[pjmlp]

Interesting idea, although given the demotion into optional feature in C11, it isn't necessarly portable.

Also doesn't cover all the string and memory buffer manipulations.

SAL and Frama-C are the bare minimum for security in C code.

[e4m2]

Frama-C as a bare minimum is a pipe dream.

It's a nice thought, don't get me wrong, but it's hard enough to convince people to add `-fsanitize=...` to their compiler flags. An entire separate static analysis tool with its own learning curve (and its own set of idiosyncrasies) doesn't really qualify for "bare minimum" IMO.

[pjmlp]

Thankfully the ongoing cybersecurity laws will change that mindset.

[tptacek]

No, I don't think they will.

[pjmlp]

You will be surprised.

https://www.eff.org/deeplinks/2023/05/eus-proposed-cyber-res...

[tptacek]

None of this is going to meaningfully impact C/C++ software. If it comes to pass at all, it'll be used at the margins to replace more C code with Rust.

[pjmlp]

It only needs to have money attached to code fixes.

The problem with developers that don't do consulting is that they have no idea how each hour of their work relates to product development costs.

In Germany, services companies are already required to provide security fixes free of charge and warranties.

Someone has to pay those hours.

It is no accident that Google, Apple, Microsoft always mention increasing costs with bug fixes, when pushing for writing new code in safer languages.

[uecker]

We will see. In a regulatory context, "the implementation is the spec" usually does not convince.

[uecker]

We will make VM-types, i.e. pointers to VLAs, mandatory in C23.

[kovac]

What is SAL?

[hgs3]

Source-code annotation language (SAL) [1].

[1] https://learn.microsoft.com/en-us/cpp/code-quality/understan...

[pjmlp]

Besides the sibling comment, SAL was born out of the security efforts to fix Windows XP that ended up with the release of Windows XP SP2.