The Future of C Code Review

I gave a short talk on the Future of C Code Review at our internal (Not) NCC Con Conference this year (held virtually due to Covid-19) and recorded it for posterity.

In this short talk, I focus on optimizations resulting from pointer provenance-based alias analysis that can modify the behavior of code with undefined behaviors.

Presentation Abstract:
The C language Standard and implementations continue to evolve as compiler vendors pursue ever aggressive areas of optimization. Pointer provenance arises from alias analysis and determines the appropriate use of pointers from their original provenance. This determination often conflicts with the hardware behavior model that generations of C and C++ programmers assumed was normal behavior, but was undefined behavior all along. This talk explains what pointer provenance is, how it can introduce security flaws into your C program, and how to spot the problem and repair it.

You can read much, much more about this here:

A Provenance-aware Memory Object Model for C
http://www.open-std.org/jtc1/sc22/wg14/www/docs/n2577.pdf