https://gcc.gnu.org/bugzilla/show_bug.cgi?id=77992
--- Comment #7 from Kangjie Lu <kjlu at gatech dot edu> --- (In reply to Andrew Pinski from comment #6) > >More information can be found in our research paper: > >http://www.cc.gatech.edu/~klu38/publications/unisan-ccs16.pdf > > > You research paper is wrong and does not consider C is an inherently > insecure language to be begin with. There are many other things wrong with > it. Like for an example recommending the use of memset when you want to > hide the stores from the compiler. There is already a thread on the glibc > mailing list about this exact thing about adding a secure memset which is > GCC is not going to optimize away. Thanks for your feedback. We do think C is not safe language and that's why we want to secure programs written in C. Could you provide me more information about the thread. We use LLVM instead of GCC. Our instrumentation is inserted after optimization passes. Thanks!
