[Cryptography] Ada vs Rust vs safer C

Peter Gutmann pgut001 at cs.auckland.ac.nz
Sun Sep 18 02:31:35 EDT 2016


Florian Weimer <fw at deneb.enyo.de> writes:

>* John Denker:
>> Another line of attack is to add /annotations/ to make static
>> analysis more effective.
>
>We have some very powerful tools, but my impression is that in order to use
>them, I need to manually massage my source code and feed it to the tool
>outside of the build process.  This may certainly give important insights,
>but by its nature, it's just a snapshot (like a source code audit, or a
>typical fuzzing effort).  What I want is something that runs as part of the
>regular build process, just like a test suite, and that narrows the set of
>available tools quite significantly (and most have you deal with license
>management *yuck*).

You've just described PREfast (for an annotation-guided analyser) [0] and
Coverity/Fortify/whatever (plus the somewhat more limited clang analyser) for
a non-guided analyser.  PREfast has the advantage that it's free, but also the
disadvantage that it's somewhat under-documented, so the annotations for more
complex things like pointer derefs are kind of trial-and-error (if anyone from
MS is reading this and can answer some questions on PREfast annotations or can
update the documentation, it'd be a great help, there's a pile of stuff around
DEREF that's so sparsely documented it's pure guesswork on how to apply it).
Having said that, its annotations make it incredibly powerful, you can turn C
into something close to Pascal in terms of its checking via PREfast analysis.

So that would be another answer to the question about new tools, to some
extent they already exist, you've got the PREfast analyser and a matching
compiler that's the least likely to do unexpected things to your code.

Peter.

[0] And for the people who are going to say "but that's Windows only", you've
    got the source code for gcc/clang/whatever, what's the problem? :-).


More information about the cryptography mailing list