[Cryptography] Ada vs Rust vs safer C

[Arnold Reinhold]

In the recent thread on safe erasure in C,  much was made of better languages including Ada and Rust. But there is a vast mount of code already written in C. Converting all of it or even a large fraction seems hopeless. For comparison what would it take to make a safer C?

To begin with, many of the problems with unsafe code generation have to do with the large number of undefined behaviors in C.  Since the dogma is that undefined means the compiler can do anything its developers want, what would it take to develop a supplemental specification that defines the most concerning undefined behaviors? What would it then take to develop  compiler that meets those specifications? If the Free Software Foundation might be convinced to help. If not, GCC, or parts of it, could be forked. There must be some programmers out there with compiler chops that would find this kind of project interesting. Perhaps a Kickstarter campaign might be helpful. Defining undefined behavior shouldn’t affect most existing programs.

Building a safer C seems more doable than converting massive amounts of C code, and programers, to new languages.

Arnold Reinhold