Is GCC really wrongly optimizing code leading to several bugs and vulnerabilities?

To: debian-devel <debian-devel@lists.debian.org>
Subject: Is GCC really wrongly optimizing code leading to several bugs and vulnerabilities?
From: Thomas Goirand <zigo@debian.org>
Date: Sun, 24 Nov 2013 21:21:35 +0800
Message-id: <[🔎] 5291FD5F.8070007@debian.org>

Hi,

I came across this paper:
http://pdos.csail.mit.edu/~xi/papers/stack-sosp13.pdf

>From this PDF:

"We implement this approach in a static checker called Stack, and use it
to show that unstable code is present in a wide range of systems
software, including the Linux kernel and the Postgres database. We
estimate that unstable code exists in 40% of the 8,575 Debian Wheezy
packages that contain C / C++ code."

So, they pretend that an estimated 3430 Debian packages in Wheezy
contain code which GCC optimize, resulting in unexpected behaviors,
leading to bugs and security vulnerabilities.

I haven't checked for these facts myself due to lack of time, which is
why I just post here. I think this paper is interesting anyway, and
worth sharing.

Thoughts anyone?

Cheers,

Thomas Goirand (zigo)

Reply to:

Follow-Ups:
- Re: Is GCC really wrongly optimizing code leading to several bugs and vulnerabilities?
  - From: Neil McGovern <neilm@debian.org>
- Re: Is GCC really wrongly optimizing code leading to several bugs and vulnerabilities?
  - From: Henrique de Moraes Holschuh <hmh@debian.org>
- Re: Is GCC really wrongly optimizing code leading to several bugs and vulnerabilities?
  - From: intrigeri <intrigeri@debian.org>

Prev by Date: Bug#730357: ITP: turpial -- Light, fast, and fully functional Twitter client written in Python
Next by Date: Re: Is GCC really wrongly optimizing code leading to several bugs and vulnerabilities?
Previous by thread: Bug#730357: ITP: turpial -- Light, fast, and fully functional Twitter client written in Python
Next by thread: Re: Is GCC really wrongly optimizing code leading to several bugs and vulnerabilities?
Index(es):
- Date
- Thread