This is the mail archive of the gcc@gcc.gnu.org mailing list for the GCC project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: Signed int overflow behaviour in the security context

From: Tom Tromey <tromey at redhat dot com>
To: Robert Dewar <dewar at adacore dot com>
Cc: Andreas Bogk <andreas at andreas dot org>, gcc at gcc dot gnu dot org
Date: 26 Jan 2007 16:01:20 -0700
Subject: Re: Signed int overflow behaviour in the security context
References: <45B585D1.1080202@andreas.org> <45B64108.9020603@andreas.org> <m3ac097iy6.fsf@localhost.localdomain> <45B68F80.5080701@andreas.org> <10701240158.AA23895@vlsi1.ultra.nyu.edu> <ep70gd$ftg$1@sea.gmane.org> <10701241251.AA00849@vlsi1.ultra.nyu.edu> <20070124184618.GA6607@synopsys.com> <10701250009.AA16048@vlsi1.ultra.nyu.edu> <45B894F1.6000802@andreas.org> <571f6b510701250349l41c4fecby85fdd5486482c6d3@mail.gmail.com> <45B89E50.3040008@adacore.com> <45B92470.9050106@codesourcery.com> <45BA73CE.2090203@andreas.org> <45BA8D01.7070806@adacore.com>
Reply-to: tromey at redhat dot com

>>>>> "Robert" == Robert Dewar <dewar@adacore.com> writes:

Robert> Note by the way that formally safety-critical or security-critical
Robert> software is very unlikely to be compiled at -O2 anyway.

I think it is more likely, on Linux at least, that software will be
compiled with whatever autoconf defaults to... so we've come full
circle on this discussion :)


My view overall is that most programmers will be baffled if gdb -- or
printf -- says that 'a == -1' but GCC has removed an 'if (a < 0) abort();'.
Before this conversation, I'm sure I would have reported that as a gcc
bug.  (Of course, everybody knows that Java has rotted my brain :-)

It would be nice to hear about the results of a full OS build with
-Wstrict-overflow.  My suspicion (based on zero actual evidence) is
that this will reveal many latent bugs.  If most programs are ok then
I will stop worrying.

Tom

References:
- Re: Signed int overflow behaviour in the security context
  - From: Andreas Bogk
- Re: Signed int overflow behaviour in the security context
  - From: Andreas Bogk
- Re: Signed int overflow behaviour in the security context
  - From: Ian Lance Taylor
- Re: Signed int overflow behaviour in the security context
  - From: Andreas Bogk
- Re: Signed int overflow behaviour in the security context
  - From: Richard Kenner
- Re: Signed int overflow behaviour in the security context
  - From: James Dennett
- Re: Signed int overflow behaviour in the security context
  - From: Richard Kenner
- Re: Signed int overflow behaviour in the security context
  - From: Joe Buck
- Re: Signed int overflow behaviour in the security context
  - From: Richard Kenner
- Re: Signed int overflow behaviour in the security context
  - From: Andreas Bogk
- Re: Signed int overflow behaviour in the security context
  - From: Steven Bosscher
- Re: Signed int overflow behaviour in the security context
  - From: Robert Dewar
- Re: Signed int overflow behaviour in the security context
  - From: Mark Mitchell
- Re: Signed int overflow behaviour in the security context
  - From: Andreas Bogk
- Re: Signed int overflow behaviour in the security context
  - From: Robert Dewar

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]