Conversation

one of the most interesting things about this work is that it might be the gateway drug that finally leads to widespread deployment of real memory safety for C and C++

Quote Tweet

Kostya Serebryany

@kayseesee

Aug 3, 2019

Adopting the Arm Memory Tagging Extension in Android security.googleblog.com/2019/08/adopti

Replying to

I don't see how they have anything to do with real memory-safety. They're yet another, very good compared to past attempts, mechanism to catch a fairly large portion of memory errors.

Replying to

and

He's saying that it paves the way for a much more complete memory safety implementation for C by providing efficient probabilistic detection for most of the bugs (and deterministic detection for a decent subset). Latent memory corruption is pervasive but this will kill it off.

Replying to

and

It doesn't solve that a much more complete deterministic memory safety implementation for C will be very expensive. There are definitely use cases for tags beyond the obvious though. It provides a way of doing cheap 16 byte granularity guard pages and I can think of other uses.

8:37 PM · Aug 5, 2019Twitter Web App

Replying to

and

An additional barrier to a memory safety implementation for C is many undesirable things like some intra-object memory corruption are permitted. It's similar to how automatic integer overflow checking for C is rendered mostly useless for types smaller than int due to promotion.

Replying to

and

Android is using automatic integer overflow checking to harden an increasingly large portion of the OS, but especially the media code where it's almost completely deployed has extensive use of arithmetic on u16, etc. where it gets promoted, bypasses checks, and then truncated.

Show replies