Home
Reading
Searching
Subscribe
Sponsors
Statistics
Posting
Contact
Spam
Lists
Links
About
Hosting
Filtering
Features Download
Marketing
Archives
FAQ
Blog
 
Gmane
From: Joe Buck <Joe.Buck <at> synopsys.COM>
Subject: Re: US-CERT Vulnerability Note VU#162289
Newsgroups: gmane.comp.gcc.devel
Date: Monday 14th April 2008 17:13:53 UTC (over 9 years ago)
Robert C. Seacord wrote:
> > i agree that the optimization is allowed by C99.  i think this is a
> > quality of implementation issue,  and that it would be preferable for
> > gcc to emphasize security over performance, as might be expected.

On Sun, Apr 13, 2008 at 11:51:00PM +0200, Florian Weimer wrote:
> I don't think this is reasonable.  If you use GCC and its C frontend,
> you want performance, not security.

Furthermore, there are a number of competitors to GCC.  These competitors
do not advertise better security than GCC.  Instead they claim better
performance (though such claims should be taken with a grain of salt).
To achieve high performance, it is necessary to take advantage of all of
the opportunities for optimization that the C language standard permits.

For CERT to simulataneously argue that GCC should be crippled (to
emphasize security over performance) but that nothing negative should
be said about competing compilers is the height of irresponsibility.
Any suggestion that users should avoid new versions of GCC will drive
users to competing compilers that optimize at least as aggressively.
 
CD: 3ms