Jump to page: 1 26  
Page
Thread overview
Google's take on memory safety
Mar 06
RazvanN
Mar 06
Sergey
Mar 06
RazvanN
Mar 06
Sergey
Mar 18
Dodobird
Mar 18
Dodobird
Mar 06
M. M.
Mar 06
M. M.
Mar 06
Sergey
Mar 07
aberba
Mar 07
Dom DiSc
Mar 07
DrDread
Mar 06
matheus
Mar 11
Martyn
Mar 12
dweldon
Mar 12
Martyn
Mar 08
Monkyyy
Mar 08
monkyyy
Mar 13
bachmeier
Mar 13
jmh530
Mar 13
bachmeier
Mar 18
Dodobird
Mar 16
harakim
Mar 11
Martyn
Mar 08
Dukc
Mar 08
monkyyy
Mar 08
monkyyy
Mar 07
Monkyyy
Mar 08
Marconi
March 06

I stumbled upon this. Here is the abstract:

"2022 marked the 50th anniversary of memory safety vulnerabilities, first reported by Anderson et al. Half a century later, we are still dealing with memory safety bugs despite substantial investments to improve memory unsafe languages. Like others', Google’s data and internal vulnerability research show that memory safety bugs are widespread and one of the leading causes of vulnerabilities in memory-unsafe codebases. Those vulnerabilities endanger end users, our industry, and the broader society. At Google, we have decades of experience addressing, at scale, large classes of vulnerabilities that were once similarly prevalent as memory safety issues. Based on this experience we expect that high assurance memory safety can only be achieved via a Secure-by-Design approach centered around comprehensive adoption of languages with rigorous memory safety guarantees. We see no realistic path for an evolution of C++ into a language with rigorous memory safety guarantees that include temporal safety. As a consequence, we are considering a gradual transition of C++ code at Google towards other languages that are memory safe. Given the large volume of pre-existing C++, we believe it is nonetheless necessary to improve the safety of C++ to the extent practicable. We are considering transitioning to a safer C++ subset, augmented with hardware security features like MTE."

Here is the full paper: https://storage.googleapis.com/gweb-research2023-media/pubtools/pdf/70477b1d77462cfffc909ca7d7d46d8f749d5642.pdf

RazvanN

March 06

On Wednesday, 6 March 2024 at 09:19:20 UTC, RazvanN wrote:

>

We see no realistic path for an evolution of C++

So the future of humanity is with JVM/Swift/Go/Rust?

March 06

On Wednesday, 6 March 2024 at 09:42:22 UTC, Sergey wrote:

>

On Wednesday, 6 March 2024 at 09:19:20 UTC, RazvanN wrote:

>

We see no realistic path for an evolution of C++

So the future of humanity is with JVM/Swift/Go/Rust?

Well, it might be D if we are able to convince people.

March 06

On Wednesday, 6 March 2024 at 10:46:48 UTC, RazvanN wrote:

> >

So the future of humanity is with JVM/Swift/Go/Rust?

Well, it might be D if we are able to convince people.

I think they are considering only popular languages

March 07
Temporal safety is something I am specifically interested in.

I don't think its going to be one solution, but a group of features that will work together.

Isolated, reference counting, locking, atomics will all play a role.

Right now my research needs to go into type state analysis, getting a design for that will enable us to support the more interesting logic.

That will also handle nullability of pointers too, so it has a lot of benefit.

Lastly, dmd-fe needs to get a major upgrade in its analysis of memory.

We need to be able to track what variables contribute towards the assignment (SSA) of another variable. Along with values (new ext.).

What variable contributes towards a function argument and the parameter it maps to.

I tried to start writing up some analysis of this at the end of semantic3 right before @live (to replace it). But ran into trouble at the AST level.

I really need a UML class diagram of the AST along with a way to dump the AST as XML (although an object diagram would be nice too).
I haven't tried writing a tool for that (class diagram of AST should auto-generate an image into PR), but I expect it'll be the same problem wrt. AST understanding.
March 06
On Wed, Mar 06, 2024 at 09:19:20AM +0000, RazvanN via Digitalmars-d wrote:
> I stumbled upon this. Here is the abstract:
> 
> "2022 marked the 50th anniversary of memory safety vulnerabilities, first reported by Anderson et al. Half a century later, we are still dealing with memory safety bugs despite substantial investments to improve memory unsafe languages. [...] We see no realistic path for an evolution of C++ into a language with rigorous memory safety guarantees that include temporal safety. As a consequence, we are considering a gradual transition of C++ code at Google towards other languages that are memory safe.
[...]

