Objectives for the next year

Achim Gratz Stromeko at nexgo.de
Sun Jun 20 12:51:56 UTC 2021


MLewis via devel writes:
> Is it worthwhile improving the current C code to a 'hardened' programming standard?

It's always worth trying, but not as easy as it seems.  The fun with
standard is that there are so many to chose from.

> Example
> - Joint Strike Fighter standards https://www.stroustrup.com/JSF-AV-rules.pdf
> - NASA JPL standards https://andrewbanks.com/wp-content/uploads/2019/07/JPL_Coding_Standard_C.pdf
> - MISRA https://misra.org.uk/LinkClick.aspx?fileticket=vfArSqzP1d0%3d&tabid=57

https://wiki.sei.cmu.edu/confluence/display/c

> What effort would be required for 'hardening'?

You'd check a lot of the things that in other languages the compiler
would do and do it all over again when anything changes.  This is a good
strategy for things that can be exhaustively tested and never change
after implementation.

The only other successful strategy I've seen for C specifically is to
break down the functionality into the smallest possible parts (to
minimize the domain over which you need to ensure correctness) and use
the smalles possible set of external dependencies, then enforce that
these parts can only communicate in the way they were designed.
Wherever you get external input you'd also need to go to a zero-trust
architecture.  The one shining example of that I can point to is qmail
and even that had an RCE reported against it just last year (or again
after the same spot was reported and left unfixed since 2005).  In fact
that same sort of overflow error is/was present in other DJB software
when and if he thought that it was either impossible or at least highly
improbable (to the point of having no practicality) that anybody would
throw enough data at the program for the error to trigger.  It's a good
reminder that 20 years of Moores "law" pretty much obliterates all such
assumptions.


Regards,
Achim.
-- 
+<[Q+ Matrix-12 WAVE#46+305 Neuron microQkb Andromeda XTk Blofeld]>+

Waldorf MIDI Implementation & additional documentation:
http://Synth.Stromeko.net/Downloads.html#WaldorfDocs



More information about the devel mailing list