New compiler warnings

[btrask]

My philosophy on C is that there is so much undefined behavior, we can turn it into any language we want it to be, including one focused on security. I think stand-alone static analyzers are a dead end, and the correct way to do this is by adding compiler warnings to existing mainstream compilers. The simplest and most obvious option is Clang.

Here are some warnings I'd like to see:

• A better version of -Wjump-misses-init that only complains if the uninitialized value is actually used (this is actually sort of accomplished by -Wmaybe-uninitialized under GCC)
• A warning for non-const variables that aren't modified (have to be careful to avoid false positives)
• A feature flag that inserts assertions that all stack variables are zeroed before the stack frame is left, which would basically extend our assert_zeroed macro to the stack

C can also theoretically support a stricter memory model (like AddressSanitizer or emscripten) and all sorts of cool things. There's plenty of room at the bottom!

[btrask]

Other ideas:

• A warning for uninitialized struct padding (which breaks our assert_zeroed macro)
• Use of empty ; instead of {} (minor style issue, ; is less obvious)

[btrask]

We could also use a debugger option for setting breakpoints within a line.

We use short statements on the same line as their conditional to encourage error checking and avoid "goto fail" style bugs. However, GDB at least can't set breakpoints on the statement inside of the conditional.

I looked pretty hard into this and surprisingly I couldn't find any more info on it. Perhaps LLDB supports it.