Called it. Since years ago. It's been clear then, and becoming even clearer now by the day, in today's landscape of bots that constantly scan the net for systems with memory vulnerabilities, that the days of memory-unsafe languages like C or C++ are numbered.  Software systems have developed to the point that manually managing memory just doesn't cut it anymore.  Systems have become too large, too complex, and memory issues have become intractibly difficult to handle manually.  It's time to let go of the illusion of total control over one's memory usage and make use of real solutions.  Like the GC. ;-)  Or any of the various automated memory management schemes.

Also, when is D gonna get @safe by default?!  Seriously, it's been years.  Why are we still stuck at the same old stalemate over something so irritatingly trivial like having extern(C) *not* default to @safe?! It should have been a 5-minute decision, yet at the rate things are going it will soon be a 5-year decision. If even that. Let's hope it's not going to be a 50-year decision(!). :-/


T

-- 
Making a boat out of stone would be a hardship.
March 06
On Wednesday, 6 March 2024 at 17:16:24 UTC, H. S. Teoh wrote:
> [...]
>
> Also, when is D gonna get @safe by default?!  Seriously, it's been years.  Why are we still stuck at the same old stalemate over something so irritatingly trivial like having extern(C) *not* default to @safe?! It should have been a 5-minute decision, yet at the rate things are going it will soon be a 5-year decision. If even that. Let's hope it's not going to be a 50-year decision(!). :-/

Yeah, with all these waves that the US government with their call for usage of safe programming languages, it would be nice to have had made @safe the default before this call came. Now, with the explicit call to not use C/C++, making extern(C) not @safe sounds like a no-brainer to me.
March 06
On Wednesday, 6 March 2024 at 17:16:24 UTC, H. S. Teoh wrote:
> On Wed, Mar 06, 2024 at 09:19:20AM +0000, RazvanN via Digitalmars-d wrote:
>> [...]
> [...]
>
> Called it. Since years ago. It's been clear then, and becoming even clearer now by the day, in today's landscape of bots that constantly scan the net for systems with memory vulnerabilities, that the days of memory-unsafe languages like C or C++ are numbered.  Software systems have developed to the point that manually managing memory just doesn't cut it anymore.  Systems have become too large, too complex, and memory issues have become intractibly difficult to handle manually.  It's time to let go of the illusion of total control over one's memory usage and make use of real solutions.  Like the GC. ;-)  Or any of the various automated memory management schemes.
>
> [...]

I wonder what Linus is thinking about all this bashing of C...
March 06
On Wed, Mar 06, 2024 at 06:51:47PM +0000, M. M. via Digitalmars-d wrote:
> On Wednesday, 6 March 2024 at 17:16:24 UTC, H. S. Teoh wrote:
> > On Wed, Mar 06, 2024 at 09:19:20AM +0000, RazvanN via Digitalmars-d wrote:
[...]
> > Called it. Since years ago. It's been clear then, and becoming even clearer now by the day, in today's landscape of bots that constantly scan the net for systems with memory vulnerabilities, that the days of memory-unsafe languages like C or C++ are numbered.  Software systems have developed to the point that manually managing memory just doesn't cut it anymore.  Systems have become too large, too complex, and memory issues have become intractibly difficult to handle manually.  It's time to let go of the illusion of total control over one's memory usage and make use of real solutions. Like the GC. ;-)  Or any of the various automated memory management schemes.
[...]
> I wonder what Linus is thinking about all this bashing of C...

Linus, being Linus, probably doesn't care. :-D  Well, he'd probably write a diatribe about why they're totally wrong, and then he'll just ignore them and keep doing whatever he's doing.

None of that stops the inevitable, though.  Memory-unsafe languages are on their way out. It may take another 20 years, or it may take 50 years, but make no mistake, their demise will come. That much is sure.


T

-- 
Not all rumours are as misleading as this one.
March 06
On Wednesday, 6 March 2024 at 19:13:26 UTC, H. S. Teoh wrote:
> languages are on their way out. It may take another 20 years, or it may take 50 years, but make no mistake, their demise will

Some CEOs expecting in 5 years nobody will need programming because of AI :)
And AI will be banned to use “unsafe” code :)
https://m.youtube.com/watch?v=r2npdV6tX1g

« First   ‹ Prev
1 2 3 4 5 6