From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 14990 invoked by alias); 17 Nov 2002 15:36:03 -0000 Mailing-List: contact gcc-prs-help@gcc.gnu.org; run by ezmlm Precedence: bulk List-Archive: List-Post: List-Help: Sender: gcc-prs-owner@gcc.gnu.org Received: (qmail 14976 invoked by uid 71); 17 Nov 2002 15:36:02 -0000 Date: Fri, 22 Nov 2002 11:36:00 -0000 Message-ID: <20021117153602.14975.qmail@sources.redhat.com> To: nobody@gcc.gnu.org Cc: gcc-prs@gcc.gnu.org, From: Florian Weimer Subject: Re: optimization/8537: Optimizer Removes Code Necessary for Security Reply-To: Florian Weimer X-SW-Source: 2002-11/txt/msg00852.txt.bz2 List-Id: The following reply was made to PR optimization/8537; it has been noted by GNATS. From: Florian Weimer To: "Joseph D. Wagner" Cc: , Subject: Re: optimization/8537: Optimizer Removes Code Necessary for Security Date: Sun, 17 Nov 2002 16:27:12 +0100 "Joseph D. Wagner" writes: > Direct quote from: > http://gcc.gnu.org/onlinedocs/gcc-3.2/gcc/Bug-Criteria.html > > "If the compiler produces valid assembly code that does not correctly > execute the input source code, that is a compiler bug." In this case, "correctly" means "correctly according to ISO 9899 and the GCC documentation", not just "as expected". > So to all you naysayers out there who claim this is a programming error > or poor coding, YES, IT IS A BUG! It would be a bug if GCC would implement Joseph D. Wagner's Imaginative Version Of C, but the GNU C compiler implements a different programming language, I'm afraid. Just because it's unexpected to you and a few others, it's not a bug automatically. >> The problem is the standard gives wide latitude in what the optimizer >> can optimize > > Isn't this also the solution? Solution to which problem? Of course you can special-case this particular instance in the optimizer, but this isn't a good idea. There's already enough bloat in GCC. > Can't the optimizer check to see if the function is memset(), and > if so check to see if the value is 0 or NULL, and if so leave it in? This only solves one particular incarnation of the more general problem. Currently, when you have scrubbing requirements, you have to inspect the object code anyway, even if any of the changes to GCC suggested so far were made. There is no way to tell the compiler, "this data is critical, don't make any copies of it". Anyway, correct scrubbing is only a very weak form of protection and prone to race conditions in multi-tasking environments. Although one of the most widely used operating systems doesn't do any scrubbing on the operating system level, this is hardly a problem we want to and can fix in GCC.