[Cryptography] Ada vs Rust vs safer C

Jerry Leichter leichter at lrw.com
Tue Sep 20 12:29:01 EDT 2016 

> Ab initio safety improvements would consist of clarification of undefined C behaviors to make unsafe code generation less likely. For example assuming twos complement arithmetic.
Actually Standard C long ago settled on "binary and either one's or two's complement" for signed integral types; it may by now say "two's complement".  But that isn't the issue!  The Standard works just fine *as long as you don't exceed the bounds of the integral type*, whether two's complement or otherwise.  As soon as you do, the results are undefined.  Unfortunately, even testing at run time whether the result of an arithmetic operation will be undefined inherently gets you into undefined behavior.

I've never understood the reluctance of the C Standards guys to pin this down further.  They agreed long ago that *unsigned* arithmetic was purely mod 2^n.  And way, way back, it may have made sense to be inclusive and allow C to be used on machines with non-binary arithmetic (IBM 1620 decimal arithmetic), or with odd-ball binary arithmetic (sign and magnitude, anyone?)  But the fact is no one has built machines like that in many years, and no one is likely to - and if they do, it'll be because they have an architecture that's so different C won't work on it anyway.

At this point, it's all two's complement, and overflows either produce an easily predictable result, or trap.  C could move this out of "undefined" to "one of the following small sets of possibilities; you can check which using the following macros".  And many of the issues would go away.

BTW, the relationship between "undefined semantics" and "dangerous semantics" isn't simple!  Unsigned integral values have fully specified semantics in C - but unsigned integral values *as loop indices* are dangerously easy to get wrong!  (Been there, done that.)  In fact, Google's standards for C and C++ forbid the use of unsigned integers except in very limited circumstances (e.g., bit operations).  Back when int was 16 bits, the ability to represent larger numbers in unsigned int was important.  But that need faded years ago.

                                                        -- Jerry

More information about the cryptography mailing list