Hi Guys, It seems to me that it might be worth taking a step back here, and consider adding a security framework to gcc. Mitigations for CVEs in the past have resulted in individual patches being added to gcc, oftern in a target specific manner, and with no real framework to support them, document them, or indicate to an external tool that they have been applied.
In addition security fixes often result in the generation of less optimal code, and so it might be useful to have a way to tell other parts of gcc that a given particular sequence should not be altered. Not that I am an expert in this area, but I do think that it is something that should be discussed... Cheers Nick