Re: Having fun with the following C code (UB)

[Wouter Verhelst]

On Thu, Mar 27, 2014 at 09:07:14AM +0100, Mathieu Malaterre wrote:
> Here is a little bug I just discovered:
> 
> http://stackoverflow.com/questions/22664658/finding-off-t-size
> 
> For reference, here are the packages affected in debian:
> 
> http://codesearch.debian.net/search?q=LARGE_OFF_T
> 
> For reference clang fails as was expected by the initial author, but
> recent gcc (default C compiler on debian), simply issue a warning.

I've had to figure out the size of off_t in nbd-server, and have been
doing it without relying on overflow, for years now. It took quite a few
iterations to get it right, but the current definition has looked like
this since 2006:

#define OFFT_MAX ~((off_t)1<<(sizeof(off_t)*8-1))

i.e., left-shift 1 by enough bits so that the most significant bit is
set, then flip all bits so you end up with the highest positive value
that fits in an off_t.

Obviously that requires an architecture which uses two's complement, but
then I doubt any architecture that doesn't has been popular since the
late seventies.

-- 
It is easy to love a country that is famous for chocolate and beer

  -- Barack Obama, speaking in Brussels, Belgium, 2014-03-26


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/20140410100321.gb18...@grep.be

Re: systemd and Linux are *fundamentally incompatible* -> and I can prove it

[Wouter Verhelst]

On Thu, Apr 03, 2014 at 09:19:54PM +0100, Kevin Chadwick wrote:
> previously on this list The Wanderer contributed:
> 
> > I was explicitly referring to the point in the future when maintainers
> > do stop providing traditional init scripts. This likely won't happen
> > that fast, no, but I do think it's likely that it will happen - whether
> > days after the jessie release or decades, or more likely something in
> > between.
> 
> You know that's what Arch Linux devs said two months before banishing
> init scripts to AUR where it wasn't even gpg signed.

Arch isn't Debian.

-- 
It is easy to love a country that is famous for chocolate and beer

  -- Barack Obama, speaking in Brussels, Belgium, 2014-03-26


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/20140410095350.ga18...@grep.be

Re: Having fun with the following C code (UB)

[Jakub Wilk]

* Wouter Verhelst , 2014-04-10, 12:03:
I've had to figure out the size of off_t in nbd-server, and have been 
doing it without relying on overflow, for years now. It took quite a 
few iterations to get it right, but the current definition has looked 
like this since 2006:


#define OFFT_MAX ~((off_t)1<<(sizeof(off_t)*8-1))

i.e., left-shift 1 by enough bits so that the most significant bit is 
set,


I believe that this code triggers undefined behavior. My C99 draft reads:

The result of E1 << E2 is E1 left-shifted E2 bit positions; vacated bits 
are filled with zeros. […] If E1 has a signed type and nonnegative 
value, and E1 × 2^(E2) is representable in the result type, then that is 
the resulting value; otherwise, the behavior is undefined.


--
Jakub Wilk


--
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/20140410102950.ga7...@jwilk.net

Re: Having fun with the following C code (UB)

[Wouter Verhelst]

On Thu, Apr 10, 2014 at 12:29:50PM +0200, Jakub Wilk wrote:
> * Wouter Verhelst , 2014-04-10, 12:03:
> >I've had to figure out the size of off_t in nbd-server, and have been
> >doing it without relying on overflow, for years now. It took quite a few
> >iterations to get it right, but the current definition has looked like
> >this since 2006:
> >
> >#define OFFT_MAX ~((off_t)1<<(sizeof(off_t)*8-1))
> >
> >i.e., left-shift 1 by enough bits so that the most significant bit is set,
> 
> I believe that this code triggers undefined behavior. My C99 draft reads:
> 
> The result of E1 << E2 is E1 left-shifted E2 bit positions; vacated bits are
> filled with zeros. […] If E1 has a signed type and nonnegative value, and E1
> × 2^(E2) is representable in the result type, then that is the resulting
> value; otherwise, the behavior is undefined.

Yes; the standard does this to allow for machine architectures which do
not use two's complement to store negative values. I did mention that
assumption in my previous mail.

If the architecture uses two's complement, however, then the code is
correct.

