[Cryptography] cryptography Digest, Vol 47, Issue 1
Nemo
nemo at self-evident.org
Wed Mar 1 12:55:31 EST 2017
On Tue, 28 Feb 2017 10:57:31 -0700 John Denker <jsd at av8n.com> wrote:
> On the other edge of the same sword, one could argue that those
> standards are not nearly restrictive enough. They allow and
> even require the use of local automatic variables (Rule 13),
> but nowadays you can run out of room on the stack 1000 times
> more easily than you can run out of room in the heap.
No, you cannot, because of Rule 4:
Rule 4 (recursion)
There shall be no direct or indirect use of recursive function
calls. [MISRA-C:2004 Rule 16.2; Power of Ten Rule 1]
The presence of statically verifiable loop bounds and the absence of
recursion prevent runaway code, and help to secure predictable
performance fo r all tasks. The absence of recursion also
simplifies the task of deriving reliable bounds on stack use. The
two rules combined secure a strictly acyclic function call graph and
control-flow structure, which in turn enhances the capabilities for
static checking tools to catch a broad range of coding defects.
In the absence of recursion, any decent static checker will compute a
bound on the stack use. I know Coverity does.
Well, technically you do also need to avoid alloca() and variable-length
arrays (VLAs).
alloca() is non-standard and is anyway called out as verboten in Rule 5.
VLAs are part of the C99 standard, which Rule 1 identifies as the source
language. It would be consistent with this spec to forbid them, but at
first glance I do not see it. This might be an oversight.
Anyway, I would say the authors of these rules have thought things
through pretty carefully. I would not want to code under these
restrictions, but then my code does not need to run a billion miles out
of my reach for several years.
- Nemo
More information about the cryptography
mailing list