[Cryptography] GCC bug 30475 (was Re: bounded pointers in C)

[Bill Frantz]

I think approaching this problem like a legal problem is a very 
poor approach. As I see it, we have two goals which may be in 
conflict. We want fast programs, and we want safe programs. We 
may lean one way for some programs and the other way for others. 
We may also have programs which are designed for a specific 
architecture and not to be portable.

As I see it, the C language standards need to move some of the 
"undefined" behaviors into a different category, lets call it 
"target machine defined". If I understand correctly, the C 
standard assumes that arithmetic will be performed in one of 
three ways, depending on the underlying hardware architecture. 
Optimization should remove tests like if (x > x+1) only if that 
statement is always true in the target architecture. If the 
compiler doesn't know the target architecture, then it should 
assure the test is true in the three possible target 
architectures as well as standard, unlimited size, arithmetic.

These well defined forms of arithmetic seem to be quite 
different from other "undefined" operations like addressing 
outside the bounds of an array.

While all of these behaviors may be under control of compiler 
options, and GCC certainly has plenty of them, the default 
values should be for least surprise and maximum warning. 
Documenting a set of options for maximum safety, a set for 
maximum speed, and a set which will allow use of 
architecture-dependent arithmetic would also be useful.

Cheers - Bill

-----------------------------------------------------------------------
Bill Frantz        | Truth and love must prevail  | Periwinkle
(408)356-8506      | over lies and hate.          | 16345 
Englewood Ave
www.pwpconsult.com |               - Vaclav Havel | Los Gatos, 
CA 95032