On Mon, Apr 28, 2014 at 16:45:56 +0000, Thorsten Glaser wrote: > Shachar Shemesh <shachar <at> debian.org> writes: > > > the changes there is a runtime check for undefined behavior. Just > > compile with -fsanitize=undefined, and your program will crash with > > log if it performs an operation that C/C++ considers to be > > undefined. > > This does not help. At all. > > Consider: > > • all possible codepaths > > × > > • all possible combinations of input/state data > > Even “just” checking mksh would not work, for example. > Let alone OpenSSL. > > Plus, crashing in a screensaver is bad :D [...]
So are we really at a point where we need all the en-vogue techniques applied to each and every package in our distribution? Shouldn't we maybe first sort out some basic problems that the compiler tells us about at no run-time cost? I was slightly in shock when I realised the length of the list at http://qa.debian.org/bls/bytag/W-implicit-declaration.html knowing that bugs such as #702889 would have been caught by the compiler. (And anyway missing function declarations imply a chance of undefined behaviour as per 6.5.2.2, paragraph 10 of ISO C11.) I'm not saying that there aren't any packages benefiting from hardening/sanitisation flags, but type checking and data-flow analyses built into current compilers could do a very decent job already *if only people paid attention to warnings*. And doing static analysis (which, by the way, is a key approach to combat the combinatorial explosion outlined by mirabilos) beyond what compilers do as part of their job will require that the most basic inconsistencies be ironed out first. Best, Michael
pgpIHz4zify2L.pgp
Description: PGP signature
