[cfe-dev] making -ftrivial-auto-var-init=zero a first-class option
Kees Cook via cfe-dev
cfe-dev at lists.llvm.org
Wed Apr 22 10:23:43 PDT 2020
On Tue, Apr 21, 2020 at 07:20:18PM -0700, Mehdi AMINI wrote:
> They mention that "zero is the safest value from security point-of-view",
> and you mentioned it also in multiple places. Is there a detailed analysis
> somewhere that explains this? (I'm not knowledgeable but always interested
> to learn more)
I don't have a good direct reference handy. This has mostly been
internal manual examination of past flaws. I'll see if I can find
something.
> Overall when I read their perf analysis I would try to advocate to kill the
> flag and make zero-init the default for non-array POD. This would simplify
> the perf tuning aspect of the compiler (the optimizer heuristics would be
> always tuned for this) and most software out there could be hand-tuned with
> respect to this as well. This seems better than yet another mode in the
> compiler, in particular for a "production oriented" option.
> This is also another way to address the "language fork" issue: if the major
> compiler out there (clang, gcc, MSVC at least) were to implement this
> behavior by default, this could then in turn help convincing the standard
> committee to adopt it in a future revision.
While I'm all for this being a default, I think that's a much larger
step. At present, I'd just like to adjust the -enable... flag. Perhaps
we can revisit defaults at a later time.
--
Kees Cook
More information about the cfe-dev
mailing list