[Cryptography] Ada vs Rust vs safer C

Florian Weimer fw at deneb.enyo.de
Sat Sep 17 11:47:03 EDT 2016


* Arnold Reinhold:

> In the recent thread on safe erasure in C, much was made of better
> languages including Ada and Rust. But there is a vast mount of code
> already written in C. Converting all of it or even a large fraction
> seems hopeless. For comparison what would it take to make a safer C?

An implementation that just provides safety, so that you can just flip
a compiler switch for code which isn't performance-critical.
Obviously, it would need to provide ABI compatibility to be truly
effective.

> To begin with, many of the problems with unsafe code generation have
> to do with the large number of undefined behaviors in C.  Since the
> dogma is that undefined means the compiler can do anything its
> developers want, what would it take to develop a supplemental
> specification that defines the most concerning undefined behaviors?

The specification changes could be fairly minor (e.g., the
implementation would have to detect all type-safety violations).  But
it would be difficult to show that a particular (high-performance)
implementation meets those new requirements.

> What would it then take to develop compiler that meets those
> specifications?

Funding and competent people willing to work on this.  Funding alone
goes only so far.  Compared to what positions are open to people with
the relevant expertise, it's probably not a very attractive task.

At least on the GNU/Linux side, we don't know how to constrain the
scope, and which performance trade-offs are safe.  Resources are
always limited, and if you want to deliver something, you'll
eventually have to cut corners.  Free software vendors just don't know
how their products are exploited in practice (when it comes to
low-level issues where a memory-safe C implementation could help).

And there is still some probability of failure, in the sense that some
things are just very, very hard to implement (parallelism which
actually uses multiple hardware threads in a meaningful way comes to
my mind).


More information about the cryptography mailing list