[Cryptography] How programming language design can help us write secure crypto code
Peter Gutmann
pgut001 at cs.auckland.ac.nz
Sun Nov 1 06:17:15 EST 2015
Stephan Neuhaus <sten at artdecode.de> writes:
>On 2015-11-01 02:39, Christian Huitema wrote:
>> will not be null. That is done by tracing the variable through the
>> potential execution paths, which requires annotating functions
>> handling that variable, checking for "== NULL" tests, etc.
>
>...unless of course your == NULL test is then optimised away because it
>depended on signed integer overflow some lines earlier.
The compiler being referred to that does the analysis for non-NULL isn't gcc,
so it won't optimise the check away. It's a bit of a tautology, gcc won't do
the analysis and will optimise away the null check, the other compiler does
the analysis and won't optimise away the check.
(I'm just playing with it at the moment, the analysis is incredibly powerful,
if a bit quirky at times when the analyser reasons itself down the wrong
track).
Peter.
More information about the cryptography
mailing list