[cryptography] To Virtualise or Not?

James A. Donald jamesd at echeque.com
Wed Feb 22 19:16:32 EST 2012

On 2012-02-23 9:07 AM, ianG wrote:
> Um. I feel exactly the reverse. I feel uncomfortable with crypto code
> written in languages that guarantee buffer overflows, stack busting
> attacks, loose semantics at data and calling levels, a 5 x developer
> penalty, and an obsession about the metal not the customer.

Language wars are off topic, but ...

They had this debate at google, wherein they discovered that good java 
developers could not reliably estimate the way in which java code 
scaled, but that good C++ programmers could reliably estimate the way in 
which C++ code scaled.  Since incorrect scaling behavior can bring 
google to its knees ...

My C++ code does not have buffer overflows, nor does it ever store 
potentially hostile data of unlimited size, nor does it ever casually 
impose types on void pointers

As for the customer, whenever you want to install something other than a 
program developed in C or C++ on a multitude of different customers with 
a multitude of different computers, install hell ensues.

The five times or ten times developer speed advantage of garbage 
collected languages is true of write only code.  As the amount of 
maintenance increases relative to the initial write time, this developer 
time advantage disappears.

My experience is that whipping up initial prototypes, or one off 
quickies, or scripts to process a great pile of text, goes about ten 
times faster in a garbage collected language than in C or C++, but then 
as the program gets larger and more professional, problems ensue.

For larger programs, I doubt that there is any developer penalty: 
garbage collected languages get memory leaks also, typically in the form 
of obscure and complex data structures which grow without limit when 
they are not supposed to, which problems when they occur are harder to 
track down than in C++ where garbage collection is under manual control.

The primary developer advantage of garbage collected languages is 
garbage collection, which these days is supported by C++, the 
disadvantage of C++ garbage collection being that automatic garbage 
collection in C++ is not all that automatic. It is yet another optional 
thing that has to be managed, which disadvantage is however 
approximately independent of program size - the larger the program, the 
smaller the relative overhead of manually specifying how and when 
allocated data is to be automatically freed, and the more time one 
spends maintaining the program, rather than the write only program 
development characteristic of software developed in garbage collected 
languages, the greater the benefit, and the less the cost, of explicitly 
specifying the memory type and lifetime of data.

More information about the cryptography mailing list