Review other documents for more C/C++ compiler option ideas

[david-a-wheeler]

The current C/C++ compiler option guidelines have a lot of good information. We should re-review other materials to see if we're missing something that should be in there. I don't think this should hold up the November 2023 release, but I think it's important as continuing work.

Examples of such materials:

• [airbus] Airbus Security Lab, https://airbus-seclab.github.io/c-compiler-security/
• [boringcc] boringcc - a discussion on how to use GCC in a way that reduces (and ideally eliminates) all undefined behaviors
• [Debian] Debian’s HardeningWalkthrough and Hardening pages explain the hardening options used by Debian
• [Gentoo] Gentoo’s Hardened Toolchain
• [GCC] Using the GNU Compiler Collection (GCC) includes GCC warning options
• [Hacker News] Hacker News discussion of Airbus’s document at https://news.ycombinator.com/item?id=28367101
• [Linux kernel] The Linux kernel uses a number of defensive options. See its Makefile, as well as the directory master/scripts which includes Makefile.extrawarn
• [madaidan] Linux Hardening Guide/Hardened Compilation Flags
• [Regehr] Regehr, John, A Guide to Undefined Behavior in C and C++, https://blog.regehr.org/archives/213
• [Ubuntu] Ubuntu’s default CompilerFlags
• [Weimer] Recommended compiler and linker flags for GCC by Florian Weimer (March 21, 2018) (Red Hat)
• [Wheeler] Wheeler, David A., Initial Analysis of Underhanded Source Code, 2020-04, IDA Document D-13166. This paper uses the following flags to help detect underhanded code: “-Wall -Wextra -pedantic Wbad-function-cast -Wstrict-prototypes -Wundef -Wshadow -Wlogical-op Wconversion”
• [Old-draft] (DRAFT) Recommended compiler option flags for C/C++ programs https://docs.google.com/document/d/1SslnJuqbFUyTFnhzkhC_Q3PPGZ1zrG89COrS6LV6pz4/edit