[Cryptography] Ada vs Rust vs safer C
Ben Laurie
benl at google.com
Sun Sep 18 15:47:48 EDT 2016
On 18 September 2016 at 15:44, Peter Gutmann <pgut001 at cs.auckland.ac.nz> wrote:
> Florian Weimer <fw at deneb.enyo.de> writes:
>
>>I'm not sure. PREfast is explicitly targeted at “small code bases”:
>>
>>| Users commonly run PREfast over a section of code, view results,
>>| make fixes, and then run PREfast again. It is recommended that you
>>| divide your build into small (10 MB or less) sections, and run
>>| PREfast on each section.
>
> That's just saying that if you have a huge code base you may want to break it
> up into smaller pieces to speed up analysis. All of the static analysers take
> a long time/lots of CPU to run, and re-analysing the entire code base every
> time would be pretty slow. Certainly for PREfast on my code it's case of
> going away to do something else when it's running while I can do a full
> rebuild in about 30 seconds. That's not a big deal, I wouldn't really care if
> it had to run overnight to work.
>
>>If there are annotations that are really helpful and not utterly Windows-
>>specific, we can put them into GCC. We just need documentation.
>
> None of them are Windows-specific, it's just things like "this value can only
> take ranges between 0 and 100" or "this value points to a buffer whose size is
> defined by that other value". There are composite annotations that say things
> like "this is a handle to some Windows-specific thing", but they're just
> convenience macros built up from the lower-level primitives.
An open question is whether MS would claim copyright (or other IP) on
these annotations.
More information about the cryptography
mailing list