[erlang-questions] Erlang VM in Rust

ok <>
Sat Sep 23 09:09:19 CEST 2017


> Joe you are still ignoring the elephant in the room that C is a
> memory-unsafe programming language and that you are suggesting putting it
> in IoT stuff. That's a security disaster waiting to happen.

These days I am getting a little confused about what "IoT" actually
means.  I thought it was lots of small devices, but the last couple
of talks I've view seem to take it as synonymous with the cloud.
Let's go with the first definition: talking teddy bears, internet-
connected lightbulbs, sensors using MPS430 CPUs and the like.

All the "IoT" operating systems I know of are written in C
(like Zephyr and RIOT) or C++ (like mbed OS).  Putting C in
IoT stuff is not a new suggestion.  (Nor is the claim that
it's the internet of insecure things new (:-).)

Joe was explicitly talking about much as much as practically
possible to Erlang, reducing the amount of C to perhaps just
the emulator.  C was originally designed for small systems
(MPS430 size, in fact) where it was possible for one person
to read all the code carefully in a reasonable time.

I note that there are a number of tools to dramatically
improve the reliability of C programs.  For just one
example, there is the "Memory-Safe C compiler".
http://www.seclab.cs.sunysb.edu/mscc/
(It's remarkable how many let's-make-C-better tools have
been developed in CAML.)

There's even a memory safety checker nesCheck for the
nesC C-like language used with TinyOS.
https://nebelwelt.net/publications/files/17AsiaCCS2.pdf

I could sit here all night citing papers about static
and dynamic checkers and verifiers for C.  "In C" and
"in a memory-safe language" do NOT have to be exclusive
alternatives.





More information about the erlang-questions mailing list