[Cryptography] Ada vs Rust vs safer C

Christian Huitema huitema at huitema.net
Mon Sep 19 00:54:53 EDT 2016


On Sunday, September 18, 2016 1:33 AM, Florian Weimer wrote:

> I'm not sure.  PREfast is explicitly targeted at “small code bases”:

Small, like, say, the Windows sources?

It is not so much the size of the code base that matters as the size and complexity of individual functions. I have seen cases where Prefast was producing "false" warnings because, for example, it could not trace how a particular index was evaluated through a complex series of loops and conditional statements. In such cases, there are two options. The lazy one is to add pragmas asking Prefast to "ignore warning such and such in this part of the code". The correct option is to refactor the code, e.g. splitting the long function in a small set of easier-to-evaluate functions.

-- Christian Huitema





More information about the cryptography mailing list