-- 
It is easy to love a country that is famous for chocolate and beer

  -- Barack Obama, speaking in Brussels, Belgium, 2014-03-26


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/20140410104203.gd18...@grep.be

Re: Debian default desktop environment

[Ghislain Vaillant]

On Wed, 2014-04-09 at 12:56 +0100, Ian Jackson wrote:
> Ghislain Vaillant writes ("Re: Debian default desktop environment"):
> > Users do care about visual identity (or call it brand
> > recognition if you like), and currently XFCE in Debian does not have
> > any, I am afraid.
> 
> My experiences with less-sophisticated users are the opposite.  They
> don't give a flying fuck about "brand recognistion" or "visual
> identity".  They don't even seem to care very much about whether it's
> pretty.

Possibly. So many different users, so many opinions. My personal
experience (work colleagues + close relatives, most of them being first
time switchers) is that they do.

> What they care about is being able to easily do whatever they wanted
> to use a computer for.  Mostly, that means that the UI should be
> similar to other systems they're likely to have used (so they don't
> have to learn anything), and it should be easy to find how to do
> things.

Which GNOME 3 classic mode does for me, being used to GNOME 2 before.
That's probably why Red Hat chose it as default to ease the transition
from RHEL 6 to RHEL 7.

I have also tried my best to dig in the GNOME 3 way, and eventually
succeeded with a bit of efforts, but respect and understand people who
cannot get used to it.

My vote would be on GNOME 3 classic for now, but XFCE with sensible and
visually appealing defaults would do it for me too.

Ghislain



-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/1397127970.22857.18.camel@lat644-lap

Re: Having fun with the following C code (UB)

[Ian Jackson]

Wouter Verhelst writes ("Re: Having fun with the following C code (UB)"):
> Yes; the standard does this to allow for machine architectures which do
> not use two's complement to store negative values. I did mention that
> assumption in my previous mail.
> 
> If the architecture uses two's complement, however, then the code is
> correct.

Unfortunately adversarial optimisation by modern compilers means that
this kind of reasoning is no longer valid.

The compiler might easily see that your code unconditionally performs
a computation with undefined behaviour, and delete it.

Ian.


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
https://lists.debian.org/21318.32941.351261.72...@chiark.greenend.org.uk

Re: Having fun with the following C code (UB)

[Thorsten Glaser]

Ian Jackson dixit:

>> If the architecture uses two's complement, however, then the code is
>> correct.
>
>Unfortunately adversarial optimisation by modern compilers means that
>this kind of reasoning is no longer valid.
>
>The compiler might easily see that your code unconditionally performs
>a computation with undefined behaviour, and delete it.

And GCC is a repeat offender which actually does do that.
(mksh’s internal guaranteed-to-wrap-around signed 32-bit integer
arithmetics is implemented using only C unsigned integer types,
since a while, due to this. Yes, speed hit, especially since the
CPUs (except DSPs, possibly) could all do this correctly.)

bye,
//mirabilos
-- 
In traditional syntax ' is ignored, but in c99 everything between two ' is
handled as character constant.  Therefore you cannot use ' in a preproces-
sing file in c99 mode.  -- Ragge
No faith left in ISO C99, undefined behaviour, etc.


--
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
https://lists.debian.org/pine.bsm.4.64l.1404101147250.23...@herc.mirbsd.org

Re: Having fun with the following C code (UB)

[Azazel]

On 2014-04-10 12:42:03 +0200, Wouter Verhelst wrote:
> On Thu, Apr 10, 2014 at 12:29:50PM +0200, Jakub Wilk wrote:
> > * Wouter Verhelst , 2014-04-10, 12:03:
> > > I've had to figure out the size of off_t in nbd-server, and have
> > > been doing it without relying on overflow, for years now. It took
> > > quite a few iterations to get it right, but the current definition
> > > has looked like this since 2006:
> > >
> > > #define OFFT_MAX ~((off_t)1<<(sizeof(off_t)*8-1))
> > >
> > > i.e., left-shift 1 by enough bits so that the most significant bit
> > > is set,
> >
> > I believe that this code triggers undefined behavior. My C99 draft
> > reads:
> >
> > The result of E1 << E2 is E1 left-shifted E2 bit positions; vacated
> > bits are filled with zeros. […] If E1 has a signed type and
> > nonnegative value, and E1 × 2^(E2) is representable in the result
> > type, then that is the resulting value; otherwise, the behavior is
> > undefined.
>
> Yes; the standard does this to allow for machine architectures which
> do not use two's complement to store negative values. I did mention
> that assumption in my previous mail.
>
> If the architecture uses two's complement, however, then the code is
> correct.

