[C-safe-secure-studygroup] Adoption by GCC and LLVM

[Jim MacArthur]

On 06/01/17 18:51, Martin Sebor wrote:
> A number of checkers from the TS have been present in GCC in
> the form of warnings for some time (e.g., boolasign, argcomp,
> intptrconv, alignconv, funcdecl, addrescape, swtchdflt, invptr,
> libptr, intoflow, strmod, restrict, xfree, uninitref, sizeofptr,
> invfmtstr, and possibly some aspects of others).
>
> As for some sort of a mode to cover all TS 17961 rules I suspect
> the likely answer will be that it might be a good project for
> a GCC plugin (i.e., implemented outside the GCC sources).

I'm sure we can do this; I've not looked into the GCC plugin structure. 
I'd assumed until now that it was more difficult to develop external 
tools since the machine-readable RTL output was dropped, at least 
compared to LLVM.

>
> When adding new checkers/warnings to GCC the focus tends to be on
> the underlying fundamental issues rather than on compliance with
> any particular coding standard.  There is also great sensitivity
> to false positives and people sometime go to extreme lengths to
> avoid them, even at the expense of true positives.  Checkers that
> are prone to false positives that cannot be easily suppressed end
> up disabled so only the few users/projects that re-read the manual
> for each new release and have the ability (and courage) to enable
> them explicitly benefit from them.
>
> That being said, in the GCC 7 cycle a lot of effort has gone
> into improving the detection of common security flaws like buffer
> overflow (I spent most of my time on it).  I expect this trend to
> continue in GCC 8 and patches to improve this area (as well as
> any others) to be welcome.

Thanks for the response, Martin. This answers most of the questions I 
had, but I've asked on gcc at gcc.gnu.org as well in case anyone else has 
any comments.

Jim