Stories
Slash Boxes
Comments

SoylentNews is people

SoylentNews is powered by your submissions, so send in your scoop. Only 18 submissions in the queue.

Auditable Macros in C Code

posted by martyb on Saturday December 02 2017, @01:48PM   Printer-friendly
from the see-what-we-did-there? dept.

An Anonymous Coward writes:

https://www.cossacklabs.com/blog/macros-in-crypto-c-code.html

Like death and taxes, one thing that you can be sure of is that using C macros in a modern software project will cause a debate. While for some macros remain a convenient and efficient way of achieving particular programming goals, for others they are opaque, introduce the unnecessary risk of coding errors, and reduce readability.

The criticism of macros is particularly acute in the wider security community. Among Cossack Labs' engineers and the core Themis crypto library contributors there are people who previously worked on auditing cryptographic implementations of critical code. Their typical knee-jerk reaction to macros was always "kill it with fire and never use it again". Taking no sides, we would like to assess both pros and cons of using such dangerous things as macros in security code (as we faced the issue when developing Themis) and suggest some techniques for lowering the accompanying risks.

We'll also discuss a custom "for-audit" build target for Themis designed specifically to generate source code that exposes the macros to inspection because we appreciate the need for security software to be subject to detailed source code scrutiny.

Original Submission

 
This discussion has been archived. No new comments can be posted.
Auditable Macros in C Code | Log In/Create an Account | Top | 39 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 3, Insightful) by fyngyrz on Saturday December 02 2017, @11:07PM (1 child)

    by fyngyrz (6567) on Saturday December 02 2017, @11:07PM (#604449) Journal

    it's an easy mistake to make.

    Not if you're actually competent with c, it isn't.

    The argument you're making is essentially "cripple the language (or the use of it) to safety-net incompetent practitioners."

    My argument is: Indulge in some self-improvement. If you don't have a good grasp of how to properly write a c macro, then either don't write them, or go improve your competence with them (seriously, WTF are you, or your employees, doing writing production c code if you don't understand the preprocessor???). For organizations / businesses, pick people with better skillsets (and stop triaging employment by irrelevant crap... it's skill you actually need, so start looking at that, and only that.)

    TL;DR: It's not the c macro system. It's incompetent practitioners.

    Starting Score:    1  point
    Moderation   +1  
       Insightful=1, Total=1
    Extra 'Insightful' Modifier   0  
    Karma-Bonus Modifier   +1  
    Total Score:   3  

  • (Score: 2) by coolgopher on Sunday December 03 2017, @12:32AM

    by coolgopher (1157) on Sunday December 03 2017, @12:32AM (#604483)

    While I agree with you in broad strokes, the C macros are very clunky and don't fit into the language particularly well for anything remotely advanced. Then again, in many ways it's its lack of knowledge of C that makes it powerful - you can run rough-shod over all manner of things (not that you should, in 99% of cases, of course).