1 |
> On Sep 10, 2018, at 10:19 AM, Fabian Groffen <grobian@g.o> wrote: |
2 |
> |
3 |
>> On 09-09-2018 11:22:41 -0400, Richard Yao wrote: |
4 |
>> -Werror has caught bugs that could have resulted in data loss in ZFS in the past thanks to it being built in userspace as part of zdb. So it is useful for integrity too, not just security (although arguably, integrity is part of security). |
5 |
> |
6 |
> This is a misconception, as jer already pointed out. Instead: |
7 |
> |
8 |
> -Werror has forced you to take notice of problems that could have |
9 |
> resulted in data loss in ZFS ... |
10 |
It did. That is why it is used as a debug feature only when USE=debug is set. USE=-debug does not use -Werror. USE=debug on that package is meant for people who want to help upstream catch bugs. |
11 |
> |
12 |
> Also, consider that for -Werror to be "better", you also need -O3 in |
13 |
> order to activate the "proper" compiler checks like "variable set but |
14 |
> never used" ones. |
15 |
I have had “set but never used” errors on -O2. |
16 |
> |
17 |
>> Perhaps we could have another USE flag for -Werror where it is a security feature. e.g. USE=strict-compile-checks |
18 |
> |
19 |
> You better run a static code analyser, such as the one you can hook up |
20 |
> with Travis. It usually points out real security problems such as |
21 |
> races, which GCC doesn't do yet, as far as I'm aware. Let alone |
22 |
> trigger with -Werror. |
23 |
We are using Coverity, but there is no one tool that catches all issues such that the compiler’s checks are redundant. |
24 |
> |
25 |
> Fabian |
26 |
> |
27 |
> |
28 |
> -- |
29 |
> Fabian Groffen |
30 |
> Gentoo on a different level |