Richard Kenner wrote:
>> Oh, and teaching all of the programmers out there all the subtle nuances
>> of C and trying to get them to write proper code: good luck. That
>> simply won't happen.
>
> If people who write security-critical code in a programming language
> can't take time to learn the de
Wiadomość napisana w dniu 2007-01-24, o godz04:32, przez Andrew Pinski:
It's "too good" to be usable. The time required for a full test suite
run can be measured by days not hours.
Days, only for slow machines. For our PS3 toolchain (which is really
two sperate compilers), it takes 6 hours
> I am working on gcc 4.0.0. I want to use gcc to intercept each call to
> read, and taint the data readed in. For example:
> transform
> read(fd, buf, size)
> to
> read(fd, buf, size)
> if(is_socket(fd))
> taint(buf, size)
> So, what is the best suitable level to d
Marcin Dalecki wrote:
A trivial by nature change like the
top level build of libgcc took actually years to come by.
I'm not sure how much that's inherently evidence that it was
inappropriately difficult to do, though.
For example, the quite trivial change of having "make pdf" support for
cr
Besides that, as far as I know, valgrind can not run on itanium... but
I am now working on it :-(
2007/1/24, Nicholas Nethercote <[EMAIL PROTECTED]>:
On Wed, 24 Jan 2007, [GB2312] ÎâêØ wrote:
> I know valgrind, it is an emulator ,but we are restricted not to use
> an emulator. :-(
Well, for so
Anyway, the program is supervised...would you mind giving some advices
with the compiler-based approach, after recompilation, I could finish
this modification.
2007/1/24, Nicholas Nethercote <[EMAIL PROTECTED]>:
On Wed, 24 Jan 2007, [GB2312] ÎâêØ wrote:
> I know valgrind, it is an emulator ,but
On Tue, 2007-01-23 at 23:19 -0600, [EMAIL PROTECTED] wrote:
> GCC should treat plain char in the same fashion on all types of machines
> (by default).
No, no, no. It is up to the ABI what char is.
> The ISO C standard leaves it up to the implementation whether a char
> declared plain char is sig
GCC should treat plain char in the same fashion on all types of machines
(by default).
The ISO C standard leaves it up to the implementation whether a char
declared plain char is signed or not. This in effect creates two
alternative dialects of C.
The GNU C compiler supports both dialects; you ca
On Wed, 24 Jan 2007, [GB2312] ÎâêØ wrote:
I know valgrind, it is an emulator ,but we are restricted not to use
an emulator. :-(
Well, for some definition of "emulator".
Nick
I know valgrind, it is an emulator ,but we are restricted not to use
an emulator. :-(
2007/1/24, Nicholas Nethercote <[EMAIL PROTECTED]>:
On Wed, 24 Jan 2007, [GB2312] ÎâêØ wrote:
> I am working on gcc 4.0.0. I want to use gcc to intercept each call to
> read, and taint the data readed in. For
On Wed, 24 Jan 2007, [GB2312] ÎâêØ wrote:
I am working on gcc 4.0.0. I want to use gcc to intercept each call to
read, and taint the data readed in. For example:
transform
read(fd, buf, size)
to
read(fd, buf, size)
if(is_socket(fd))
taint(buf, size)
So, wh
>
> On Tue, 23 Jan 2007 17:54:10 -0500, Diego Novillo <[EMAIL PROTECTED]> said:
>
> > So, I was doing some archeology on past releases and we seem to be
> > getting into longer release cycles.
>
> Interesting.
>
> I'm a GCC observer, not a participant, but here are some thoughts:
>
> As far as
Hi,
I am working on gcc 4.0.0. I want to use gcc to intercept each call to
read, and taint the data readed in. For example:
transform
read(fd, buf, size)
to
read(fd, buf, size)
if(is_socket(fd))
taint(buf, size)
So, what is the best suitable level to do this
>
>
> Wiadomo¶æ napisana w dniu 2007-01-24, o godz02:30, przez David Carlton:
>
> > For 4, you should probably spend some time figuring out why bugs are
> > being introduced into the code in the first place. Is test coverage
> > not good enough?
The test coverage is not good for C++ while it i
Wiadomość napisana w dniu 2007-01-24, o godz02:30, przez David Carlton:
For 4, you should probably spend some time figuring out why bugs are
being introduced into the code in the first place. Is test coverage
not good enough?
It's "too good" to be usable. The time required for a full test su
> Oh, and teaching all of the programmers out there all the subtle nuances
> of C and trying to get them to write proper code: good luck. That
> simply won't happen.
