[Cryptography] [FORGED] Re: How programming language design can help us write secure crypto code
Christian Huitema
huitema at huitema.net
Mon Oct 26 10:07:34 EDT 2015
On Sunday, October 25, 2015 10:33 PM, Rob Meijer wrote:
> 2015-10-25 2:35 GMT+01:00 Ray Dillinger <bear at sonic.net>:
>
>> I would be in favor of an extended standard for "Crypto C" such
>> that all code whose behavior is specified in C would be specified
>> identically in Crypto C, no new syntax or keywords would be
>> introduced, and most of things that are left unspecified in the
>> C standard would be either guaranteed to be compile-time errors
>> or specified with an exact semantics.
>
> The problem is: Undefined behaviour is where compiler builders get to make
> optimisation work for you. Would you be OK with for example having to
> specify each and every variable as volatile in order to make sure your compiler
> would not be able to misoptimize?
In the sample, the compiler could perform the optimizations safely if it knew the expected range of the integer variable. If the compiler can predict the value will not overflow, the optimization is safe. Some checkers like Prefix can check that, and complain if an integer overflow is possible and not checked. I wonder whether the new C11 extensions enable that.
-- Christian Huitema
More information about the cryptography
mailing list