I _strongly_ encourage development with "maximal" warnings turned on. However, this does have some side-effects because many compilers give excessive spurious warnings. It's especially difficult to do with pre-existing code (the effort can be herculean).
An interesting discussion about warning problems in the Linux kernel can be found here: http://lwn.net/Articles/207030/ Ideally compiler writers should treat spurious warnings as serious bugs, or people will quickly learn to ignore all warnings. The challenge is that it can be difficult to determine what is "spurious" without also making the warning not report what it SHOULD report. It's a classic false positive vs. false negative problem for all static tools, made especially hard in languages where there isn't a lot of information to work with. --- David A. Wheeler _______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. _______________________________________________
