On Thu, Jun 22, 2017 at 10:02 AM, Mike Stump <mikest...@comcast.net> wrote: > On Jun 22, 2017, at 8:32 AM, Jeff Law <l...@redhat.com> wrote: >> >> Sure. I'll do something with 20031023-1.c to ensure it or an equivalent >> is compiled with -fstack-check. That isn't totally unexpected. I >> would have also been receptive to adding -fstack-check to the torture flags. > > Ouch. Though stack checking might be important, the feature is very, very > narrow, and once tested, if unlike to ever break or interact badly with other > work. I'd rather people default it to on, run the entire suite, fix all bugs > (with test cases added for all the bugs), then turn it back off. Additional > torture passes are expensive; we use them for things that do regress, that > are important, that have thousands of moving parts to keep them working. O2, > -g are good examples for things that by their nature, likely will always be > best served by torture options. Now, if you want to focus on security for > 1-3 months, add it, fix all the bugs, then turn it off; it would be a great > way to get all the bugs filed, if you want.
One other way of doing this testing is having your own testers test both with and without -fstack-check like some folks do for -fPIC. Thanks, Andrew >