Chapter and verse?  C99, sec. 6.5.7, para. 4, quoted above, makes no
such distinction.  The operation is simply defined in terms of multi-
plication by powers of two.  If off_t is a signed type,

  1 * 2 ^ (sizeof (off_t) * CHAR_BIT - 1)

cannot be represented in off_t, and the behaviour is undefined.

Az.


signature.asc
Description: Digital signature

Re: Having fun with the following C code (UB)

[Jakub Wilk]

* Wouter Verhelst , 2014-04-10, 12:42:
I've had to figure out the size of off_t in nbd-server, and have been 
doing it without relying on overflow, for years now. It took quite a 
few iterations to get it right, but the current definition has looked 
like this since 2006:


#define OFFT_MAX ~((off_t)1<<(sizeof(off_t)*8-1))

i.e., left-shift 1 by enough bits so that the most significant bit is set,


I believe that this code triggers undefined behavior. My C99 draft reads:

The result of E1 << E2 is E1 left-shifted E2 bit positions; vacated 
bits are filled with zeros. […] If E1 has a signed type and 
nonnegative value, and E1 × 2^(E2) is representable in the result 
type, then that is the resulting value; otherwise, the behavior is 
undefined.


Yes; the standard does this to allow for machine architectures which do 
not use two's complement to store negative values. I did mention that 
assumption in my previous mail.


I thought you were referring to use of ~ on a signed integer, which is 
implementation-defined.


Here's a way to compute OFFT_MAX (hopefully) without any undefined 
behavior:


-((off_t)-2 * ((off_t)1 << (sizeof (off_t) * CHAR_BIT - 2)) + 1)

--
Jakub Wilk


--
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/20140410121827.ga9...@jwilk.net

Bug#744130: ITP: connectome-workbench -- brain visualization, analysis and discovery tool

[Yaroslav Halchenko]

Package: wnpp
Severity: wishlist
Owner: Yaroslav Halchenko 

* Package name: connectome-workbench
  Version : 0.85
  Upstream Author : Washington University School of Medicine
* URL : 
http://www.humanconnectome.org/software/get-connectome-workbench.html
* License : GPL
  Programming Lang: C++
  Description : brain visualization, analysis and discovery tool

 Connectome Workbench is a brain visualization, analysis and discovery
 tool for fMRI and dMRI brain imaging data, including functional and
 structural connectivity data generated by the Human Connectome
 Project.
 .
 Package includes wb_command, a command-line program for performing a
 variety of analytical tasks for volume, surface, and CIFTI
 grayordinates data.


Initial packaging is present at http://github.com/neurodebian/workbench (debian
branch) but before making any packages available (builds across releases
already), decision needs to be made on naming/prefixing "workbench"
binary due it is overly generic name.


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
https://lists.debian.org/20140410140439.25852.13663.report...@novo.onerussian.com

Bug#744134: ITP: libshib-parent-project2-java -- Shibboleth Project (V2) Super POM

[Matthew Vernon]

Package: wnpp
Severity: wishlist
Owner: Matthew Vernon 

  Package name: libshib-parent-project2-java
  Version : 1
  Upstream Author : University Corporation for Advanced Internet Development, 
Inc.
  URL : http://shibboleth.net/
  License : Apache-2.0
  Programming Lang: Java
  Description : Shibboleth Project (V2) Super POM

This is the parent POM for the Shibboleth Project. It is needed for
building the various Shibboleth libraries, but is not otherwise of
interest.


