[Cryptography] [FORGED] Ada vs Rust vs safer C
Peter Gutmann
pgut001 at cs.auckland.ac.nz
Fri Sep 16 22:29:42 EDT 2016
Arnold Reinhold <agr at me.com> writes:
>Since the dogma is that undefined means the compiler can do anything its
>developers want, what would it take to develop a supplemental specification
>that defines the most concerning undefined behaviors? What would it then take
>to develop compiler that meets those specifications? If the Free Software
>Foundation might be convinced to help. If not, GCC, or parts of it, could be
>forked.
I wouldn't pin much hope on that, gcc is aggressively part of the problem
space, not the solution space. If you look at "Towards Optimization-Safe
Systems: Analyzing the Impact of Undefined Behavior" from SOSP 2013, the
safest (meaning biggest chance of applying common sense) widely-used compilers
are MSVC and armcc. The worst compiler is gcc, and the gcc developers have,
over a period of many years, argued endlessly for maintaining this behaviour.
So your immediate solution, if you're worried about this, is to compile for
Windows or Arm (using armcc, not gcc). In terms of OSS compilers, perhaps the
clang folks would be more open to addressing the problem.
Peter.
More information about the cryptography
mailing list