[SystemSafety] C for OSs
David MENTRÉ
David.MENTRE at bentobako.org
Sun Sep 8 10:39:30 CEST 2019
Hello,
Le 06/09/2019 à 15:34, Robert P. Schaefer a écrit :
> The problem is a contradiction in what you want to and how to go about doing it.
>
> For security, you have to write OS “kernel” code that controls hardware.
>
> For an OS to be “good”, your kernel code has to be small and fast.
>
> For reasons of hardware access, you need to write assembly language statements to control hardware,
>
> The only small fast language that supports embedding assembly by pragma is C, and C is inherently insecure.
>
> I’m willing to entertain the notion that I am wrong
I would say you are wrong, languages like SPARK and Rust are low-level
enough to write bare-metal level code but with enough features to ensure
at the same time safety and security.
As usual, the problem is more social than technical: people don't want
to change their habits, because they cannot due to external constraints,
or think they cannot due to external constraints.
As Olwen Morgan suggested, you can often resort to design system using
simple formalisms like automata or petri-nets. In that case, you have
option to use graphical tools like SCADE that will generate C code with
reasonable safety features. But again, you might have many issue to
convince people to use SCADE.
But I fully agree with quote from Tom van Vleck: simply banning C
language would probably help a lot to improve the situation. Of course,
it will never happen.
Best regards,
david
More information about the systemsafety
mailing list