[Cryptography] GCC bug 30475 (was Re: bounded pointers in C)
Bill Frantz
frantz at pwpconsult.com
Thu May 1 11:26:36 EDT 2014
I think approaching this problem like a legal problem is a very
poor approach. As I see it, we have two goals which may be in
conflict. We want fast programs, and we want safe programs. We
may lean one way for some programs and the other way for others.
We may also have programs which are designed for a specific
architecture and not to be portable.
As I see it, the C language standards need to move some of the
"undefined" behaviors into a different category, lets call it
"target machine defined". If I understand correctly, the C
standard assumes that arithmetic will be performed in one of
three ways, depending on the underlying hardware architecture.
Optimization should remove tests like if (x > x+1) only if that
statement is always true in the target architecture. If the
compiler doesn't know the target architecture, then it should
assure the test is true in the three possible target
architectures as well as standard, unlimited size, arithmetic.
These well defined forms of arithmetic seem to be quite
different from other "undefined" operations like addressing
outside the bounds of an array.
While all of these behaviors may be under control of compiler
options, and GCC certainly has plenty of them, the default
values should be for least surprise and maximum warning.
Documenting a set of options for maximum safety, a set for
maximum speed, and a set which will allow use of
architecture-dependent arithmetic would also be useful.
Cheers - Bill
-----------------------------------------------------------------------
Bill Frantz | Truth and love must prevail | Periwinkle
(408)356-8506 | over lies and hate. | 16345
Englewood Ave
www.pwpconsult.com | - Vaclav Havel | Los Gatos,
CA 95032
More information about the cryptography
mailing list