[Cryptography] Ada vs Rust vs safer C

[Watson Ladd]

On Fri, Sep 16, 2016 at 1:31 PM, Arnold Reinhold <agr at me.com> wrote:
> In the recent thread on safe erasure in C, much was made of better
languages including Ada and Rust. But there is a vast mount of code already
written in C. Converting all of it or even a large fraction seems hopeless.
For comparison what would it take to make a safer C?
>
> To begin with, many of the problems with unsafe code generation have to
do with the large number of undefined behaviors in C. Since the dogma is
that undefined means the compiler can do anything its developers want, what
would it take to develop a supplemental specification that defines the most
concerning undefined behaviors? What would it then take to develop compiler
that meets those specifications? If the Free Software Foundation might be
convinced to help. If not, GCC, or parts of it, could be forked. There must
be some programmers out there with compiler chops that would find this kind
of project interesting. Perhaps a Kickstarter campaign might be helpful.
Defining undefined behavior shouldn’t affect most existing programs.

Compilers can't introduce bounds checks without changing pointer
representations. That will break calling conventions and hardware. You
could get around this, but it would be painful, particularly when functions
want to change the endpoints of pointers (like allocators).

>
> Building a safer C seems more doable than converting massive amounts of C
code, and programers, to new languages.
>
> Arnold Reinhold
> _______________________________________________
> The cryptography mailing list
> cryptography at metzdowd.com
> http://www.metzdowd.com/mailman/listinfo/cryptography

-- 
"Man is born free, but everywhere he is in chains".
--Rousseau.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.metzdowd.com/pipermail/cryptography/attachments/20160916/520fa7dd/attachment.html>