safety command-line options

safety command-line options

[Uecker, Martin]

I wonder if we could get a nice short command-line option
for recommended safety/security related flags.

We have -Ox for optimization and -Wall for a useful set
of recommended warnings.

I am thinking about options such as 

-ftrapv
-fsanitize=undefined -fsanitize-undefined-trap-on-error
-fstack-protector
-D_FORTIFY_SOURCE=2
-Werror=format-security

etc.  We would need to make a selection based on
various tradeoffs, but this is not different
to -Wall or -O.


Martin

Re: safety command-line options

[Martin Sebor]

On 5/24/21 2:18 AM, Uecker, Martin wrote:
> 
> 
> I wonder if we could get a nice short command-line option
> for recommended safety/security related flags.
> 
> We have -Ox for optimization and -Wall for a useful set
> of recommended warnings.
> 
> I am thinking about options such as
> 
> -ftrapv
> -fsanitize=undefined -fsanitize-undefined-trap-on-error
> -fstack-protector
> -D_FORTIFY_SOURCE=2
> -Werror=format-security
> 
> etc.  We would need to make a selection based on
> various tradeoffs, but this is not different
> to -Wall or -O.

Here's a nice article on the subject:
Recommended compiler and linker flags for GCC
https://developers.redhat.com/blog/2018/03/21/compiler-and-linker-flags-gcc

Martin