grep-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: FYI: by default, elide analyzer-related warning options

From: Jeffrey Walton
Subject: Re: FYI: by default, elide analyzer-related warning options
Date: Sat, 1 Jan 2022 15:08:25 -0500 
On Sat, Jan 1, 2022 at 2:17 PM Jim Meyering <jim@meyering.net> wrote:
>
> On Sat, Jan 1, 2022 at 10:53 AM Jeffrey Walton <noloader@gmail.com> wrote:
> > On Sat, Jan 1, 2022 at 1:33 PM Jim Meyering <jim@meyering.net> wrote:
> > >
> > > I've just pushed a patch that copies coreutils approach:
> > >
> > > +    [# -fanalyzer and related options slow GCC considerably.
> > > +     ew="$ew -fanalyzer -Wno-analyzer-double-free 
> > > -Wno-analyzer-malloc-leak"
> > > +     ew="$ew -Wno-analyzer-null-dereference 
> > > -Wno-analyzer-use-after-free"])
> > >
> > > I've also updated from latest gnulib and updated copyright notices.
> >
> > I don't think these two are wise:
> >
> > * -Wno-analyzer-double-free
> > * -Wno-analyzer-use-after-free
> >
> > Lot's of CVE's issued because of double free and use after free...
>
> I'm keenly aware. Note that this is just the default.
> To enable those more expensive checks, use
>
>   ./configure --enable-gcc-warnings=expensive
>
> If someone finds a legit bug that would have been detected by that,
> we'd probably change the default from "yes" to "expensive".

Shouldn't the litmus test be "bug free code"? Until that happens it
would be a good idea to leverage tools to help find the bugs.

Jeff
reply via email to
[Prev in Thread] Current Thread [Next in Thread]