This is the mail archive of the mailing list for the GCC project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: Signed int overflow behaviour in the security context

Robert Dewar wrote:

>> So basically you're saying gcc developers should compensate for other
>> people's sloppy engineering?  ;-)
> Yes I would say! where possible this seems an excellent goal.

I agree: when it's possible to support non-standard legacy semantics
that do not conflict with the standard, without substantial negative
impact, then that's a good thing to do.

In this specific case, we know there is a significant performance
impact, and we know that performance is very important to both the
existing and potential GCC user base, so I think that making the
compiler more aggressive at -O2 is sensible.

And, Ian is working on -fno-strict-overflow, so that users have a
choice, which is also very sensible.  Perhaps the distribution vendors
will then add value by selectively compiling packages that need it with
-fno-strict-overflow so that security-critical packages are that much
less likely to do bad things, while making the rest of the system go
faster by not using the option.

I think we've selected a very reasonable path here.

Mark Mitchell
(650) 331-3385 x713

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]