@sethmlarson and I have met and came up with a plan for the next steps relating to the compiler hardening effort.
- Create Documentation
- Update docs related to
--disable-safetyand--enable-slower-safetyand submit a PR - Submit a devguide PR for the compiler warnings tool and how to “accept new warnings”
- Update docs related to
- Remove
--enable-slower-safety- Benchmarks have shown that
-D_FORITIFY_SOURCE=3did not impact performance in any measurable way. Most platforms use level 2 by default. Can either move fortify source 3 to--disable-safetyor remove the option all together
- Benchmarks have shown that
- Add Compiler Options that Generate Warnings
- Create a PR that enables warning emitting compiler options, add all offending files to the warning ignore file
- Plan is for incremental adoption without blocking core developers from adding new warnings.
- Create separate GitHub issues per warning class.
- Goal is to reduce warnings and fix issues, if any. Confirm there is no security vulnerability in those places.
If you have any questions about the sections of this plan let me know!