[Cryptography] [FORGED] Re: How programming language design can help us write secure crypto code
Peter Gutmann
pgut001 at cs.auckland.ac.nz
Sun Nov 1 00:20:09 EDT 2015
Thierry Moreau <thierry.moreau at connotech.com> writes:
>Isn't this a basic precaution from the compiler *user*?
Not if the documentation doesn't tell them what the annotation will do. As
I've already said twice now, the various people I've talked to about this
assumed that what the annotation did was warn about inadvertent null pointer
use. It's not a large sample, but of that sample, 100% assumed from reading
the docs that it did more or less the opposite of what it actually does. This
implies that either the compiler or the docs need to be fixed. The gcc
developers have chosen to do neither.
>> (gcc is full of latent pathogens like this one).
>
>These words are yours. I find them counterproductive.
I find them useful guidance, if you assume the compiler/compiler developers
are hostile, you can take steps to guard against them. It's like telling
someone "don't walk through (the streets) south of Market St in San Francisco
late at night by yourself", you've been warned of danger and can take steps to
ameliorate it.
Peter.
More information about the cryptography
mailing list