GCC in RHEL with the
gcc -gstabs option is still supported by GDB.
Sysroot handling changes
set sysroot path command specifies system root when searching for files needed for debugging. Directory names supplied to this command may now be prefixed with the string
target: to make GDB read the shared libraries from the target system (both local and remote). The formerly available
remote: prefix is now treated as
target:. Additionally, the default system root value has changed from empty string to
target: for backward compatibility.
The specified system root is prepended to the file name of the main executable, when GDB starts processes remotely, or when it attaches to already running processes (both local and remote). This means that for remote processes, the default value
target: makes GDB always try to load the debugging information from the remote system. To prevent this, run the
set sysroot command before the
target remote command so that local symbol files are found before the remote ones.
HISTSIZE no longer controls GDB command history size
Previously, GDB used the
HISTSIZE environment variable to determine how long command history should be kept. GDB has been changed to use the
GDBHISTSIZE environment variable instead. This variable is specific only to GDB. The possible values and their effects are:
- a positive number - use command history of this size,
-1or an empty string - keep history of all commands,
- non-numeric values - ignored.
Completion limiting added
The maximum number of candidates considered during completion can now be limited using the
set max-completions command. To show the current limit, run the
show max-completions command. The default value is 200. This limit prevents GDB from generating excessively large completion lists and becoming unresponsive.
As an example, the output after the input
p <tab><tab> is:
on RHEL 7:
Display all 29863 possibilities? (y or n)
on RHEL 8:
Display all 200 possibilities? (y or n)
HP-UX XDB compatibility mode removed
-xdb option for the HP-UX XDB compatibility mode has been removed from GDB.
Handling signals for threads
Previously, GDB could deliver a signal to the current thread instead of the thread for which the signal was actually sent. This bug has been fixed, and GDB now always passes the signal to the correct thread when resuming execution.
signal command now always correctly delivers the requested signal to the current thread. If the program is stopped for a signal and the user switched threads, GDB asks for confirmation.
Breakpoint modes always-inserted off and auto merged
breakpoint always-inserted setting has been changed. The
auto value and corresponding behavior has been removed. The default value is now
off. Additionally, the
off value now causes GDB to not remove breakpoints from the target until all threads stop.
remotebaud commands no longer supported
set remotebaud and
show remotebaud commands are no longer supported. Use the
set serial baud and
show serial baud commands instead.
16.5. Compatibility-breaking changes in compilers and development tools
C++ ABI change in
The Application Binary Interface (ABI) of the
std::list classes from the
libstdc++ library changed between RHEL 7 (GCC 4.8) and RHEL 8 (GCC 8) to conform to the C++11 standard. The
libstdc++ library supports both the old and new ABI, but some other C++ system libraries do not. As a consequence, applications that dynamically link against these libraries will need to be rebuilt. This affects all C++ standard modes, including C++98. It also affects applications built with Red Hat Developer Toolset compilers for RHEL 7, which kept the old ABI to maintain compatibility with the system libraries.
With this update, the librtkaio library has been removed. This library provided high performance real time asynchronous I/O access for some files, which was based on Linux kernel Asynchronous I/O support (KAIO).
As a result of the removal:
Applications using the
LD_PRELOADmethod to load librtkaio display a warning about a missing library, load the librt library instead and run correctly.
Applications using the
LD_LIBRARY_PATHmethod to load librtkaio load the librt library instead and run correctly, without any warning.
Applications using the
dlopen()system call to access librtkaio directly load the librt library instead.
Users of librtkaio have the following options:
- Use the fallback mechanism described above, without any changes to their applications.
- Change code of their applications to use the librt library, which offers a compatible POSIX-compliant API.
- Change code of their applications to use the libaio library, which offers a compatible API.
Both librt and libaio can provide comparable features and performance under specific conditions.
Note that the libaio package has Red Hat compatibility level of 2, while librtk and the removed librtkaio level 1.
For more details, see https://fedoraproject.org/wiki/Changes/GLIBC223_librtkaio_removal
Sun RPC and NIS interfaces removed from
glibc library no longer provides Sun RPC and NIS interfaces for new applications. These interfaces are now available only for running legacy applications. Developers must change their applications to use the
libtirpc library instead of Sun RPC and
libnsl2 instead of NIS. Applications can benefit from IPv6 support in the replacement libraries.
Valgrind library for MPI debugging support removed
libmpiwrap.so wrapper library for Valgrind provided by the
valgrind-openmpi package has been removed. This library enabled Valgrind to debug programs using the Message Passing Interface (MPI). This library was specific to the Open MPI implementation version in previous versions of Red Hat Enterprise Linux.
libmpiwrap.so are encouraged to build their own version from upstream sources specific to their MPI implementation and version. Supply these custom-built libraries to Valgrind using the
Development headers and static libraries removed from
valgrind-devel sub-package used to include development files for developing custom valgrind tools. This update removes these files because they do not have a guaranteed API, have to be linked statically, and are unsupported. The
valgrind-devel package still does contain the development files for valgrind-aware programs and header files such as
memcheck.h, which are stable and well supported.
nosegneg libraries for 32-bit Xen have been removed
glibc i686 packages contained an alternative
glibc build, which avoided the use of the thread descriptor segment register with negative offsets (
nosegneg). This alternative build was only used in the 32-bit version of the Xen Project hypervisor without hardware virtualization support, as an optimization to reduce the cost of full paravirtualization. These alternative builds are no longer used and they have been removed.
GCC no longer builds Ada, Go, and Objective C/C++ code
Capability for building code in the Ada (GNAT), GCC Go, and Objective C/C++ languages has been removed from the GCC compiler.
To build Go code, use the Go Toolset instead.
make new operator
!= causes a different interpretation of certain existing makefile syntax
!= shell assignment operator has been added to GNU
make as an alternative to the
$(shell …) function to increase compatibility with BSD makefiles. As a consequence, variables with name ending in exclamation mark and immediately followed by assignment such as
variable!=value are now interpreted as the shell assignment. To restore the previous behavior, add a space after the exclamation mark, such as
For more details and differences between the operator and the function, see the GNU