This is the mail archive of the gcc@gcc.gnu.org mailing list for the GCC project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: Signed int overflow behaviour in the security context


On Fri, Jan 26, 2007 at 10:34:06PM +0100, Andreas Bogk wrote:
> But if the gcc user base prefers performance over security, and you are
> willing to go with them, they might get what they deserve.

You continue to confidently assert, without any backup, that loop
unrolling that assumes overflow does not occur has a negative security
impact.  The problem is, if an int overflow occurs and it wraps according
to LIA-1 semantics, that, also, is likely to have a security impact if the
program's author was not thinking about overflow.

Every leading C compiler has for years done things like this to boost
performance on scientific codes.

It seems clear that if value range propagation were to assume everywhere
that int overflow does not occur, then this would have bad effects on
existing code bases.  No shipping GCC does this, and I doubt that one ever
will by default.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]