[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: FYI: by default, elide analyzer-related warning options
From: |
Jeffrey Walton |
Subject: |
Re: FYI: by default, elide analyzer-related warning options |
Date: |
Sat, 1 Jan 2022 15:08:25 -0500 |
On Sat, Jan 1, 2022 at 2:17 PM Jim Meyering <jim@meyering.net> wrote:
>
> On Sat, Jan 1, 2022 at 10:53 AM Jeffrey Walton <noloader@gmail.com> wrote:
> > On Sat, Jan 1, 2022 at 1:33 PM Jim Meyering <jim@meyering.net> wrote:
> > >
> > > I've just pushed a patch that copies coreutils approach:
> > >
> > > + [# -fanalyzer and related options slow GCC considerably.
> > > + ew="$ew -fanalyzer -Wno-analyzer-double-free
> > > -Wno-analyzer-malloc-leak"
> > > + ew="$ew -Wno-analyzer-null-dereference
> > > -Wno-analyzer-use-after-free"])
> > >
> > > I've also updated from latest gnulib and updated copyright notices.
> >
> > I don't think these two are wise:
> >
> > * -Wno-analyzer-double-free
> > * -Wno-analyzer-use-after-free
> >
> > Lot's of CVE's issued because of double free and use after free...
>
> I'm keenly aware. Note that this is just the default.
> To enable those more expensive checks, use
>
> ./configure --enable-gcc-warnings=expensive
>
> If someone finds a legit bug that would have been detected by that,
> we'd probably change the default from "yes" to "expensive".
Shouldn't the litmus test be "bug free code"? Until that happens it
would be a good idea to leverage tools to help find the bugs.
Jeff