* found bugs in GCC
@ 2016-10-11 15:42 Rosu, Grigore
2016-10-11 15:48 ` Frank Ch. Eigler
0 siblings, 1 reply; 3+ messages in thread
From: Rosu, Grigore @ 2016-10-11 15:42 UTC (permalink / raw)
To: overseers; +Cc: dwight.guth
Hi, I am a professor of CS at the University of Illinois at Urbana-Champaign. In my group at the university as well as in my startup (runtimeverification.com) we have developed an ISO C11 compliant formal semantics, which we are using to analyze C programs. In our efforts, we have found several bugs in C compilers, including in gcc. If you are interested in us reporting them, then can you please provide dwight.guth@runtimeverification.com with an account? Otherwise we will report the bugs on our blog, noting that cyberattackers then may exploit them.
Best,
Grigore
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: found bugs in GCC
2016-10-11 15:42 found bugs in GCC Rosu, Grigore
@ 2016-10-11 15:48 ` Frank Ch. Eigler
2016-10-11 15:59 ` Rosu, Grigore
0 siblings, 1 reply; 3+ messages in thread
From: Frank Ch. Eigler @ 2016-10-11 15:48 UTC (permalink / raw)
To: Rosu, Grigore; +Cc: overseers, dwight.guth
Hi -
> [...] In our efforts, we have found several bugs in C compilers,
> including in gcc. If you are interested in us reporting them, then
> can you please provide dwight.guth@runtimeverification.com with an
> account?
OK.
> Otherwise we will report the bugs on our blog, noting that
> cyberattackers then may exploit them.
That aspect carries no persuasion. The gcc bug tracker, like
apprx. all other gcc communication channels, are public. I'm not sure
there exist an security-embargo-capable mailing list for the gcc
project.
- FChE
^ permalink raw reply [flat|nested] 3+ messages in thread
* RE: found bugs in GCC
2016-10-11 15:48 ` Frank Ch. Eigler
@ 2016-10-11 15:59 ` Rosu, Grigore
0 siblings, 0 replies; 3+ messages in thread
From: Rosu, Grigore @ 2016-10-11 15:59 UTC (permalink / raw)
To: Frank Ch. Eigler; +Cc: overseers, dwight.guth
Obviously, gcc and other compilers are free to do whatever they want with undefined programs, but if a program is well-defined and gcc perceives it as undefined, then there is a small chance that it may optimize it in a way that it misbehaves or makes it vulnerable to attacks. Since we have a formal semantics of C, which is executable, we should not report any undefined programs as bugs (I know from my colleague John Regehr from Utah that you guys (rightfully) do not like it when people report undefined programs as bugs).
All I wanted was to make sure that we get accounts, because Dwight's previous request was rejected as spam.
Thanks for the accounts,
Grigore
________________________________________
From: Frank Ch. Eigler [fche@redhat.com]
Sent: Tuesday, October 11, 2016 10:48 AM
To: Rosu, Grigore
Cc: overseers@gcc.gnu.org; dwight.guth@runtimeverification.com
Subject: Re: found bugs in GCC
Hi -
> [...] In our efforts, we have found several bugs in C compilers,
> including in gcc. If you are interested in us reporting them, then
> can you please provide dwight.guth@runtimeverification.com with an
> account?
OK.
> Otherwise we will report the bugs on our blog, noting that
> cyberattackers then may exploit them.
That aspect carries no persuasion. The gcc bug tracker, like
apprx. all other gcc communication channels, are public. I'm not sure
there exist an security-embargo-capable mailing list for the gcc
project.
- FChE
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2016-10-11 15:59 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2016-10-11 15:42 found bugs in GCC Rosu, Grigore
2016-10-11 15:48 ` Frank Ch. Eigler
2016-10-11 15:59 ` Rosu, Grigore
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).