Secure Coding mailing list archives
Compilers
From: dwheeler at ida.org (David A. Wheeler)
Date: Thu, 28 Dec 2006 13:56:57 -0500
I _strongly_ encourage development with "maximal" warnings turned on. However, this does have some side-effects because many compilers give excessive spurious warnings. It's especially difficult to do with pre-existing code (the effort can be herculean). An interesting discussion about warning problems in the Linux kernel can be found here: http://lwn.net/Articles/207030/ Ideally compiler writers should treat spurious warnings as serious bugs, or people will quickly learn to ignore all warnings. The challenge is that it can be difficult to determine what is "spurious" without also making the warning not report what it SHOULD report. It's a classic false positive vs. false negative problem for all static tools, made especially hard in languages where there isn't a lot of information to work with. --- David A. Wheeler
Current thread:
- Compilers Gary McGraw (Dec 21)
- Compilers Tim Hollebeek (Dec 27)
- <Possible follow-ups>
- Compilers David A. Wheeler (Dec 21)
- Compilers Gary McGraw (Dec 21)
- Compilers SC-L Subscriber Dave Aronson (Dec 27)
- Compilers Leichter, Jerry (Dec 27)
- Compilers David A. Wheeler (Dec 28)
- Compilers Leichter, Jerry (Dec 29)
- temporary directories Robert C. Seacord (Dec 29)
- temporary directories ljknews (Dec 29)
- temporary directories Leichter, Jerry (Dec 29)
- temporary directories ljknews (Dec 29)
- temporary directories Leichter, Jerry (Dec 30)
- temporary directories ljknews (Dec 30)
- temporary directories Florian Weimer (Dec 30)
- temporary directories ljknews (Dec 30)
- Compilers Leichter, Jerry (Dec 29)
- temporary directories der Mouse (Dec 29)