|
|
|
|
|
|
by jloughry
4620 days ago
|
|
|
The issue is six years old (2007) but the problem is still relevant in 2013: see the brand new paper by Wang, et al. 'Towards Optimization-Safe Systems: Analyzing the Impact of Undefined Behavior' to appear in SOSP'13 next week. The authors define 'optimisation-unstable code' unusually; what I think they mean is that compilers are permitted by the C language standard to do anything with undefined code, but the real problem is that any change of compiler, environment, flags, or compiler version might change the behaviour of existing code, including opening up security vulnerabilities that weren't there last week. ETA: here is the link to the paper, in PDF: http://pdos.csail.mit.edu/papers/stack:sosp13.pdf |
|
|