Secure Coding mailing list archives
Re: MISRA C
From: Crispin Cowan <crispin () immunix com>
Date: Fri, 02 Jan 2004 15:16:45 +0000
Steve Litt wrote: On Thursday 01 January 2004 01:56 pm, David Crocker wrote: [clip] Fine - if you can avoid using C, do so! For those who must use C, there is rarely any good reason to use pointer arithmetic anyway. Some of the best C++ developers do not even use arrays (they use classes from the standard template library instead). Fascinating! C++ without pointers or arrays, using the STL. I'm writing a book about Perl right now, but when I'm done perhaps I'll research the STL more thoroughly. Where would I find the Standard Template Library for the gcc that comes on Linux computers (I use Mandrake 9.0 and 9.2)? For safe(er) variants of the C language, check out: * CCured: Necula et al http://manju.cs.berkeley.edu/ccured/ * Cyclone: long list of people at AT&T Research and Cornell http://www.research.att.com/projects/cyclone/ These language variants have the advantage that they *cannot* express type-unsafe stuff. In contrast, using a C++ template merely encourages good practice, but there is nothing to prevent time-to-market pressure, or even a typo, from introducing a serious bug. Caveat: IIRC, only one of CCured and Cyclone is formally type safe, but I can't remember which one. And (pimping my products here :) if you must use an unsafe language, consider using run-time protection such as StackGuard <http://immunix.org/stackguard.html> and FormatGuard <http://immunix.org/formatguard.html> provided in Immunix <http://www.immunix.com/shop/>. Crispin -- Crispin Cowan, Ph.D. http://immunix.com/~crispin/ CTO, Immunix http://immunix.com Immunix 7.3 http://www.immunix.com/shop/
Current thread:
- RE: MISRA C (was: Industry support groups that foster secure/quality coding practices) David Crocker (Jan 01)
- Re: MISRA C (was: Industry support groups that foster secure/quality coding practices) Steve Litt (Jan 01)
- RE: MISRA C (was: Industry support groups that foster secure/quality coding practices) David Crocker (Jan 01)
- Re: MISRA C (was: Industry support groups that foster secure/quality coding practices) Steve Litt (Jan 01)
- RE: MISRA C (was: Industry support groups that foster secure/quality coding practices) David Crocker (Jan 02)
- Re: MISRA C Crispin Cowan (Jan 02)
- Re: MISRA C (was: Industry support groups that foster secure/quality coding practices) Brett Hutley (Jan 13)
- RE: MISRA C (was: Industry support groups that foster secure/quality coding practices) David Crocker (Jan 01)
- Re: MISRA C (was: Industry support groups that foster secure/quality coding practices) Steve Litt (Jan 01)
- RE: MISRA C (was: Industry support groups that foster secure/quality coding practices) ljknews (Jan 01)
- RE: MISRA C (was: Industry support groups that foster secure/quality coding practices) David Crocker (Jan 01)