Dangerous Optimizations and the Loss of Causality in C and C++ Programming
Offered By: OWASP Foundation via YouTube
Course Description
Overview
Explore the impact of compiler optimizations on software security in this 45-minute conference talk from AppSec EU 2017. Delve into how compiler writers leverage undefined behaviors in C and C++ to enhance optimizations, potentially compromising developers' ability to perform cause-effect analysis. Examine common optimizations, their potential to introduce software vulnerabilities, and learn practical mitigation strategies. Cover topics such as constant folding, bounds checking, algebraic simplification, and critical undefined behaviors. Gain insights into GCC details, strict overflow settings, and recommendations for maintaining software causality and reducing the risk of faults, defects, and vulnerabilities in C and C++ programming.
Syllabus
Intro
Premise
Vulnerability Notes Database
Compiler Optimizations
Implementation Strategies
Constant Folding
Unexpected Results
Bounds Checking
Algebraic Simplification Applied
Mitigation
Another Algebraic Simplification
GCC Details
Wstrict-overflow=n
Definitions
Requirements
Critical Undefined Behaviors
Recommendations
Summary
Taught by
OWASP Foundation
Related Courses
Pattern-Oriented Software Architectures: Programming Mobile Services for Android Handheld SystemsVanderbilt University via Coursera Engineering Maintainable Android Apps
Vanderbilt University via Coursera Software Design as an Element of the Software Development Lifecycle
University of Colorado System via Coursera Secure Software Development
Pluralsight Secure Software Concepts for CSSLPĀ®
Pluralsight