This is the mail archive of the
mailing list for the GCC project.
Re: Signed int overflow behaviour in the security context
Robert Dewar wrote:
>> So basically you're saying gcc developers should compensate for other
>> people's sloppy engineering? ;-)
> Yes I would say! where possible this seems an excellent goal.
I agree: when it's possible to support non-standard legacy semantics
that do not conflict with the standard, without substantial negative
impact, then that's a good thing to do.
In this specific case, we know there is a significant performance
impact, and we know that performance is very important to both the
existing and potential GCC user base, so I think that making the
compiler more aggressive at -O2 is sensible.
And, Ian is working on -fno-strict-overflow, so that users have a
choice, which is also very sensible. Perhaps the distribution vendors
will then add value by selectively compiling packages that need it with
-fno-strict-overflow so that security-critical packages are that much
less likely to do bad things, while making the rest of the system go
faster by not using the option.
I think we've selected a very reasonable path here.
(650) 331-3385 x713