[Cryptography] Ada vs Rust vs safer C

[Peter Gutmann]

Jerry Leichter <leichter at lrw.com> writes:

>There have been many attempts to define such a language.  Sometimes just as a
>matter of (checked, if possible) conventions about what constructs to allow
>and what to forbid; sometimes by actually defining a new subset language and
>developing a compiler for it.

For a first start, you don't even need to do that.  Just have the compiler
make some common-sense assumptions, e.g. that it's running on a two's-
complement machine, that if it's (say) x86-64 then integer ops will have the
semantics of the x86-64 architecture, and so on.  This would immediately get
rid of the majority of the problems covered in the paper I referenced in my
previous message.

Peter.