[Cryptography] bounded pointers in C
David Mercer
radix42 at gmail.com
Mon Apr 21 16:42:16 EDT 2014
On Mon, Apr 21, 2014 at 12:41 PM, Bill Frantz <frantz at pwpconsult.com> wrote:
> On 4/21/14 at 6:05 AM, pgut001 at cs.auckland.ac.nz (Peter Gutmann) wrote:
>
> Sorry, nonstandard terminology, I meant constantly auditing your own code,
>> which in both Wietse's case and mine means taking printouts of code
>> modules
>> home to read offline at your own pace to check for problems. That's not
>> just
>> code you've recently been working on, but selections of older code modules
>> that you're re-checking in case you see something that didn't pop out the
>> last
>> time you checked.
>>
>
> Two things I have found useful in this kind of effort:
>
> Carefully compare the code with the comments. SInce most of my
> professional career was writing in assembler, I tended to comment each
> instruction with a reason for its existence. I frequently found bugs where
> the comment said one thing and the code something slightly different. Only
> one time did they seem different, but weren't. That time produced even more
> comments as to why the comment and the code were both correct. In a sense,
> my code included an informal proof of correctness in the comments.
>
> Use an automatic formater to reformat your code for review. (Keep the
> original format for your source code control system. People make more
> readable formatting than machines.) Seeing the same code from a different
> point of view can overcome personal blind spots.
I think that printing the code out as hardcopy is valuable for the
"different point of view" aspect of the exercise. I've also found that
useful when maintaining large and/or old codebases ("add this feature to
this 10 million line/10 year old system"). You can go nuts with a
highlighter marking up all of the places a variable that contains
externally provided data/state and lay out a LOT of pages to look at them
at once. You just aren't going to get as much code displayed at once on
monitors as you are on pages spread out on tables. Doing a review like that
for commits to openssl would have followed the "payload length" parameter
in Heartbleed all the way through and brought it to attention.
-David Mercer
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20140421/45ecfd0e/attachment.html>
More information about the cryptography
mailing list