On Fri, Jan 26, 2007 at 10:34:06PM +0100, Andreas Bogk wrote: > But if the gcc user base prefers performance over security, and you are > willing to go with them, they might get what they deserve.
You continue to confidently assert, without any backup, that loop unrolling that assumes overflow does not occur has a negative security impact. The problem is, if an int overflow occurs and it wraps according to LIA-1 semantics, that, also, is likely to have a security impact if the program's author was not thinking about overflow. Every leading C compiler has for years done things like this to boost performance on scientific codes. It seems clear that if value range propagation were to assume everywhere that int overflow does not occur, then this would have bad effects on existing code bases. No shipping GCC does this, and I doubt that one ever will by default.
