From 89d2df8a65d7ce1fa9d7720c017ee3b94a14e43b Mon Sep 17 00:00:00 2001 From: Thomas Nyman Date: Thu, 20 Mar 2025 22:15:05 +0100 Subject: [PATCH] Make draft in Compiler Annotations Guide notice consistent with Secure Coding Guide for Python Signed-off-by: Thomas Nyman --- .../Compiler-Annotations-for-C-and-C++.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/Compiler-Hardening-Guides/Compiler-Annotations-for-C-and-C++.md b/docs/Compiler-Hardening-Guides/Compiler-Annotations-for-C-and-C++.md index 82fe622c..5e08abbd 100644 --- a/docs/Compiler-Hardening-Guides/Compiler-Annotations-for-C-and-C++.md +++ b/docs/Compiler-Hardening-Guides/Compiler-Annotations-for-C-and-C++.md @@ -1,6 +1,6 @@ # Compiler Annotations for C and C++ -*Draft by the [Open Source Security Foundation (OpenSSF)](https://openssf.org) [Best Practices Working Group](https://best.openssf.org/) +> ⓘ NOTE: *This is a draft document by the [Open Source Security Foundation (OpenSSF)](https://openssf.org) [Best Practices Working Group](https://best.openssf.org/). Help to [improve it on Github](https://github.com/ossf/wg-best-practices-os-developers/edit/main/docs/Compiler-Hardening-Guides/Compiler-Annotations-for-C-and-C++.md).* Compile time security analysis and runtime mitigation implemented in compilers both depend on the compiler being able to see the flow of data between different points in a program, across functions and modules. This is quite a challenge in C and C++ because both languages allow passing around opaque references, thus losing information about objects. To work around this problem, both GCC and Clang implement attributes to annotate source code, especially functions and data structures, to allow them to do better analysis of source code. These annotations are not only beneficial for security, but they also help the compilers make better optimization decisions, often resulting in better code.