this post was submitted on 17 Mar 2024
7 points (88.9% liked)
C++
1778 readers
1 users here now
The center for all discussion and news regarding C++.
Rules
- Respect instance rules.
- Don't be a jerk.
- Please keep all posts related to C++.
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Great article, though I would love to see a summary that breaks down the possible approaches and what the status of each is.
I'm quite interested in the research that adds runtime provenance info to pointers, so you store (for example) a region ID that lets you do bounds-checking on pointer arithmetic. It doesn't achieve Rust-level safety, but means buffer overflows can only get so far before they segfault.
I know there are many cases where ordinary code will cast mystery memory into a pointer, but in modern C++ these generally live in templated library code. If we introduce a Rust style "unsafe block" to disable compiler warnings on these, I think I could refactor most of the others out of the legacy code I maintain.
I don't know how many exploits this would prevent in practice though. I have no expertise there