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
https://lists.debian.org/20140410144724.11973.47335.report...@pick.csi.cam.ac.uk

Re: Having fun with the following C code (UB)

[Vincent Lefevre]

On 2014-04-10 11:48:44 +, Thorsten Glaser wrote:
> Ian Jackson dixit:
> 
> >> If the architecture uses two's complement, however, then the code is
> >> correct.
> >
> >Unfortunately adversarial optimisation by modern compilers means that
> >this kind of reasoning is no longer valid.
> >
> >The compiler might easily see that your code unconditionally performs
> >a computation with undefined behaviour, and delete it.
> 
> And GCC is a repeat offender which actually does do that.

If you don't like that, you should use the -fwrapv option.

-- 
Vincent Lefèvre  - Web: 
100% accessible validated (X)HTML - Blog: 
Work: CR INRIA - computer arithmetic / AriC project (LIP, ENS-Lyon)


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/20140410153409.ga32...@xvii.vinc17.org

Bug#744140: RFH: scilab -- Scientific software package for numerical computations

[Sylvestre Ledru]

Package: wnpp
Severity: normal

Hello,

I am no longer working for Scilab Enterprises and I am not using Scilab.
I have a low interest on the software itself but since I worked on it for
a while, I won't orphan it immediately.

Therefor, I request assistance with maintaining the scilab package.
I can help mentoring / uploading for non DD if needed.

The package description is:
 Scilab is a matrix-based scientific software package.
 Scilab contains hundreds of built-in mathematical functions, rich
 data structures (including polynomials, rationals, linear systems, lists,
 etc...) and comes with a number of specific toolboxes for control, signal
 processing, ...
 .
 This package also provides Xcos, a graphical editor to design hybrid
 dynamical systems models. Models can be designed, loaded, saved, compiled and
 simulated.
 Stable and efficient solution for industrial and academics needs, Xcos
 provides functionalities for modeling of mechanical systems (automotive,
 aeronautics...), hydraulic circuits (dam, pipe modeling...), control systems,
 etc. Modelica capabilities are also provided.
 .
 For a minimum version of scilab, install package "scilab-cli".

Cheers,
Sylvestre


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
https://lists.debian.org/20140410160641.28116.73113.report...@luzon.mozilla.com

Re: Having fun with the following C code (UB)

[Ian Jackson]

Vincent Lefevre writes ("Re: Having fun with the following C code (UB)"):
> On 2014-04-10 11:48:44 +, Thorsten Glaser wrote:
> > And GCC is a repeat offender which actually does do that.
> 
> If you don't like that, you should use the -fwrapv option.

Sadly that doesn't deal with all of these malicious optimisations.

But it is a good start.  Personally I think we should compile the
whole distro (or at least most of it) with -fwrapv.

Ian.


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
https://lists.debian.org/21318.56319.795404.108...@chiark.greenend.org.uk

Re: Having fun with the following C code (UB)

[Shachar Shemesh]

On 10/04/14 20:59, Ian Jackson wrote:
> Vincent Lefevre writes ("Re: Having fun with the following C code (UB)"):
>> On 2014-04-10 11:48:44 +, Thorsten Glaser wrote:
>>> And GCC is a repeat offender which actually does do that.
>> If you don't like that, you should use the -fwrapv option.
> Sadly that doesn't deal with all of these malicious optimisations.
>
I never did understand what people expect. gcc uses the undefined
behavior to not emit checks it would otherwise have to, so that your
code runs faster. This affects not only those corner cases, where you
are relying on this behaving a certain way, but especially in everyday
code, where those undefined behavior allows GCC to save you lots of cycles.

Are you really sure you want to have slower code just so that your
corner cases are easier for you? How is that a reasonable trade-off to make?

Shachar

Re: Having fun with the following C code (UB)

[Russ Allbery]

Shachar Shemesh  writes:

> I never did understand what people expect. gcc uses the undefined
> behavior to not emit checks it would otherwise have to, so that your
> code runs faster. This affects not only those corner cases, where you
> are relying on this behaving a certain way, but especially in everyday
> code, where those undefined behavior allows GCC to save you lots of
> cycles.

> Are you really sure you want to have slower code just so that your
> corner cases are easier for you? How is that a reasonable trade-off to
> make?

