On Wednesday, 11 January 2023 at 09:52:23 UTC, Walter Bright
wrote:
By the way, back in the 80's, I wrote my own pointer checker
for my own use developing C code. It was immensely useful in
flushing bugs out of my code. There are vestiges of it still in
the dmd source code.
But it ran very ssssslllllooooooowwwwwwlllllyyyyy, and was not
usable for shipped code.
A lot of very capable engineers have working on this problem C
has for many decades. If it was solvable, they would have
solved it by now.
It is kind of "solved", by turning all computers into C machines,
Solaris under SPARC ADI,
https://docs.oracle.com/cd/E53394_01/html/E54815/gqajs.html
Android with MTE,
https://source.android.com/docs/security/test/memory-safety/arm-mte
iOS with XP,
https://developer.apple.com/documentation/security/preparing_your_app_to_work_with_pointer_authentication
FreeBSD with CHERI,
https://www.cheribsd.org/
Intel messed up their MPX design, but certainly won't want to be
left behind.
Basically acknowledging that only having bounds and pointer
checking via hardware memory tagging will fix C derived issues,
and all mitigations thus far have failed one way or the other.