[Cryptography] [FORGED] Re: How programming language design can help us write secure crypto code
Thierry Moreau
thierry.moreau at connotech.com
Sat Oct 31 17:39:57 EDT 2015
Hi!
Now I am teaching programming subtleties to Peter ...
On 31/10/15 01:29 AM, Peter Gutmann wrote:
>
> Here's what the gcc
> docs say for the annotation:
>
> The nonnull attribute specifies that some function parameters should be non-
> null pointers. For instance, the declaration:
>
> extern void *
> my_memcpy (void *dest, const void *src, size_t len)
> __attribute__((nonnull (1, 2)));
>
> causes the compiler to check that, in calls to my_memcpy, arguments dest and
> src are non-null. If the compiler determines that a null pointer is passed
> in an argument slot marked as non-null, and the -Wnonnull option is enabled,
> a warning is issued.
This is a compile-time verification, a compile-time warning. It is
obviously the case that compile-time "determinations" are limited, and a
reasonable programmer would not expect a compile-time warning for a null
pointer that can be "determined" only at run-time.
> The compiler may also choose to make optimizations
> based on the knowledge that certain function arguments will not be null.
These potential optimizations would typically be *within* the function
definition.
>
> Here's what gcc actually does:
>
> The nonnull attribute specifies that some function parameters should be non-
> null pointers. For instance, the declaration [...] causes the compiler to
> silently remove any checks for null pointers in the code when compiling it.
> No warnings will be issued.
>
The avoided warning would be that the removed checks were optimized-away.
- Thierry
More information about the cryptography
mailing list