This is the mail archive of the
mailing list for the GCC project.
Re: Signed int overflow behaviour in the security context
Andreas Bogk wrote:
Robert Dewar wrote:
People always say this, but they don't really realize what they are
saying. This would mean you could not put variables in registers, and
Making a call here before knowing this is not sensible. In fact,
I'm tempted to argue that it is generally a bad idea to do
optimizations that lead to the same expression being evaluated to
different results without making the user explicitly request them.
would essentially totally disable optimization.
I don't see why that demand would prevent register allocation. Maybe
you can explain that to me.
Probably the best thing is to refer you to a good compiler book, such
as the dragon book. It really is necessary to understand compiler
technology to understand this kind of thing, you can't understand
it just from a user point of view.
My point essentially is that it's not a good idea to have "x-y" mean
something different in different parts of the code. That's just too
hard for the user to understand and deal with properly.
if x or y is undefined, it fdoes not mean something different in
different parts, it means undefined in both cases.
Oh, the last formally security-critical application I've been working on
(FIPS 140-2 certification pending) *was* compiled with -O2, because the
resources on the embedded target device were scarce.
Very unusual, because it's so much harder to establish source-object
But I'm talking about the security of your average desktop system anyways.