On 2023-12-12 01:32, Arsen Arsenović wrote:
Paul Eggert <eggert@xxxxxxxxxxx> writes:
Although it'll be helpful for Autoconf to work by default with those two
options, it's not essential because it's bad advice for builders to *configure*
with all the options suggested in "Compiler Options Hardening Guide for C and
C++"[1]. The advice should merely be to *build* with those options.
These options tell compilers to work as the C standard requires. They
will soon not be flags that need to be added explicitly. See:
https://inbox.sourceware.org/87ttp3tek1.fsf@xxxxxxxxxxxxxxxxxxxxxxxx/
Thanks for the heads-up; I wasn't aware of that effort. However, the
behavior it's proposing (defaulting to errors for -Wint-conversion,
Wreturn-mismatch, -Wdeclaration-missing-parameter-type,
-Wincompatible-pointer-types) shouldn't be much of a problem for
Autoconf. These warnings are less intrusive and controversial than the
warning options suggested in [1] and I don't think they'll be much of a
problem for Autoconf or for Autoconf-using programs.
This is because the recommended options include controversial ones like
-Wconversion that can be harmful in C code. The only way to pacify -Wconversion
is to complicate the code by inserting casts that can lower code safety and
quality. Even Gnulib, which goes far beyond [1] in recommending warning
options, disables -Wconversion.
I'm not sure I agree that handling real lossy conversions lowers code
quality, but this flag is not a behavior required by the standard, so I
suppose not assuming it is OK.
Yes, although -Wconversion can sometimes be useful unfortunately it too
often forces you to put in casts that can mask serious problems later.
The C standard doesn't require -Wconversion diagnostics and I expect it
never will.
[1]:
https://best.openssf.org/Compiler-Hardening-Guides/Compiler-Options-Hardening-Guide-for-C-and-C++