I don't want, necessarily, to have slower code to make handling corner
cases easier.  However, I am generally happy to have slower code in return
for making the system more secure, as long as the speed hit isn't too
substantial.  Security is a much bigger problem than performance right now
for most people.

The hard part is distinguishing between those two properties.

-- 
Russ Allbery (r...@debian.org)   


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/87fvlk50gp@windlord.stanford.edu

Bug#744164: ITP: pycassa -- Python client library for Apache Cassandra

[Sebastien Badia]

Package: wnpp
Severity: wishlist
Owner: Sebastien Badia 

* Package name: pycassa
  Version : 1.11.0
  Upstream Author: Jonathan Hseu 
* URL : http://pycassa.github.io/pycassa/
* License : MIT
  Programming Lang: Python
  Description : Python client library for Apache Cassandra

pycassa is a Thrift-based python client library for Apache Cassandra
with the following features:
 .
 - Automatic failover and operation retries
 - Connection pooling
 - Multithreading support
 - A batch interface
 - A class for mapping classes to Cassandra column families


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/20140410234424.21607.48909.reportbug@localhost

Re: Debian default desktop environment

[Jeremy Stanley]

On 2014-04-07 12:00:20 +0200 (+0200), Jonas Smedegaard wrote:
> Quoting Gergely Nagy (2014-04-07 11:10:27)
> > Can we have ratpoison + selected things as default DE for Debian Zurg? 
> > Please? Pretty please? With sugar on top?
> 
> First, create a metapackage, and maintain it.
> 
> Then when getting popular, file bugreport against tasksel to have it 
> included as alternative to the existing task-*-desktop tasks.

This almost feels like !troll because I happily use "ratpoison +
selected things" as my default DE for Debian. Then again I just skip
tasksel because EBLOAT so I'm not really sure it would help me
personally in the end. ;)
-- 
{ PGP( 48F9961143495829 ); FINGER( fu...@cthulhu.yuggoth.org );
WWW( http://fungi.yuggoth.org/ ); IRC( fu...@irc.yuggoth.org#ccl );
WHOIS( STANL3-ARIN ); MUD( kin...@katarsis.mudpy.org:6669 ); }


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/2014041130.gj17...@yuggoth.org

Work-needing packages report for Apr 11, 2014

[wnpp]

The following is a listing of packages for which help has been requested
through the WNPP (Work-Needing and Prospective Packages) system in the
last week.

Total number of orphaned packages: 568 (new: 3)
Total number of packages offered up for adoption: 136 (new: 1)
Total number of packages requested help for: 58 (new: 1)

Please refer to http://www.debian.org/devel/wnpp/ for more information.



The following packages have been orphaned:

   crystalhd (#743610), orphaned 6 days ago
 Description: Crystal HD Video Decoder (development files)
 Reverse Depends: gstreamer0.10-crystalhd libcrystalhd-dev vlc-nox
 Installations reported by Popcon: 54196

   guile-gnome-platform (#743714), orphaned 5 days ago
 Description: Guile bindings for GLib
 Reverse Depends: guile-gnome2-canvas guile-gnome2-dev
   guile-gnome2-gconf guile-gnome2-gnome guile-gnome2-gnome-ui
   guile-gnome2-gtk guile-gnome2-vfs gwave
 Installations reported by Popcon: 428

   hotot (#743767), orphaned 4 days ago
 Description: lightweight microblogging client - metapackage
 Reverse Depends: hotot hotot-gtk hotot-qt
 Installations reported by Popcon: 340

565 older packages have been omitted from this listing, see
http://www.debian.org/devel/wnpp/orphaned for a complete list.



The following packages have been given up for adoption:

   attic (#743829), offered 4 days ago
 Installations reported by Popcon: 40

135 older packages have been omitted from this listing, see
http://www.debian.org/devel/wnpp/rfa_bypackage for a complete list.



