View on GitHub

Getting the maximum of your C compiler, for security

Security-related flags and options for C compilers

Microsoft Visual Studio (2019)

As I am not running Windows, this section is less precise. But recent versions of Visual Studio support using Clang as a compiler, so all the Clang options apply.

Note about the GUI

The flags described here are those you can set on the command line. Some options can be changed directly in the GUI. Check the following documentation pages for reference:

Warnings

All warnings can be enabled by using the /Wall option, as documented .

Note: The /W4 option does not enable all “level 4” warnings: /W4 displays level 1, level 2, and level 3 warnings, and all level 4 (informational) warnings that aren't off by default.. So, you have to use /Wall and disable the ones that are not relevant.

As with GCC and Clang, MSVC supports disabling warnings for “external” headers, by using the /external option, documented here. For example: /external:anglebrackets /external:W3 will lower warnings to W3 for headers included through <>.

Compilation flags

Code analysis

Recent versions of Visual Studio support “Code Analysis”, as documented here: https://docs.microsoft.com/en-us/cpp/code-quality/code-analysis-for-c-cpp-overview?view=msvc-160

/analyze

Sanitizers

Visual Studio 2019 introduced support for ASan, documented here: https://docs.microsoft.com/en-us/cpp/sanitizers/?view=msvc-160

The /fsanitize command line option is documented here: https://docs.microsoft.com/en-us/cpp/build/reference/fsanitize?view=msvc-160

Runtime checks (for debug builds): https://docs.microsoft.com/en-us/cpp/build/reference/rtc-run-time-error-checks?view=msvc-160

References