[Cryptography] Ada vs Rust vs safer C
Peter Gutmann
pgut001 at cs.auckland.ac.nz
Sun Sep 18 10:44:05 EDT 2016
Florian Weimer <fw at deneb.enyo.de> writes:
>I'm not sure. PREfast is explicitly targeted at “small code bases”:
>
>| Users commonly run PREfast over a section of code, view results,
>| make fixes, and then run PREfast again. It is recommended that you
>| divide your build into small (10 MB or less) sections, and run
>| PREfast on each section.
That's just saying that if you have a huge code base you may want to break it
up into smaller pieces to speed up analysis. All of the static analysers take
a long time/lots of CPU to run, and re-analysing the entire code base every
time would be pretty slow. Certainly for PREfast on my code it's case of
going away to do something else when it's running while I can do a full
rebuild in about 30 seconds. That's not a big deal, I wouldn't really care if
it had to run overnight to work.
>If there are annotations that are really helpful and not utterly Windows-
>specific, we can put them into GCC. We just need documentation.
None of them are Windows-specific, it's just things like "this value can only
take ranges between 0 and 100" or "this value points to a buffer whose size is
defined by that other value". There are composite annotations that say things
like "this is a handle to some Windows-specific thing", but they're just
convenience macros built up from the lower-level primitives.
Peter.
More information about the cryptography
mailing list