it's nice when someone over at hn gets it
read image description
ALT
19
141
989
Conversation
Replying to
I'm onboard with this comment if we expand "out of bounds" to encompass the temporal aspect as well
1
7
Replying to
I can't decide which is more fundamental. Which probably means they both are.
1
6
Temporal safety becomes increasingly difficult as software scales up and is much harder to resolve by following good practices. Bounds safety is easier to maintain, easier to automate deterministically via instrumentation and the issues are also largely tied to integer overflows.
1
2
If you start using automatic integer overflow checks for both signed and unsigned integers, it avoids tons of bounds-related vulnerabilities but only a few of the temporary safety ones. Bounds safety issues are almost always simple local issues if absurd things aren't being done.
Temporal issues tend to be quite complex and can be hard to understand and fix even once you've discovered the issue. It can be hard to understand and verify a patch for the issues too. Object lifetimes are way more complex than passing around the right length and checking it.
1
2
It can be hard to reason about integer overflow too but at least you can check for overflow locally. There's solid tooling including automated checks usable in production with the ability to mark operations as explicitly checked, unchecked or intended overflows with Clang/GCC.
1