This is the mail archive of the mailing list for the GCC project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: Signed int overflow behaviour in the security context

Andreas Bogk wrote:
Robert Dewar wrote:
Making a call here before knowing this is not sensible.  In fact,
I'm tempted to argue that it is generally a bad idea to do
optimizations that lead to the same expression being evaluated to
different results without making the user explicitly request them.
People always say this, but they don't really realize what they are saying. This would mean you could not put variables in registers, and
would essentially totally disable optimization.

I don't see why that demand would prevent register allocation. Maybe you can explain that to me.

Probably the best thing is to refer you to a good compiler book, such as the dragon book. It really is necessary to understand compiler technology to understand this kind of thing, you can't understand it just from a user point of view.

My point essentially is that it's not a good idea to have "x-y" mean something different in different parts of the code. That's just too hard for the user to understand and deal with properly.

if x or y is undefined, it fdoes not mean something different in different parts, it means undefined in both cases.

Oh, the last formally security-critical application I've been working on (FIPS 140-2 certification pending) *was* compiled with -O2, because the resources on the embedded target device were scarce.

Very unusual, because it's so much harder to establish source-object traceability.

But I'm talking about the security of your average desktop system anyways.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]