> On Sep 10, 2018, at 10:19 AM, Fabian Groffen <grob...@gentoo.org> wrote:
>
>> On 09-09-2018 11:22:41 -0400, Richard Yao wrote:
>> -Werror has caught bugs that could have resulted in data loss in ZFS in the
>> past thanks to it being built in userspace as part of zdb. So it is useful
>> for integrity too, not just security (although arguably, integrity is part
>> of security).
>
> This is a misconception, as jer already pointed out. Instead:
>
> -Werror has forced you to take notice of problems that could have
> resulted in data loss in ZFS ...
It did. That is why it is used as a debug feature only when USE=debug is set.
USE=-debug does not use -Werror. USE=debug on that package is meant for people
who want to help upstream catch bugs.
>
> Also, consider that for -Werror to be "better", you also need -O3 in
> order to activate the "proper" compiler checks like "variable set but
> never used" ones.
I have had “set but never used” errors on -O2.
>
>> Perhaps we could have another USE flag for -Werror where it is a security
>> feature. e.g. USE=strict-compile-checks
>
> You better run a static code analyser, such as the one you can hook up
> with Travis. It usually points out real security problems such as
> races, which GCC doesn't do yet, as far as I'm aware. Let alone
> trigger with -Werror.
We are using Coverity, but there is no one tool that catches all issues such
that the compiler’s checks are redundant.
>
> Fabian
>
>
> --
> Fabian Groffen
> Gentoo on a different level