This is the mail archive of the gcc@gcc.gnu.org mailing list for the GCC project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: Signed int overflow behaviour in the security context


Richard Kenner wrote:
> I was addressing the claim that we allegedly have people writing security-
> and/or safety-critical software who don't understand the semantics of that
> language as they relate to safety and security (namely, what overflows do).
> That's a serious problem.  Of course, there's not a whole lot that we
> as compiler writers can do with it (hence my smiley).

You're misrepresenting the argument here.  This is not just about newly
written software, but also about software that already has been written.
 It's not just about security-critical software (whatever you think that
is), but about the software you and I use every day.  Think your desktop
system.  It's also not about programmers who don't understand about
overflows, but about those who believe that overflows happen in a
consistent manner.

Also, of course there is something you can do as compiler writers, and
that is to enable LIA-1 behaviour by default.  "It's not my fault if
people write buggy software" is a lame excuse for sloppy engineering on
the part of gcc.  It's not too much to ask to try a little harder to at
least be consistent.

Andreas



Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]