The options listed here are for compiling C programs. They are extra options to make the code less bug prone (like static analyzers).

GCC version 10.2

GCC has warning options helping programmers write better code. When I run tests, I have these options (compiling C):

-g3 -std=gnu11 -fPIC -pipe -mrdrnd -rdynamic -pthread -Wall -Wextra
  • -g3 stores all debug symbols including #defines
  • -std=gnu11 is C version I use: GNU C11, the _cleanup attribute is convenient and the macros can values...
  • -mrdrnd allows using the hardware random number generator
  • -rdynamic give us function names in stack traces
  • -pthread is for threads, it is no longer required with glibc 2.34 but I keep it to able to compile my projects on older linux systems
  • -Wall and -Wextra enable many useful warning but not all of them

To make my code more explicit and easier to update in the future, I enabled the following extra warning options:

  • -Wdouble-promotion warn implicit conversion to double
  • -Wformat-security warn not string literals for print functions
  • -Wformat-signedness warn format string and argument signedness mismatch
  • -Winit-self warn variables initialized with themselves
  • -Wshift-overflow=2 warn left shifting into the sign bit
  • -Wswitch-default warn when switch is missing a default case, it helps handling all cases
  • -Wstrict-overflow=4 warn about compiler optimizations
  • -Walloca warn alloca usage, this allow finding code using a lot of stack space
  • -Warith-conversion warn type conversion with constants
  • -Wduplicated-branches warn when an if-else has identical branches
  • -Wduplicated-cond warn about duplicated conditions in an if-else-if chain
  • -Wshadow warn whenever a local variable or type declaration shadows another variable, parameter, type
  • -Wcast-qual warn when const qualifier(and other qualifiers) is removed in a cast
  • -Wconversion warn for implicit conversions that may alter a value. After fixing these warnings, the conversions become explicit in the code
  • -Wdate-time warn when macros TIME, DATE or TIMESTAMP are encountered as they might prevent bit-wise-identical reproducible compilations
  • -Wstrict-prototypes warn if a function is declared or defined without specifying the argument types (old style)
  • -Wmissing-prototypes warn if a global function is defined without a previous prototype declaration
  • -Winvalid-pch warn if a precompiled header cannot be used

Here are the warning options I don't use:

  • -Wundef because there are warnings for the platform defines that are not set (__FreeBSD__) and it is ok.
  • -Wredundant-decls: in my project, there are lots of redundant declarations, so I don't use this option, but I think it is good warning to enable
  • -Wformat-nonliteral: it issues a warning for global const char*, I would like to have a warning when the format string is not readonly because it could be a user input.
  • -Wbad-function-cast: I get the warning when converting int64_t to double and I run my programs most of the time on x64. The x64 CPUs have the instruction cvtsi2sd so the conversion is done in hardware. I mostly dpn't need this warning.
  • -Wjump-misses-init: When a variable is declared and used in the jumped code between the goto and the label, the warning is issued. I think it is unnecessary and I would like to disable the warning when the goto is ok with #pragma GCC diagnostic ignored "-Wjump-misses-init", but the warning for the label is kept

For more detailed information about GCC warning options check out the official GCC documentation.

Clang version 11

Clang has different options compare to GCC, I compile my programs with both GCC and Clang. When compiling with Clang, I use these warning options:

  • -Wdouble-promotion same as GCC
  • -Wformat-security same as GCC
  • -Wformat-type-confusion warn format and variable type mismatch
  • -Winit-self same as GCC
  • -Wswitch-default same as GCC
  • -Wstrict-overflow=4 same as GCC
  • -Walloca same as GCC
  • -Wshadow same as GCC
  • -Wcast-qual same as GCC
  • -Wconversion same as GCC
  • -Wdate-time same as GCC
  • -Wstrict-prototypes same as GCC
  • -Wmissing-prototypes same as GCC
  • -Winvalid-pch same as GCC
  • -Wmissing-variable-declarations
  • -Wunreachable-code-aggressive warn about dead code
  • -Wextra-semi-stmt warn about empty expression statements, for example extra ; like this: puts("string");;
  • -Wused-but-marked-unused warn used variables marked as unused
  • -Wcast-align warn about memory alignment after cast
  • -Wdocumentation warn about comments

For more detailed information about Clang warning options check out Diagnostic flags in Clang (short descriptions).

Guides

[https://github.com/ossf/wg-best-practices-os-developers/blob/main/docs/Compiler_Hardening_Guides/Compiler-Options-Hardening-Guide-for-C-and-C++.md](Compiler Options Hardening Guide for C and C++)

hashtags: #cprogramming