I downloaded and looked at Cyclone today and it looks like it would be a good system to get developers to move to. Its only problem is that it also adds to the C language (garbage collection, templates like C++ etc.) that means that one has to edit standard C to compile, even for C that is not using unsafe constructs. What would be more interesting is a stripped down version of this compiler that did not expand on C sysntax and constructs but limited ordinary C to safe constructs so that ordinary C's pointer sysntax would be compiled into the cyclone "fat" pointer that holds array bounds and reference counts. The unsafe pointer that only holds an address would not be the default but would need to be cast explicitly if needed to call a C library. What is really needed is a C compiler that complains when one does pointer arithmetic on unauthenticated pointers (arguments or results of malloc or other calls), that has the NULL pointer actually stop use of unallocated memory free handles reference counting and prevents use of the pointer further, pointers have an associated descriptor that holds size of allocated memory and prevents out of bounds assignments etc. Raw C is too close to machine language to be used for high level code, even Ritchie and Thompson said that.
----- Original Message ----- From: "Alexandre Dulaunoy" <[EMAIL PROTECTED]> To: "Bill Royds" <[EMAIL PROTECTED]> Cc: "Brett Hutley" <[EMAIL PROTECTED]>; "madsaxon" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Wednesday, October 29, 2003 9:07 AM Subject: Re: [Full-Disclosure] Off topic programming thread > On Wed, 29 Oct 2003, Bill Royds wrote: > > > I agree that one can write secure code in C, but I am saying that C doesn't > > help in writing it. > > Perhaps we need to "deprecate" some C standard library functions and syntax > > Various attempts to move to a specific dialect of C exists, I don't > really know the efficiency of that. > > http://www.research.att.com/projects/cyclone/ > > On the other side, an interpreter of C can also be used to check > consistency of the software and reaction inside a 'kind of' vm. > > http://root.cern.ch/root/Cint.html > > It's only a part of the cake. > > Every ingredient are important for the taste of the cake, taste is > security and cake is software. > > -- > -- Alexandre Dulaunoy (adulau) -- http://www.foo.be/ > -- http://pgp.ael.be:11371/pks/lookup?op=get&search=0x44E6CBCD > -- "Knowledge can create problems, it is not through ignorance > -- that we can solve them" Isaac Asimov > > > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html