|
|
|
|
|
|
by nickpsecurity
3531 days ago
|
|
|
re SAFEcode/Softbound. That's horrific vs the initial numbers. Good that they dug in to find most of it was in the bookkeeping. Work there might greatly reduce the overhead. That MPX is a Softbound-like scheme with hardware extensions for bookkeeping is already hopeful. Author needs to port it to MPX. Paper also mentions Ironclad C++. "SaferCPlusPlus just introduces a memory-safe subset of C++ as an option." True. This has at least basic benefit. " Namely, portability and, more importantly, dependency risk." What was the portability issue? "there is no risk to your project. It will continue to build properly, and the code won't be stuck with some idiosyncratic paradigm that will interfere with future coding strategies. " This would be a good selling point to enterprise customers or large FOSS projects that use C++. |
|
|
> What was the portability issue?
Oh, it was a long time ago that I investigated it and I don't remember the details very clearly, but for one, I needed a solution that supported Windows. Either it didn't support Windows, or its support for Windows was obsolete or something. I don't really remember. And iirc, it used assembly code and platform specific hacks to try to determine if an object was allocated on the stack or not. Yeah, I don't really remember the details, but it wasn't my intention to develop SaferCPlusPlus. If I could've gotten Ironclad to work for me, I probably would've been happy with that.
> This would be a good selling point to enterprise customers
Yeah, unfortunately I'm not selling anything, otherwise there would be marketing budget :)
[1] https://github.com/google/sanitizers/wiki/AddressSanitizerIn...