[Cryptography] Secure erasure

Henry Baker hbaker1 at pipeline.com
Mon Sep 12 23:44:03 EDT 2016


At 03:48 PM 9/12/2016, Watson Ladd wrote:
>If only there was a widely used embedded language designed by the DoD with built-in bounds checks, widespread compiler support on different architectures, and in GCC.
>
>Maybe it's even named after a woman.

Having studied Ada at some length, I see no significant advantage
of Ada over C for any of the purposes we discuss on these lists.

My opinion isn't based on the characteristics of the language,
per se, but on the inability to control the fine details of the
implementation.

What's the point of having a garbage collector (in some versions
of Ada), if you can't control fine details enough to make sure
that it isn't going to ruin your real-time performance?

More to the point of this thread, what's the point of having a
more array bounds checking if you can't control carefully enough
what happens when an array index does go out of bounds?

In my experience with Ada, I spent most of my time fighting the
implementation, and after all that effort, the performance was
dismal.

Bottom line: Ada was PL/I with slightly more modern syntax, but
not nearly as high quality compilers and run-time systems.

-----

Modern CPU's with sophisticated instruction fetch hardware
can arrange execution so that array bounds checking is done
in parallel with other activities, so it no longer exacts
any run-time penalty.  And with multiple CPU's, there are
typically huge numbers of cycles to burn in any case.

So ubiquitous array-bounds checking should no longer be an
issue.

What we're currently fighting are billions of lines of
legacy software developed by the "code cowboys" trained
by Berkeley, Stanford and Bell Labs in the 1980's and
enthusiastically hired (using programming tests which
marked down those who checked array bounds) by Microsoft,
Oracle, etc., who *never* checked an array bound in their
entire programming lives.



More information about the cryptography mailing list