For the following packages help is requested:

[NEW] scilab (#744140), requested today
 Description: Scientific software package for numerical computations
 Reverse Depends: cantor-backend-scilab python-sciscipy scilab
   scilab-ann scilab-celestlab scilab-cli scilab-doc-fr scilab-doc-ja
   scilab-doc-pt-br scilab-full-bin (8 more omitted)
 Installations reported by Popcon: 1963

   apt-xapian-index (#567955), requested 1529 days ago
 Description: maintenance tools for a Xapian index of Debian packages
 Reverse Depends: ept-cache fuss-launcher goplay packagesearch
 Installations reported by Popcon: 79704

   athcool (#278442), requested 3453 days ago
 Description: Enable powersaving mode for Athlon/Duron processors
 Installations reported by Popcon: 55

   balsa (#642906), requested 928 days ago
 Description: An e-mail client for GNOME
 Reverse Depends: balsa-dbg
 Installations reported by Popcon: 812

   cardstories (#624100), requested 1081 days ago
 Description: Find out a card using a sentence made up by another
   player
 Installations reported by Popcon: 10

   chromium-browser (#583826), requested 1411 days ago
 Description: Chromium browser
 Reverse Depends: chromedriver chromium chromium-dbg chromium-l10n
   mozplugger
 Installations reported by Popcon: 25377

   cups (#532097), requested 1769 days ago
 Description: Common UNIX Printing System
 Reverse Depends: bluez-cups chromium cups cups-backend-bjnp
   cups-browsed cups-bsd cups-client cups-core-drivers cups-daemon
   cups-dbg (62 more omitted)
 Installations reported by Popcon: 139737

   debtags (#567954), requested 1529 days ago
 Description: Enables support for package tags
 Reverse Depends: goplay packagesearch
 Installations reported by Popcon: 2438

   fbcat (#565156), requested 1548 days ago
 Description: framebuffer grabber
 Installations reported by Popcon: 151

   freeipmi (#628062), requested 1050 days ago
 Description: GNU implementation of the IPMI protocol
 Reverse Depends: freeipmi freeipmi-bmc-watchdog freeipmi-ipmidetect
   freeipmi-tools libfreeipmi-dev libfreeipmi12 libipmiconsole-dev
   libipmiconsole2 libipmidetect-dev libipmidetect0 (3 more omitted)
 Installations reported by Popcon: 4764

   gnat-4.8 (#539562), requested 2191 days ago
 Description: help needed to execute test cases
 Reverse Depends: dh-ada-library gnat-4.8 gnat-4.8-sjlj libgnat-4.8
   libgnat-4.8-dbg libgnatprj4.8 libgnatprj4.8-dbg libgnatprj4.8-dev
   libgnatvsn4.8 libgnatvsn4.8-dbg (2 more omitted)
 Installations reported by Popcon: 106

   gnat-gps (#496905), requested 2051 days ago
 Description: co-maintainer needed
 Reverse Depends: gnat-gps gnat-gps-dbg
 Installations reported by Popcon: 528

   gnokii (#677750), requested 663 days ago
 Description: Datasuite for mobile phone management
 Reverse Depends: gnokii gnokii-cli gnokii-smsd gnokii-smsd-mysql
   gnokii-smsd-pgsql gnome-phone-manager libgnokii-dev libgnokii6
   xgnokii
 Installations reported by Popcon: 1753

   gnupg (#660685), requested 780 day

Re: Having fun with the following C code (UB)

[Paul Wise]

On Fri, Apr 11, 2014 at 5:38 AM, Russ Allbery wrote:

> I don't want, necessarily, to have slower code to make handling corner
> cases easier.  However, I am generally happy to have slower code in return
> for making the system more secure, as long as the speed hit isn't too
> substantial.  Security is a much bigger problem than performance right now
> for most people.

How much of a speed hit is acceptable? Perhaps we should have a
secondary archive built using SoftBoundCETS, which possibly has a 50%
speed hit according to this talk:

http://events.ccc.de/congress/2013/Fahrplan/events/5412.html
https://media.ccc.de/browse/congress/2013/30C3_-_5412_-_en_-_saal_1_-_201312271830_-_bug_class_genocide_-_andreas_bogk.html
http://acg.cis.upenn.edu/softbound/
http://safecode.cs.illinois.edu/docs/SoftBoundCETS.html

-- 
bye,
pabs

http://wiki.debian.org/PaulWise


-- 
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
https://lists.debian.org/CAKTje6GWF19nPSSTNzJnup+jKvE1DNtzEffHObbN95idL=v...@mail.gmail.com