[Cryptography] GCC bug 30475 (was Re: bounded pointers in C)
Stephan Neuhaus
stephan.neuhaus at tik.ee.ethz.ch
Wed Apr 30 17:01:57 EDT 2014
On 2014-04-30, 22:44, wish at dumain.com wrote:
> Imagine an architecture where the compiler that does its 32 bit
> integer maths in 64 bit registers and only worries about whether the
> result fits into a 32 bit int when assigning the result to a variable
> or passing it as a parameter. Your pet assert would fail with such
> an implementation without an optimiser in sight. I believe such an
> implementation would still be correct according to the standard as it
> should produce the same result in all cases where the output is not
> left as undefined by the standard.
While I disagree with most of what you said about what the compiler
ought and ought not to do with security checks and undefined behaviour,
there is precedent of a kind for this.
Some CPU/FPU implementations have 80 bit FPU registers (equivalent to
C's long double type when on an IEEE-conforming implementation), but
64-bit double representations. Computations are done by loading the
(64-bit) double operands form memory, extending them to (80 bit) long
double, doing the computation in long double, then rounding the result
to double and finally storing the result. This can invalidate many
carefully crafted optimisations or error-curtailing tricks.
Fun,
Stephan
More information about the cryptography
mailing list