I _strongly_ encourage development with "maximal" warnings turned on.
However, this does have some side-effects because many compilers
give excessive spurious warnings.  It's especially difficult to
do with pre-existing code (the effort can be herculean).

An interesting discussion about warning problems in the Linux kernel
can be found here:
http://lwn.net/Articles/207030/

Ideally compiler writers should treat spurious warnings as serious bugs,
or people will quickly learn to ignore all warnings.
The challenge is that it can be difficult to determine what is
"spurious" without also making the warning not report what it SHOULD
report.  It's a classic false positive vs. false negative problem
for all static tools, made especially hard in languages where
there isn't a lot of information to work with.

--- David A. Wheeler


_______________________________________________
Secure Coding mailing list (SC-L) SC-L@securecoding.org
List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
List charter available at - http://www.securecoding.org/list/charter.php
SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
as a free, non-commercial service to the software security community.
_______________________________________________

Reply via email to