[Cryptography] GCC bug 30475
Bear
bear at sonic.net
Fri Apr 25 22:36:13 EDT 2014
On Fri, 2014-04-25 at 09:24 -0700, Nemo wrote:
> GCC and Clang have done some work along these lines with
> "-fsanitize-undefined":
>
> http://stackoverflow.com/questions/20738232/
>
> But (a) it will never be complete and (b) if it ever were complete, the
> performance cost would be so high that it would not be C anymore.
Hey, that's useful! I have no idea why I had never spotted that
in the compiler docs before. So, I've added that to my default options
list, we'll see if it catches anything!
Incidentally, in the hopes that this might be useful for others
and in hopes that someone can give me a hint to add something
security-relevant and useful, my default options lists for
gcc are now....
# I want warnings about essentially everything which can
# produce a linguistic ambiguity under the standard or which
# probably indicates bad coding style, if gcc can warn me.
# this is the compiler invocation for c++
# for c++ see also 'scan-build' options for static analyzer
g++ -fstrict-overflow -fmax-errors=10 -fno-nonansi-builtins
-fsanitize=undefined -fuse-cxa-atexit -Wall -Wextra -std=c++11
-Wpedantic -Wformat=2 -Wctor-dtor-privacy -Wmissing-include-dirs
-Wswitch-default -Wtrampolines Wfloat-equal -Wundef -Wswitch-enum
-Wstrict-overflow=4 -Wshadow -Wcast-qual -Wcast-align -Wconversion
-Wzero-as-null-pointer-constant -Wlogical-op -Wstrict-null-sentinel
-Wold-style-cast -Wnormalized=nfkc
# and this would be for C code.
# for C, see also 'splint' options for static analyzer.
gcc -fstrict-overflow -fmax-errors=10 -fno-nonansi-builtins
-fsanitize=undefined -Wall -Wextra -std=c11 -Wpedantic -Wformat=2
-Winit-self -Wmissing-include-dirs -Wswitch-default -Wswitch-enum
-Wunused-local-typedefs -Wstrict-overflow=4 -Wtrampolines
-Wfloat-equal -Wtraditional-conversion -Wundef -Wshadow
-Wbad-function-cast -Wc++-compat -Wcast-qual -Wcast-align
-Wwrite-strings -Wconversion -Wzero-as-null-pointer-constant
-Wlogical-op -Wold-style-definition -Wnormalized=nfkc
-Wlong-long
This elicits just about every warning that gcc knows how to
give. I get a few more from static analyzers. I could have
cranked up -Wstrict-overflow another level but the level-5
warnings are pretty much all useless there.
Now, in relation to the particular issue we've been discussing --
the first option, -fstrict-overflow - forces an exception on
any signed overflow. -Wstrict-overflow causes a warning when
code is seen that is likely to cause an overflow (ie, if the
compiler cannot prove that it won't).
Bear
More information about the cryptography
mailing list