[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-Disclosure] Off topic programming thread
- To: <Alexandre.Dulaunoy@ael.be>
- Subject: Re: [Full-Disclosure] Off topic programming thread
- From: "Bill Royds" <full-disclosure@royds.net>
- Date: Wed, 29 Oct 2003 21:26:00 -0500
I downloaded and looked at Cyclone today and it looks like it would be a
good system to get developers to move to. Its only problem is that it also
adds to the C language (garbage collection, templates like C++ etc.) that
means that one has to edit standard C to compile, even for C that is not
using unsafe constructs.
What would be more interesting is a stripped down version of this compiler
that did not expand on C sysntax and constructs but limited ordinary C to
safe constructs so that ordinary C's pointer sysntax would be compiled into
the cyclone "fat" pointer that holds array bounds and reference counts. The
unsafe pointer that only holds an address would not be the default but would
need to be cast explicitly if needed to call a C library.
What is really needed is a C compiler that complains when one does pointer
arithmetic on unauthenticated pointers (arguments or results of malloc or
other calls), that has the NULL pointer actually stop use of unallocated
memory free handles reference counting and prevents use of the pointer
further, pointers have an associated descriptor that holds size of allocated
memory and prevents out of bounds assignments etc.
Raw C is too close to machine language to be used for high level code, even
Ritchie and Thompson said that.
----- Original Message -----
From: "Alexandre Dulaunoy" <alexandre.dulaunoy@ael.be>
To: "Bill Royds" <full-disclosure@royds.net>
Cc: "Brett Hutley" <brett@hutley.net>; "madsaxon" <madsaxon@direcway.com>;
<full-disclosure@lists.netsys.com>
Sent: Wednesday, October 29, 2003 9:07 AM
Subject: Re: [Full-Disclosure] Off topic programming thread
> On Wed, 29 Oct 2003, Bill Royds wrote:
>
> > I agree that one can write secure code in C, but I am saying that C
doesn't
> > help in writing it.
> > Perhaps we need to "deprecate" some C standard library functions and
syntax
>
> Various attempts to move to a specific dialect of C exists, I don't
> really know the efficiency of that.
>
> http://www.research.att.com/projects/cyclone/
>
> On the other side, an interpreter of C can also be used to check
> consistency of the software and reaction inside a 'kind of' vm.
>
> http://root.cern.ch/root/Cint.html
>
> It's only a part of the cake.
>
> Every ingredient are important for the taste of the cake, taste is
> security and cake is software.
>
> --
> -- Alexandre Dulaunoy (adulau) -- http://www.foo.be/
> -- http://pgp.ael.be:11371/pks/lookup?op=get&search=0x44E6CBCD
> -- "Knowledge can create problems, it is not through ignorance
> -- that we can solve them" Isaac Asimov
>
>
>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html