@saagar
> you can build useful security properties on top of UB

until a compiler update comes

@saagar I can't see those :( I think twitter only shows them to logged-in users

@saagar are we talking about C? is there a compiler flag that makes that happen?

@saagar well then the compiler is defining a behaviour that was previously undefined.

You're not guaranteed by C standard that overflows will trap, but you're guaranteed by the compiler that overflows will trap.
It's not UB on that compiler (and hopefully all future versions of that compiler, and maybe other compilers that have the same nonstandard feature). It's just non-portable code.

1/

@saagar

That being said I agree that teaching "UB is black box" is wrong. It's best to show an example how a seemingly innocent UB can cause an optimizing compiler to make assumptions and delete half of your code.
2/2

@saagar well -O3 isn't a default :P

@saagar OpenSSL did this iirc and debian broke it by trying to fix it. Maybe that was just uninitialized memory but I think that's a kind of undefined behavior.

@saagar It was essential to the design of OpenSSL because it increases the entropy of the seeds it generates

@saagar How was it a bad idea? It was a good idea; downstream idiots who didn't understand it purposefully broke the code thinking they were "fixing" it because they didn't understand the code and saw valgrind warn about it. That code is still in openssl.

@saagar how does drbg do it? Also if you lack the ability to think critically about the warnings a program is giving you when programming in general I think you're sort of cruising for a bruising. Deep understanding is always better than "waving a chicken at it until the warnings go away," or trusting software to be infallible.