[Cryptography] Ada vs Rust vs safer C

[Peter Gutmann]

Jerry Leichter <leichter at lrw.com> writes:

>I've never understood the reluctance of the C Standards guys to pin this down
>further.

There's a hint there for anyone who knows any more to spill the beans :-).

You don't really need to do anything at the C standard level though, the
standard already says, in effect, "if you shift more than X bits the compiler
is allowed to reformat your hard drive" (or whatever it chooses to do), so all
a compiler vendor has to do is define their compiler's behaviour to be "the
code we generate will behave as per the native machine architecture".  For
example on x86 it'll do exactly what you'd expect from x86 (i.e. what
Intel/AMD say in their architecture reference), on x64 it'll do what x64 is
specified to do, etc.  Some compilers already do a pretty good job of this,
see the paper I previously referenced.

Peter.