Mike, 1. I'm not sure -Wformat-security has any value for us - it checks for case printf(string) with no extra arguments, as it can cause buffer overrun if string comes from untrusted source.
2. It's possible to shorten command line by -Wformat=2 it implies -Wformat -Wformat-nonliteral -Wformat-security -Wformat-y2k. 3. Send me link to webrev - I'll test it on freebsd. -Dmitry On 2013-12-18 09:41, Mike Duigou wrote: > I have no objection to making the same improvements there but have no way to > test the result. I will update the changeset and re-request review with the > caveat that the BSD changes have not been tested. > > Mike > > > On Dec 17 2013, at 18:31 , Christian Thalinger > <christian.thalin...@oracle.com> wrote: > >> What about BSD? >> >> On Dec 17, 2013, at 4:08 PM, Mike Duigou <mike.dui...@oracle.com> wrote: >> >>> Hello all; >>> >>> This is a change which enables additional compiler warnings for native >>> compilation when using GCC. The (-Wformat -Wformat-security) options are >>> supported by GCC 3.0.4 (the earliest version I checked, c. February 2002) >>> and later so we shouldn't see issues with incompatibility.- Wextra appears >>> to have been added in GCC 3.4.X line (c. 2004) so it should also be >>> reasonably well adopted and replaces -W. >>> >>> The core of the change is to add : >>> >>> -Wextra -Wno-unused-parameter -Wformat -Wformat-security >>> >>> for general C and CC++ compilations. For HotSpot C++ compiles a slightly >>> less aggressive set is used: >>> >>> -Wformat -Wformat-security >>> >>> is used. >>> >>> Webrev here: >>> >>> http://cr.openjdk.java.net/~mduigou/JDK-8030350/0/webrev/ >>> >>> For the curious, yes, the additional checks do generate additional >>> warnings. ;-) >>> >>> This change is targeted at the JDK 9 repos but could be backported to JDK 8 >>> fairly easily/safely. >>> >>> Mike >>> >> > -- Dmitry Samersoff Oracle Java development team, Saint Petersburg, Russia * I would love to change the world, but they won't give me the sources.
