RFR: 8030350: Enable additional compiler warnings for GCC
Dmitry Samersoff
dmitry.samersoff at oracle.com
Wed Dec 18 14:13:21 UTC 2013
Mike,
1. I'm not sure -Wformat-security has any value for us - it checks for case
printf(string) with no extra arguments,
as it can cause buffer overrun if string comes from untrusted source.
2. It's possible to shorten command line by -Wformat=2 it implies
-Wformat -Wformat-nonliteral -Wformat-security -Wformat-y2k.
3. Send me link to webrev - I'll test it on freebsd.
-Dmitry
On 2013-12-18 09:41, Mike Duigou wrote:
> I have no objection to making the same improvements there but have no way to test the result. I will update the changeset and re-request review with the caveat that the BSD changes have not been tested.
>
> Mike
>
>
> On Dec 17 2013, at 18:31 , Christian Thalinger <christian.thalinger at oracle.com> wrote:
>
>> What about BSD?
>>
>> On Dec 17, 2013, at 4:08 PM, Mike Duigou <mike.duigou at oracle.com> wrote:
>>
>>> Hello all;
>>>
>>> This is a change which enables additional compiler warnings for native compilation when using GCC. The (-Wformat -Wformat-security) options are supported by GCC 3.0.4 (the earliest version I checked, c. February 2002) and later so we shouldn't see issues with incompatibility.- Wextra appears to have been added in GCC 3.4.X line (c. 2004) so it should also be reasonably well adopted and replaces -W.
>>>
>>> The core of the change is to add :
>>>
>>> -Wextra -Wno-unused-parameter -Wformat -Wformat-security
>>>
>>> for general C and CC++ compilations. For HotSpot C++ compiles a slightly less aggressive set is used:
>>>
>>> -Wformat -Wformat-security
>>>
>>> is used.
>>>
>>> Webrev here:
>>>
>>> http://cr.openjdk.java.net/~mduigou/JDK-8030350/0/webrev/
>>>
>>> For the curious, yes, the additional checks do generate additional warnings. ;-)
>>>
>>> This change is targeted at the JDK 9 repos but could be backported to JDK 8 fairly easily/safely.
>>>
>>> Mike
>>>
>>
>
--
Dmitry Samersoff
Oracle Java development team, Saint Petersburg, Russia
* I would love to change the world, but they won't give me the sources.
More information about the build-dev
mailing list