https://gcc.gnu.org/bugzilla/show_bug.cgi?id=86532
--- Comment #16 from Martin Sebor <msebor at gcc dot gnu.org> --- I would prefer to avoid discussing the array size rule and optimization in too many places, and especially in bugs that aren't directly related to it. There are other bugs where it is being discussed (mainly pr86259), so let's keep it there. That said, since security and diagnostics are one of my main areas of focus let me say this: There are standardization efforts where some of these concerns are being actively discussed: both the language guarantees and requirements and the mechanisms for relaxing them to perhaps make code like the example in comment #8 valid (the C object model study group), and the safety and security considerations surrounding these topics (e.g., the TS 17961 revision). I have been involved in these groups and others like it for many years, and at the same time making an effort to enhance GCC to detect their violations. There's lots more work to do to be sure but I think GCC already is ahead of other compilers in detecting these kinds of problems. Some diagnostics are missing and others are false positives because of missing optimizations (e.g., some of those linked to bug 83819). Others are missing because early optimizations prevent them from being detected (e.g., bug 86434). In this case, it should be relatively straightforward to detect uses of unterminated const strings. I have raised bug 86552 for it and will look into implementing it. It's a much bigger challenge to get some of the others detected (or some of the false positives avoided): partly because it's difficult to get maintainers to accept middle-end warnings into GCC.
