http://www.itworld.com/security/380406/how-your-compiler-may-be-compromising-application-security
<quote> Compilers: can’t live with ‘em, can’t live without ‘em - at least not if you write code for a living. Compilers are great at taking your hand crafted human-readable program, translating it into machine code and, in the process, optimizing it so it runs as efficiently as possible. Sometimes, though, as new research from MIT points out, in their zeal to optimize your code, compilers can go too far and remove code that they shouldn’t, which can make the system or application more vulnerable. ... The MIT researchers studied a dozen common C/C++ compilers to see how they dealt with undefined code. They found that, over time, compilers are becoming more aggressive in how they deal with such code, more often simply removing it, even at default or low levels of optimization. Since C/C++ is fairly liberal about allowing undefined behavior, it is more susceptible to subtle bugs and security threats as a result of unstable code. </quote> I don't know if this applies to z/OS or other z compilers. But I thought it was at least somewhat interesting. I never consider that the compiler, in its zeal, might do something like this. -- This is clearly another case of too many mad scientists, and not enough hunchbacks. Maranatha! <>< John McKown ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
