[Cryptography] [FORGED] Re: How programming language design can help us write secure crypto code

Mansour Moufid mansourmoufid at gmail.com
Sat Oct 24 14:15:50 EDT 2015


On Sat, Oct 24, 2015 at 1:12 AM, Peter Gutmann
<pgut001 at cs.auckland.ac.nz> wrote:

> Bertrand Mollinier Toublet <crypto-metzdowd at bmt-online.org> writes:
>
>>In other words, your (generic your, not just you, Ray) beef is not with the
>>language, but with the toolchains you happen to have at your disposal.
>
> Absolutely.  I'll note that compilers like MSVC, armcc, suncc, and IBM's xlc,
> which follow exactly the same C standard that gcc does, don't break the code
> in the same way that gcc does.  gcc is by far the worst compiler in terms of
> code breakage.

Those compilers have customers.  GCC has users.

Regarding the previous example of integer operations which GCC claims
are undefined behaviour: there are six formal semantics of C, not one
agrees with GCC.  No reasonable reading of the standard does.

The tragedy is when the GCC developers' abusive interpretations of the
standard become the de facto standard.

> Oh, trust me, that wasn't harsh words :-).  I actually thought about what
> description to use before I posted it, how would you describe someone who's
> made a conscious decision that their product will act in a way that breaks
> other people's products, in other words that it fails to function as expected.
> You can't use "negligent" because they made a conscious decision to do so, and
> then applying the maxim "never attribute to malice what is adequately
> explained by stupidity"...

There are two C programmers: those who use GCC, and those who don't
want an adversarial relationship with their compiler.


More information about the cryptography mailing list