
[tor-dev] Tor in a safer language: Network team update from Amsterdam - steveklabnik
https://lists.torproject.org/pipermail/tor-dev/2017-March/012088.html
======
nickpsecurity
Just make sure whatever it is allows you to know as much as possible at
compile time about memory locations and timing of operations. These are
necessary for finding covert channels. One of reasons I told people using
Freenet it couldnt be trusted is JVM might allow endless leaks. Also because
the JVM. ;)

Main contenders are MISRA-C w/ tons of static analysis, Ada/SPARK, SafeD, and
Rust. These are ones with plenty of tooling & libraries. Also double check
object code in case compiler screws it up. SPARK Pro has that built-in.
CompCert can eliminate need for it usually but expensive. Maybe just eyeball
it per file in compiler.

