Date: Thu, 1 May 2014 11:54:24 +0400 From: Lev Serebryakov <lev@FreeBSD.org> To: "Ronald F. Guilmette" <rfg@tristatelogic.com> Cc: "freebsd-security@freebsd.org security" <freebsd-security@freebsd.org> Subject: Re: OpenSSL static analysis, was: De Raadt + FBSD + OpenSSH + hole? Message-ID: <25986221.20140501115424@serebryakov.spb.ru> In-Reply-To: <32377.1398460907@server1.tristatelogic.com> References: <CAG5KPzw_cOfFLX_kn=5DWAX%2Bz%2B9VeXuzo3Q8YekDJG37tDQ_wQ@mail.gmail.com> <32377.1398460907@server1.tristatelogic.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hello, Ronald. You wrote 26 =D0=B0=D0=BF=D1=80=D0=B5=D0=BB=D1=8F 2014 =D0=B3., 1:21:47: RFG> The (modified/quieted) code example under discussion is as follows: RFG> variable =3D value0; /* initialization */ RFG> if (condition) variable =3D value1; RFG> if (!condition) variable =3D value2; RFG> use (variable); RFG> Please note that variable *is* *always* set to some value (either valu= e1 RFG> or value2) after initialization. The "error condition" that you seem RFG> concerned about having explicitly flagged does not in fact exist in the RFG> example code snippet under discussion. I have only one question: which memory model do you have in mind when you do this statement? Please note, that now you could hardly find single-core/single-threaded C= PU (even current ARMs are multi-cored now) and only two non-functional languages with formally specified memory model I know is C++11 and Java. I belive, Ada should have well-defined memory model, but I know next to nothing about Ada. I could easily write code like shown above in Java, which left "variable" with value0 up to line with "use()" and it will be not a bug in JVM, but b= ug in code: everything depend on variables which are used in "condition" and "variable" itself. Yes, it is not possible (in Java!) when everything is arguments to method or local (on stack), but as soon I don't know YOUT memory model and that YOUR compiler and execution environment implements this mode PROPERLY, I could not be sure, that even "localness" of data helps. And please note, that different CPUs has very different memory model (even now, when Alpha is long-dead), and as C is very down-to-hardware language and C standard doesn't have any real memory-model described, so it is very hard to reason about this C code, if it i C. --=20 // Black Lion AKA Lev Serebryakov <lev@FreeBSD.org>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?25986221.20140501115424>