Conversation

5:06 PM · Feb 14, 2020Twitter Web App

Our fresh blog post on HWASAN in Android: android-developers.googleblog.com/2020/02/detect

Replying to

In a way, this is an early preview of what's to come with the ARMv8.5 Memory Tagging Extension (MTE) providing fully hardware-based support for memory tagging, rather than just stepping out of the way and allowing an efficient software implementation like Top Byte Ignore (TBI).

MTE should largely eliminate the remaining performance cost. It will also allow heap memory protection to be contained within allocators rather than needing to instrument regular code. More aggressive use for protecting stack allocations or stack frames would still require that.

Despite only being a probabilistic approximation, memory tagging is a huge step towards a full implementation of coarse (inter-object) bounds and temporal memory safety for C. Production deployment forces finding / fixing many latent memory corruption bugs being hit in practice.

ASan is far too unsuited for production usage or even most forms of development / testing. Even for projects making decent use of it, they're missing far too much and the bugs are rarely if ever treated as blockers since it's not what gets deployed in production. Needs to change.

For now, broadly deploying even very incomplete memory safety checks is infeasible. Real world software is filled with subtle memory corruption during regular use, not just when an attacker triggers edge cases. Projects deploying safety checks cannot fix all the world's software.