[cap-talk] Confessions of a C programmer

Bill Frantz frantz at pwpconsult.com
Sun Sep 20 20:51:24 PDT 2009 

We all know a long list of reasons why writing in memory-safe languages
produces safer, more reliable code than writing in memory-unsafe languages
such as C. So why do I, and others, continue to write in C?

My last major project was the web-key server for CapROS. Like most
real-world programming, it faced a deadline. What I needed from a language
was:

  Familarity - I learn languages slowly, and time spent learning a new one
  needs to be justified.

  Reliability - I don't want to spend time debugging the compiler and I
  really don't want to debug a code generator which changes the semantics
  of my program.

  Minimal environment - The compiler and runtime should not depend on
  anything but the non-privileged architecture of the hardware platform.
  All privileged instructions/system calls should come from library
  routines[1].

  Library routines for required subsystems - I needed a SSL/TLS
  implementation and ended up using OpenSSL, which is written in C. Being
  able to call C programs would cover a lot of this requirement.
  
  Support for the target platform(s).


The question is, what memory-safe languages even begin to meet these
requirements? BitC, which is designed for formal verification and low-level
system implementation might be a possibility. Are there any others? It
would be worth some effort to learn at least one of these languages and
help it grow up to have the reliability needed for deadline-driven work.

Cheers - Bill

[1] While GCC only generates user-mode instructions, the documentation does
not state which library calls generate system calls. This issue was
particularly difficult with OpenSSL, where I had to stub out a number of
library routines which issue system calls. To make it even more
interesting, these routines had slightly different names on the two
platforms (arm and x86).

-------------------------------------------------------------------------
Bill Frantz        | The first thing you need when  | Periwinkle
(408)356-8506      | using a perimeter defense is a | 16345 Englewood Ave
www.pwpconsult.com | perimeter.                     | Los Gatos, CA 95032

More information about the cap-talk mailing list