Conversation

one of the most interesting things about this work is that it might be the gateway drug that finally leads to widespread deployment of real memory safety for C and C++

Quote Tweet

Kostya Serebryany

@kayseesee

Aug 3, 2019

Adopting the Arm Memory Tagging Extension in Android security.googleblog.com/2019/08/adopti

Replying to

I don't see how they have anything to do with real memory-safety. They're yet another, very good compared to past attempts, mechanism to catch a fairly large portion of memory errors.

Replying to

and

He's saying that it paves the way for a much more complete memory safety implementation for C by providing efficient probabilistic detection for most of the bugs (and deterministic detection for a decent subset). Latent memory corruption is pervasive but this will kill it off.

8:36 PM · Aug 5, 2019Twitter Web App

Replying to

and

but also some of the non-performance pain points that happen when adopting memory safety will get fixed, lowering the barrier that much more

Replying to

and

I'm sceptical. My hasty first take: a key problem with naïve implementations of memory safety boil down to not caring about types (e.g. ignoring pointer casts). Painting memory a {small, fixed} number of colours can only model types approximately -- i.e. unsafely, if compatibly.

Show replies

Replying to

and

It doesn't solve that a much more complete deterministic memory safety implementation for C will be very expensive. There are definitely use cases for tags beyond the obvious though. It provides a way of doing cheap 16 byte granularity guard pages and I can think of other uses.

Replying to

and

An additional barrier to a memory safety implementation for C is many undesirable things like some intra-object memory corruption are permitted. It's similar to how automatic integer overflow checking for C is rendered mostly useless for types smaller than int due to promotion.

Show replies