public inbox for gcc-prs@sourceware.org help / color / mirror / Atom feed
From: Florian Weimer <fw@deneb.enyo.de> To: nobody@gcc.gnu.org Cc: gcc-prs@gcc.gnu.org, Subject: Re: optimization/8537: Optimizer Removes Code Necessary for Security Date: Fri, 22 Nov 2002 11:36:00 -0000 [thread overview] Message-ID: <20021117153602.14975.qmail@sources.redhat.com> (raw) The following reply was made to PR optimization/8537; it has been noted by GNATS. From: Florian Weimer <fw@deneb.enyo.de> To: "Joseph D. Wagner" <wagnerjd@prodigy.net> Cc: <gcc-bugs@gcc.gnu.org>, <gcc-gnats@gcc.gnu.org> Subject: Re: optimization/8537: Optimizer Removes Code Necessary for Security Date: Sun, 17 Nov 2002 16:27:12 +0100 "Joseph D. Wagner" <wagnerjd@prodigy.net> writes: > Direct quote from: > http://gcc.gnu.org/onlinedocs/gcc-3.2/gcc/Bug-Criteria.html > > "If the compiler produces valid assembly code that does not correctly > execute the input source code, that is a compiler bug." In this case, "correctly" means "correctly according to ISO 9899 and the GCC documentation", not just "as expected". > So to all you naysayers out there who claim this is a programming error > or poor coding, YES, IT IS A BUG! It would be a bug if GCC would implement Joseph D. Wagner's Imaginative Version Of C, but the GNU C compiler implements a different programming language, I'm afraid. Just because it's unexpected to you and a few others, it's not a bug automatically. >> The problem is the standard gives wide latitude in what the optimizer >> can optimize > > Isn't this also the solution? Solution to which problem? Of course you can special-case this particular instance in the optimizer, but this isn't a good idea. There's already enough bloat in GCC. > Can't the optimizer check to see if the function is memset(), and > if so check to see if the value is 0 or NULL, and if so leave it in? This only solves one particular incarnation of the more general problem. Currently, when you have scrubbing requirements, you have to inspect the object code anyway, even if any of the changes to GCC suggested so far were made. There is no way to tell the compiler, "this data is critical, don't make any copies of it". Anyway, correct scrubbing is only a very weak form of protection and prone to race conditions in multi-tasking environments. Although one of the most widely used operating systems doesn't do any scrubbing on the operating system level, this is hardly a problem we want to and can fix in GCC.
next reply other threads:[~2002-11-17 15:36 UTC|newest] Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top 2002-11-22 11:36 Florian Weimer [this message] -- strict thread matches above, loose matches on Subject: below -- 2002-11-22 11:26 Joseph D. Wagner 2002-11-22 11:26 fw 2002-11-19 12:46 wagnerjd
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=20021117153602.14975.qmail@sources.redhat.com \ --to=fw@deneb.enyo.de \ --cc=gcc-prs@gcc.gnu.org \ --cc=nobody@gcc.gnu.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).