If people who write security-critical code in a programming language
can't take time to learn the details of that language relevant
On Tue, 23 Jan 2007 17:54:10 -0500, Diego Novillo <[EMAIL PROTECTED]> said:
> So, I was doing some archeology on past releases and we seem to be
> getting into longer release cycles.
Interesting.
I'm a GCC observer, not a participant, but here are some thoughts:
As far as I can tell, it looks t
Wiadomość napisana w dniu 2007-01-24, o godz01:48, przez David Daney:
I missed the discussion on IRC, but neither of those front-ends are
release blockers.
I cannot speak for ADA, but I am not aware that the Java front-end
has caused any release delays recently. I am sure you will correct
Marcin Dalecki wrote:
Wiadomość napisana w dniu 2007-01-23, o godz23:54, przez Diego Novillo:
So, I was doing some archeology on past releases and we seem to be
getting into longer release cycles. With 4.2 we have already crossed
the 1 year barrier.
For 4.3 we have already added quite a
> Yes, absolutely. There is a difference between well-defined and
> understood semantics on one hand, and undefined and probably dangerous
> behaviour on the other hand. It's the difference between security
> audits of C software being hard and completely hopeless.
I disagree. Code written with
On Wed, Jan 24, 2007 at 12:55:29AM +0100, Steven Bosscher wrote:
> On 1/23/07, Diego Novillo <[EMAIL PROTECTED]> wrote:
> >
> >So, I was doing some archeology on past releases and we seem to be
> >getting into longer release cycles. With 4.2 we have already crossed
> >the 1 year barrier.
>
> Heh.
Wiadomość napisana w dniu 2007-01-23, o godz23:54, przez Diego Novillo:
So, I was doing some archeology on past releases and we seem to be
getting into longer release cycles. With 4.2 we have already
crossed the 1 year barrier.
For 4.3 we have already added quite a bit of infrastructure
On 1/23/07, Diego Novillo <[EMAIL PROTECTED]> wrote:
So, I was doing some archeology on past releases and we seem to be
getting into longer release cycles. With 4.2 we have already crossed
the 1 year barrier.
Heh.
Maybe part of the problem here is that the release manager isn't very
actively
So, I was doing some archeology on past releases and we seem to be
getting into longer release cycles. With 4.2 we have already crossed
the 1 year barrier.
For 4.3 we have already added quite a bit of infrastructure that is all
good in paper but still needs some amount of TLC.
There was s
Ian Lance Taylor wrote:
>> You have just seen somebody who can be considered an expert in
>> matters of writing C sofware come up with a check that looks
>> correct, but is broken under current gcc semantics. That should
>> make you think.
> I'm not entirely unsympathetic to your arguments, but
Vaclav Haisman wrote:
> Gerald Pfeifer wrote:
> [...]
> > openSUSE 10.2 now comes with flex 2.5.33, but FreeBSD, for example, still
> > is at flex 2.5.4. Just some additional data pointes...
> FreeBSD has version 2.5.33 as textproc/flex port.
But that will not replace the system flex, so it will
On 23/01/07, Joe Buck <[EMAIL PROTECTED]> wrote:
On Tue, Jan 23, 2007 at 07:52:30PM +, Manuel López-Ibáñez wrote:
> * A base class is not initialized in a derived class' copy constructor.
>
> Proposed: move this warning to -Wuninitialized seems the appropriate
> solution. However, I am afraid
Hi,
I've noticed that you've asked a few questions about trees on the
list. You might want to read a tutorial on trees in GCC; there are a
few kicking around out there.
Sure I would like to look at any tutorial. I found some, but most of
them were not complete :( I would appreciate if you can
> "Ferad" == Ferad Zyulkyarov <[EMAIL PROTECTED]> writes:
Ferad> build(EQ_EXPR, integet_type_node, left, rith);
Ferad> which is left == right
Ferad> But, as I noticed this function "build" is not maintained (used) by
Ferad> gcc any more. Instead build, what else may I use to create a
Ferad> c
On Tue, Jan 23, 2007 at 07:52:30PM +, Manuel López-Ibáñez wrote:
> * A base class is not initialized in a derived class' copy constructor.
>
> Proposed: move this warning to -Wuninitialized seems the appropriate
> solution. However, I am afraid that this warning will turn out to be
> too noisy
On 1/23/07, Paweł Sikora <[EMAIL PROTECTED]> wrote:
typedef enum { X, Y } E;
int f( E e )
{
switch ( e )
{
case X: return -1;
case Y: return +1;
}
+ throw runtime_error("invalid value got shoehorned into E enum")
}
In this examp
A summary of what has been proposed so far to clean up Wextra follows.
