[Cryptography] GCC bug 30475 (was Re: bounded pointers in C)

[Dennis E. Hamilton]

    -----Original Message-----
    From: Benjamin Kreuter
    Sent: Wednesday, April 30, 2014 19:40
    Cc: cryptography at metzdowd.com

    On Wed, 2014-04-30 at 10:11 -0700, Dennis E. Hamilton wrote:
    [ ... ]
    > I am not surprised that the specification waves this off, 
    > nor am I surprised that compilers are set up to over-
    > optimize.

    You call it "over-optimizing," but I call it "textbook."  
    Eliminating the "if" statement in my example would happen 
    with basic optimization techniques that you can read about 
    in a typical compilers text.

I always thought it was magnificent that the C types are called int, and float and such.  Even char.  But not integer, real, and string.  

That compiler texts provide toy solutions that are inapplicable to the data types encountered in the production world is regrettable.  That intentional under-specification invites inappropriate optimization is a tragedy, since it undermines the work of those who are careful about this.  I don't think under-specification of a standard should mean that implementations should hide their behavior for such cases in obscurity.  To develop secure code, it makes the task of managing dependencies insufferable.

It is interesting that we do not have the same complaint for Java and the .NET languages that use the same type names as the C Language, with similar limitations on arithmetic over those types.  My point is that an implementers are perfectly able to declare as-rational treatment and provide technical assurances that can be depended upon concerning their implementation of C Language.

 - Dennis