[Cryptography] Ada vs Rust vs safer C
Ron Garret
ron at flownet.com
Sat Sep 17 19:51:42 EDT 2016
On Sep 17, 2016, at 2:46 PM, John Gilmore <gnu at toad.com> wrote:
>> 1. Simply warning about all detected undefined behavior (instead of silently emitting stupid code) would be huge win.
>
> Simply warning about all detected undefined behavior would produce so
> many warnings that nobody would care to read them, and nobody could do
> anything to resolve them. See -Wstrict-overflow=5 in the gcc manual,
> for example.
>
> int foo(a) { return a+1; }
>
> This function is undefined, because adding 1 to A might cause an
> integer overflow if the value of A happens to be INT_MAX, which in
> most cases cannot be detected at compile or link time.
What version of gcc are you using? With 4.8.4 I get no warnings:
[ron at stage:~]$ cat foo.c
int foo(a) { return a+1; }
[ron at stage:~]$ gcc -Wstrict-overflow=5 -c foo.c
[ron at stage:~]$
You are right, however, that this is indeed undefined behavior, although I think you’d be hard pressed to find a compiler that actually took advantage of that fact to do anything other than do the math mod 2^n for some appropriate value of n. But still, maybe if this was in people’s face enough that would motivate them to fix the broken standard.
rg
More information about the cryptography
mailing list