From: tmoran@acm.org
Subject: Re: Buffer overflow Article - CACM
Date: Sun, 13 Nov 2005 01:35:10 -0600
Date: 2005-11-13T01:35:10-06:00 [thread overview]
Message-ID: <GOadnVJadoAzceveRVn-iA@comcast.com> (raw)
In-Reply-To: uYzdf.18228$Zv5.14884@newssvr25.news.prodigy.net
>In one paragraph, they criticize C as being vulnerable to such attacks
>and then dismiss Pascal as being unable to address low-level issues.
They also say "the performance cost of bounds checking (reported in [the
'Cyclone' variant of C]) involves up to an additional 100% overhead."
I tried
-- Lo, Hi, and A are procedure parameters, so their values
-- and bounds are not known at compile time.
for i in Lo .. Hi loop
A(i) := 0;
end loop;
with Gnat 3.15p with bounds checking on or off, -O2, and got a 65%
degradation, (Because the bounds are pushing the index out of a register?)
In the real world, my impression is that 10-15% is a more common cost of
all checking on vs all off. Even at 65%, if the 20% of the code that
takes 80% of the time were hand checked and then compiled with checking
suppressed, 65% would change to 13% or about 3 months of CPU age by
Moore's law.
>This kind of article appears every now and then. The authors of these
>articles write as if it is necessary to improve C or invent new tools
>when all they really have to do is discover Ada.
Sometimes one does feel like an observer watching a primitive tribe
do something the very hard way. #.#
They also quite fail to mention the x86's Bound instruction (does
anybody use it?) or descriptor architectures like the Burroughs machines
of 40 years ago.
next prev parent reply other threads:[~2005-11-13 7:35 UTC|newest]
Thread overview: 58+ messages / expand[flat|nested] mbox.gz Atom feed top
2005-11-13 5:14 Buffer overflow Article - CACM adaworks
2005-11-13 7:35 ` tmoran [this message]
2005-11-13 8:49 ` Martin Krischik
2005-11-13 11:55 ` Georg Bauhaus
2005-11-13 14:58 ` Florian Weimer
2005-11-14 13:44 ` Marc A. Criley
2005-11-14 19:13 ` Martin Krischik
2005-11-13 15:02 ` Florian Weimer
2005-11-13 15:44 ` Stephen Leake
2005-11-14 14:40 ` adaworks
2005-11-13 23:57 ` Jeffrey R. Carter
2005-11-14 6:51 ` Martin Dowie
2005-11-14 17:55 ` Jeffrey R. Carter
2005-11-15 9:14 ` Martin Dowie
2005-11-14 7:09 ` Pascal Obry
2005-11-14 8:35 ` Dmitry A. Kazakov
2005-11-14 20:57 ` Simon Wright
2005-11-15 8:49 ` Dmitry A. Kazakov
2005-11-15 14:03 ` Georg Bauhaus
2005-11-15 15:14 ` Dmitry A. Kazakov
2005-11-15 22:32 ` Georg Bauhaus
2005-11-16 1:21 ` Robert A Duff
2005-11-16 9:26 ` Dmitry A. Kazakov
2005-11-16 13:02 ` adaworks
2005-11-17 11:13 ` Martin Dowie
2005-11-14 17:58 ` Jeffrey R. Carter
2005-11-14 18:44 ` Larry Kilgallen
2005-11-25 5:56 ` Christopher Browne
2005-11-26 1:31 ` Jeffrey R. Carter
2005-11-27 21:36 ` adaworks
2005-11-28 12:12 ` Simon Clubley
2005-12-01 2:35 ` robin
2005-12-01 7:05 ` adaworks
2005-12-03 13:42 ` robin
2005-12-03 18:18 ` adaworks
2005-12-12 1:23 ` robin
2005-12-31 7:39 ` robin
2005-12-31 17:03 ` Georg Bauhaus
2006-01-01 12:12 ` Martin Krischik
2006-01-01 23:12 ` robin
2006-01-02 3:37 ` jimmaureenrogers
2006-01-12 22:10 ` robin
2006-01-03 9:52 ` Georg Bauhaus
2006-01-12 22:10 ` robin
2006-01-12 22:36 ` Georg Bauhaus
2006-01-13 19:53 ` Keith Thompson
2006-01-13 20:22 ` Dan Nagle
2006-01-14 17:50 ` Björn Persson
[not found] ` <12ces1lv5dvm6pifdapj11o1hrtlm6ec7q@4ax.com>
2006-01-13 23:28 ` robin
2005-11-30 15:27 ` robin
2005-11-14 10:17 ` Peter Amey
2005-11-29 8:16 ` Harald Korneliussen
2005-11-29 10:48 ` Peter Amey
2005-11-30 21:21 ` Brian May
2005-12-01 5:36 ` Jeffrey R. Carter
2005-12-01 9:01 ` Harald Korneliussen
2005-12-01 11:21 ` Martin Dowie
2005-12-01 17:58 ` Jeffrey R. Carter
replies disabled
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox