
Toward _FORTIFY_SOURCE Parity Between Clang and GCC - mroche
https://developers.redhat.com/blog/2020/02/11/toward-_fortify_source-parity-between-clang-and-gcc/
======
kccqzy
How does this relate to the address sanitizer? I believe ASan can catch all of
the issues caught by _FORTIFY_SOURCE. Does the latter have fewer checks and
better runtime performance? I'm guessing it is considered by most to be fine
using _FORTIFY_SOURCE in production binaries but too much overhead for ASan?

~~~
zzz11
_FORTIFY_SOURCE is a rather weak but fast mitigation for a narrow class of
security issues. AddressSanitizer is a bug finding tool (2x CPU overhead!),
for a different and much wider class of issues.

Edit: there is some overlap, of course.

------
unixhero
Is it good for both, Pareto optimal, or is it bad for GCC that Clang is
catching up?

But if Clang is catching up, is that really bad?

~~~
jhasse
It's bad for GCC, but good for C++ developers. GCC and MSVC will die and there
will be only one compiler on all platforms (which is also the best one).

Just have a look at Chrome and Firefox. They already use Clang on all
platforms. On Windows they are working on replacing link with lld. Android has
deprecated GCC completely. In the future it's gonna be clang + lld + libc++
all the way. And yeah, GDB and WinDbg will also be replaced by LLDB.

~~~
voldacar
GCC still generates faster binaries (on average across a wide set of
benchmarks) than clang as of last year

~~~
big_chungus
Not that much faster. Most benchmarks find that GCC is a little ahead, but not
much:

[https://www.phoronix.com/scan.php?page=article&item=gcc9-cla...](https://www.phoronix.com/scan.php?page=article&item=gcc9-clang8-hedt&num=6)

[https://medium.com/@alitech_2017/gcc-vs-clang-llvm-an-in-
dep...](https://medium.com/@alitech_2017/gcc-vs-clang-llvm-an-in-depth-
comparison-of-c-c-compilers-899ede2be378)

Remember that these are both Linux benchmarks; GCC on windows is a bit sketchy
with MinGW. Things can usually be made to work, but Clang is the only real
competitor to MSVC (unless you're counting Intel's crazy-expensive offering,
which is not intended for general use).

