[Cryptography] [FORGED] Re: How programming language design can help us write secure crypto code

Jerry Leichter leichter at lrw.com
Sat Oct 31 23:57:29 EDT 2015 

>> Not really, if you know how gcc works then it happens because the warnings are
>> issued by the front-end before data flow analysis occurs (so cases of
>> inadvertent NULL pointer use are missed) but then the optimiser later applies
>> the annotation to mean that the value can never be NULL.
This is very much in keeping with the original "spirit of C", one part of which was explicitly "Trust the programmer".

Now, all kinds of things made sense - or at least sounded like they made sense - back in the 1970's when C was originally designed for use by highly skilled, highly experienced programmers.  Even they got in trouble - but rarely.  This was an era where the designers of C could seriously argue that C was like a fighter jet.  If you wanted a Piper Cub - safe, easy to control, appropriate for a neophyte - there were plenty of other languages available to you.  C "got out of the way" of the serious programmer.

C programmers operate under the illusion that because they are writing in the same language as some of the legendary programmers of lore, they, too can write perfect code, and they don't need some compiler complaining a them.  (In fact, if you look at the code in early Unix or in some of the early tools, you'll find that in general it was deliberately written very conservatively, by people who understood their own limits and used various conventions and other techniques to do what compilers today, running on vastly faster machines using much improved algorithms, can do easily.)  One of the early Unix guys - I forget which - has a line something like:  Everyone knows that debugging is much harder then coding. So if you write code to the very limits of your ability, by definition you can't debug it.

It appears the the gcc developers continue to operate in the world of the 1970's.  Nice little utopia - unfortunately, hardly anyone actually lives there.

                                                        -- Jerry

More information about the cryptography mailing list