public inbox for gcc-prs@sourceware.org
help / color / mirror / Atom feed
From: Florian Weimer <fw@deneb.enyo.de>
To: nobody@gcc.gnu.org
Cc: gcc-prs@gcc.gnu.org,
Subject: Re: optimization/8537: Optimizer Removes Code Necessary for Security
Date: Fri, 22 Nov 2002 11:36:00 -0000 [thread overview]
Message-ID: <20021117153602.14975.qmail@sources.redhat.com> (raw)
The following reply was made to PR optimization/8537; it has been noted by GNATS.
From: Florian Weimer <fw@deneb.enyo.de>
To: "Joseph D. Wagner" <wagnerjd@prodigy.net>
Cc: <gcc-bugs@gcc.gnu.org>, <gcc-gnats@gcc.gnu.org>
Subject: Re: optimization/8537: Optimizer Removes Code Necessary for
Security
Date: Sun, 17 Nov 2002 16:27:12 +0100
"Joseph D. Wagner" <wagnerjd@prodigy.net> writes:
> Direct quote from:
> http://gcc.gnu.org/onlinedocs/gcc-3.2/gcc/Bug-Criteria.html
>
> "If the compiler produces valid assembly code that does not correctly
> execute the input source code, that is a compiler bug."
In this case, "correctly" means "correctly according to ISO 9899 and
the GCC documentation", not just "as expected".
> So to all you naysayers out there who claim this is a programming error
> or poor coding, YES, IT IS A BUG!
It would be a bug if GCC would implement Joseph D. Wagner's
Imaginative Version Of C, but the GNU C compiler implements a
different programming language, I'm afraid.
Just because it's unexpected to you and a few others, it's not a bug
automatically.
>> The problem is the standard gives wide latitude in what the optimizer
>> can optimize
>
> Isn't this also the solution?
Solution to which problem? Of course you can special-case this
particular instance in the optimizer, but this isn't a good idea.
There's already enough bloat in GCC.
> Can't the optimizer check to see if the function is memset(), and
> if so check to see if the value is 0 or NULL, and if so leave it in?
This only solves one particular incarnation of the more general
problem. Currently, when you have scrubbing requirements, you have to
inspect the object code anyway, even if any of the changes to GCC
suggested so far were made. There is no way to tell the compiler,
"this data is critical, don't make any copies of it".
Anyway, correct scrubbing is only a very weak form of protection and
prone to race conditions in multi-tasking environments. Although one
of the most widely used operating systems doesn't do any scrubbing on
the operating system level, this is hardly a problem we want to and
can fix in GCC.
next reply other threads:[~2002-11-17 15:36 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2002-11-22 11:36 Florian Weimer [this message]
-- strict thread matches above, loose matches on Subject: below --
2002-11-22 11:26 Joseph D. Wagner
2002-11-22 11:26 fw
2002-11-19 12:46 wagnerjd
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20021117153602.14975.qmail@sources.redhat.com \
--to=fw@deneb.enyo.de \
--cc=gcc-prs@gcc.gnu.org \
--cc=nobody@gcc.gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).