Contributed by jose on from the more-robust-code dept.
The Berkeley project on CIL , a C intermediate language, looks very useful. One project from it, ccured , inserts checks in C code to improve type safety and buffer protection.
An additional project is cyclone , a "C dialect" which is typesafe. It isn't C, but darned close, and would require a massive rewrite of a lot of code to build properly. Plus it's i386 only (an OpenBSD port is in the works).
Lastly there was a proposal to add ProPolice support to the GCC 3.2 port , but it appearantly failed on several technical grounds. ProPolice is a set of additions to GCC to protect the stack from smashing. (Note that OpenBSD 3.2 ships with stack protection enabled on all platforms, and heap protection on several.)
While OpenBSD certainly wont move entirely to a solution like this, for low level code which has to be done to interface to hardware and cannot be done at an interpreted level, there are a growing number of options.
(Comments are closed)
By pravus () on
why doesn't everyone just use Java?
By Dom De Vitto () dom@devitto.com on mailto:dom@devitto.com
2) Because Java isn't as mature as C (or C++)
3) Because Java isn't just a different language, it totally different idioms.
4) Because anyway a bad programmer can write in any language, as can a good one.
I should know, I moderate comp.lang.c++.moderated....
Dom
PS. People who know think Perl or Python are better C replacements.
By Nils Kassube () lists@kassube.de on mailto:lists@kassube.de
It's so sad, that I have to laugh. There are a zillion languages more secure and more productive than C. Why spend time to fix buffer overflows when you can avoid them completely by using a decent language?