On Thu, 21 Mar 2019 at 09:07, Zbigniew Jędrzejewski-Szmek
<zbyszek(a)in.waw.pl> wrote:
[..]
The effect of "-Wformat -Wformat-security" without -Werror
is only more warnings.
Unfortunately -Wformat will generate spurious warnings if the code is
not careful to give additional information to the compiler with
__attribute__((__format__(printf))) and friends. And even that sometimes
not enough, and explicit #pragma GCC diagnostic ignored "-Wformat-nonliteral"
is needed. So all in all, it is totally expected that code which is not
written with recent gcc in mind will generate spurious format warnings, even
if the code is completely OK. So turning this on will make builds more
noisy, and possibly break projects which use -Werror.
Even gcc themselves "is not written with recent gcc in mind".
$ grep '\[\-W' gcc.log| awk -F\[ '{print $2}'|awk -F\] '{print
$1}'|sort | uniq -c | sort -nr| head -n 20
485 -Wmissing-profile
106 -Wformat-security
81 -Wmaybe-uninitialized
44 -Wimplicit-fallthrough=
24 -Wunused-function
20 -Wpointer-sign
20 -Wimplicit-function-declaration
19 -Wstringop-truncation
8 -Wformat-truncation=
8 -Wcast-qual
7 -Wcast-function-type
4 -Wcpp
4 -Wbuiltin-declaration-mismatch
3 -Wparentheses
2 -Wunused-value
2 -Wunused-parameter
2 -Wmissing-prototypes
2 -Wmisleading-indentation
2 -Wint-to-pointer-cast
2 -Wdiscarded-qualifiers
BTW: each Fedora package build should have as part of the build report
something like above.
kloczek
--
Tomasz Kłoczko | LinkedIn:
http://lnkd.in/FXPWxH