Is GCC really wrongly optimizing code leading to several bugs and vulnerabilities?
I came across this paper:
>From this PDF:
"We implement this approach in a static checker called Stack, and use it
to show that unstable code is present in a wide range of systems
software, including the Linux kernel and the Postgres database. We
estimate that unstable code exists in 40% of the 8,575 Debian Wheezy
packages that contain C / C++ code."
So, they pretend that an estimated 3430 Debian packages in Wheezy
contain code which GCC optimize, resulting in unexpected behaviors,
leading to bugs and security vulnerabilities.
I haven't checked for these facts myself due to lack of time, which is
why I just post here. I think this paper is interesting anyway, and
Thomas Goirand (zigo)