Please, your feedback is appreciated. And reviewing patches even more
;-)
* Subscripting an array which has been declared register.
* Taking the address of a variable which has been declared register.
Proposed: new option -W
Ian Lance Taylor wrote:
> Andreas Bogk <[EMAIL PROTECTED]> writes:
> I think a better way to describe your argument is that the compiler
> can remove a redundant test which would otherwise be part of a defense
> in depth. That is true. The thing is, most people want the compiler
> to remove redu
Hi,
Please consider following testcase which is a core of PR c++/28236.
typedef enum { X, Y } E;
int f( E e )
{
switch ( e )
{
case X: return -1;
case Y: return +1;
}
}
In this example g++ produces a warning:
e.cpp: In function ‘int f(E)’:
* Joe Buck:
> You appear to mistakenly believe that wrapping around on overflow is
> a more secure option. It might be, but it usually is not. There
> are many CERT security flaws involving integer overflow; the fact
> that they are security bugs has nothing to do with the way gcc
> generates co
Mike Stump wrote:
> On Jan 11, 2007, at 10:47 PM, Joe Buck wrote:
>> The description of WORKSFORME sounds closest: we don't know how to
>> reproduce the bug. Should that be used?
>
> No, not generally.
Of the states we have, WORKSFORME seems best to me, and I agree with Joe
that there's benefit
Andreas Bogk <[EMAIL PROTECTED]> writes:
> > Making it defined and wrapping doesn't help at all. It just means you
> > write different checks, not less of them.
>
> You have just seen somebody who can be considered an expert in matters
> of writing C sofware come up with a check that looks correc
Daniel Berlin wrote:
> And you think that somehow defining it (which the definition people
> seem to favor would be to make it wrapping) ameliorates any of these
> concerns?
Yes, absolutely. There is a difference between well-defined and
understood semantics on one hand, and undefined and probabl
> This is a typical example of removing an if branch because signed
> overflow is undefined. This kind of code is common enough.
I could not have made my point any better myself.
And you think that somehow defining it (which the definition people
seem to favor would be to make it wrapping) am
Well, you are right. The code looks good and works also. But I have some
kind of a reference implementation which is based on GCC 2.7.2.3. In
this version the local variables are allocated the other way around, the
way in which I expected. Obviously, the order of allocation has changed
till now (4.
Thanks a lot, that's it
On 1/23/07, Steven Bosscher <[EMAIL PROTECTED]> wrote:
On 1/23/07, Ferad Zyulkyarov <[EMAIL PROTECTED]> wrote:
> But, as I noticed this function "build" is not maintained (used) by
> gcc any more. Instead build, what else may I use to create a
> conditional expression nod
On 1/23/07, Ferad Zyulkyarov <[EMAIL PROTECTED]> wrote:
But, as I noticed this function "build" is not maintained (used) by
gcc any more. Instead build, what else may I use to create a
conditional expression node?
Look for buildN where N is a small integer ;-)
I think you want build2 for EQ_EX
Robert Dewar writes:
> Markus Franke wrote:
>
> > Please let me know whether I missunderstood something completely. If
> > this behaviour is correct what can I do to change it to the other way
> > around. Which macro variable do I have to change?
>
> There is no legitimate reason to care a
Hi,
In the old references there is a function "build" that is used for
building tree nodes. Using this function one can build a conditional
expression as follows:
build(EQ_EXPR, integet_type_node, left, rith);
which is left == right
But, as I noticed this function "build" is not maintained (use
Markus Franke wrote:
Please let me know whether I missunderstood something completely. If
this behaviour is correct what can I do to change it to the other way
around. Which macro variable do I have to change?
There is no legitimate reason to care about the order of variables
in the local stac
Dear GCC Developers,
I am working on a target backend for the DLX architecture and I have a
question concerning the layout of the stack frame.
Here is a simple test C-program:
---snip---
int main(void)
{
int a = 1;
int b = 2;
int c = a + b;
return c;
}
---snap---
I'm not at all impressed with the recent series of flex releases, since it
started using m4 internally and passing user code through m4.
(cf. bison, which unlike
flex pays proper attention to assuring that arbitrary valid parsers are
not mangled by m4).
Fully agreed. The recent releases o
Ian Lance Taylor wrote:
> Consider code along these lines:
>
> struct s { int len; char* p; };
>
> inline char
> bar (struct s *sp, int n)
> {
> if (n < 0)
> abort ();
> if (n > sp->len)
> abort ();
> return sp->p[n];
> }
>
> void
> foo (struct s *sp, int n)
> {
> int len = sp->l
48 matches
Mail list logo
