USENIX: Unstable code can lead to security vulnerabilities

[InfoSec News <alerts () infosecnews org>]

http://www.computerworld.com/s/article/9249246/USENIX_Unstable_code_can_lead_to_security_vulnerabilities

By Joab Jackson
IDG News Service
June 19, 2014

As if tracking down bugs in a complex application isn't difficult enough, 
programmers now must worry about a newly emerging and potentially 
dangerous trap, one in which a program compiler simply eliminates chunks 
of code it doesn't understand, often without alerting the programmer of 
the missing functionality.

The code that can lead to this behavior is called optimization-unstable 
code, or "unstable code," though it is more of a problem with how 
compilers optimize code, rather than the code itself, said Xi Wang, a 
researcher at the Massachusetts Institute of Technology. Wang discussed 
his team's work at the USENIX annual technical conference, being held this 
week in Philadelphia.

With unstable code, programs can lose functionality or even critical 
safety checks without the programmer's knowledge.

That this problem is only now coming to the attention of researchers may 
mean that many programs considered as secure, especially those written in 
C or other low-level system languages, may have undiscovered 
vulnerabilities.

[...]



--
Evident.io - Continuous Cloud Security for AWS.
Identify and mitigate risks in 5 minutes or less.
Sign up for a free trial @ https://evident.io/