OpenSSL static analysis, was: De Raadt + FBSD + OpenSSH + hole?

[Lev Serebryakov]

Hello, Ronald.
You wrote 26 апреля 2014 г., 1:21:47:

RFG> The (modified/quieted) code example under discussion is as follows:
RFG>         variable = value0;  /* initialization */
RFG>         if (condition) variable = value1;
RFG>         if (!condition) variable = value2;
RFG>         use (variable);

RFG> Please note that variable *is* *always* set to some value (either value1
RFG> or value2) after initialization.  The "error condition" that you seem
RFG> concerned about having explicitly flagged does not in fact exist in the
RFG> example code snippet under discussion.
  I have only one question: which memory model do you have in mind when you
 do this statement?

  Please note, that now you could hardly find single-core/single-threaded CPU
 (even current ARMs are multi-cored now) and only two non-functional
 languages with formally specified memory model I know is C++11 and Java.
 I belive, Ada should have well-defined memory model, but I know next to
 nothing about Ada.

  I could easily write code like shown above in Java, which left "variable"
 with value0 up to line with "use()" and it will be not a bug in JVM, but bug
 in code: everything depend on variables which are used in "condition" and
 "variable" itself. Yes, it is not possible (in Java!) when everything is
 arguments to method or local (on stack), but as soon I don't know YOUT
 memory model and that YOUR compiler and execution environment implements
 this mode PROPERLY, I could not be sure, that even "localness" of data
 helps.

  And please note, that different CPUs has very different memory model (even
 now, when Alpha is long-dead), and as C is very down-to-hardware language
 and C standard doesn't have any real memory-model described, so it is very
 hard to reason about this C code, if it i C.

-- 
// Black Lion AKA Lev Serebryakov <lev at FreeBSD.org>