[Cryptography] GCC bug 30475 (was Re: bounded pointers in C)

[Dennis E. Hamilton]

    -----Original Message-----
    From: Benjamin Kreuter
    Sent: Tuesday, April 29, 2014 20:21
    To: Arnold Reinhold
    On Tue, 2014-04-29 at 19:56 -0400, Arnold Reinhold wrote:
    > The C standards committee, as far as I know, only said that signed
    > integer overflow was undefined. They never required that code which
    > could create such an overflow, and any code dependent on such an
    > operation, be removed.

    Maybe so, but it is also not prohibited to remove it.  
    I would want this to be optimized by my compiler:

        if(x > x + 1) { /* ... */ }

    Yet someone might have been using "x > x + 1" as a way to check
    "x == INT_MAX", and such an optimization would cause a problem 
    for them.

The problem is that, if you are expecting that optimization, you are assuming that it is correct to assume the values of x with respect to > and + are equivalent to mathematical entities and operations there-upon when that is not actually the case.  All manner of bugs arise because of the assumption that the computer representation is an interpretation of standard mathematical entities.  They are, but not *those* mathematical entities.  In the case of a proper implementation of C Language as a system language, that optimization is entirely inappropriate.  

I am not surprised that the specification waves this off, nor am I surprised that compilers are set up to over-optimize.  The latter is certainly disappointing, though entirely predictable.

 - Dennis