AD5040: DoNotUseUncheckedOptimization¶
Summary¶
| Property | Value |
|---|---|
| ID | AD5040 |
| Name | DoNotUseUncheckedOptimization |
| Category | Security |
| Severity | Warning |
| Applies to | Mach-O (macOS, iOS) |
Description¶
Mach-O binaries should not use aggressive optimization flags that sacrifice safety for performance, potentially introducing undefined behavior.
How It Works¶
The rule checks for dangerous optimization indicators:
-ffast-mathusage patterns-fno-strict-overflow(actually safer, not flagged)- Other unsafe optimization patterns
Why This Matters¶
Some optimization flags assume the program has no undefined behavior. If it does, these flags can cause unexpected security issues.
Dangerous Optimizations¶
| Flag | Risk |
|---|---|
| -ffast-math | NaN/Inf handling, precision loss |
| -funsafe-math-optimizations | Math identity assumptions |
| -ffinite-math-only | Assumes no NaN/Inf |
| -fno-trapping-math | Ignores FP exceptions |
-ffast-math Security Issues¶
// With -ffast-math:
if (x != x) {
// NaN check - optimizer may remove this!
handle_nan();
}
// This can cause security issues if NaN
// indicates an attack or data corruption
Safer Alternatives¶
| Need | Safe Alternative |
|---|---|
| Performance | -O3 without -ffast-math |
| Size | -Os |
| Math speed | -fno-math-errno only |
Checking for Fast-Math¶
# Check if fast-math was used
otool -l binary | grep FAST_MATH
# Or check for reassociated math patterns
Resolution¶
Avoid unsafe optimization flags:
# Bad
clang -O3 -ffast-math program.c
# Good
clang -O3 program.c
# If you need some math optimizations:
clang -O3 -fno-math-errno -fno-signed-zeros program.c
# These are safer than full -ffast-math
CMake Configuration¶
# Do NOT use:
# add_compile_options(-ffast-math)
# Instead, use targeted options if needed:
add_compile_options(-fno-math-errno) # Safe
Xcode Settings¶
Avoid setting "Relax IEEE Compliance" to Yes.