| ▲ | leoc 4 days ago | |||||||||||||
In memory-safety discussions it needs to be borne in mind that 'simply fix the hardware' is also a viable approach; or at least it's a lot more viable than it was or seemed to be a few decades ago https://en.wikipedia.org/wiki/Capability_Hardware_Enhanced_R... . Memory-safe BSD and applications running on real memory-safe RISC-V hardware apparently already exist, though obviously, yes, even in a best case existing architectures would not come close to being fully displaced for a long time. That said, I really hope the process isn't being further delayed by attempts to grub license money. | ||||||||||||||
| ▲ | comex 4 days ago | parent | next [-] | |||||||||||||
True. To be fair, CHERI guarantees only security, while borrow checking (when it works) guarantees both security and correctness. If you write to a freed pointer or out-of-bounds, CHERI guarantees that your write either crashes or lands somewhere harmless, rather than corrupting other data. But borrow checking guarantees you won't perform such writes in the first place. Yet while correctness may excite programmers, it's security that gets the decision makers' attention. At the end of the day, security is just much more impactful. We'll see if Morello ever makes its way to the types of CPUs used on phones and higher-performance devices. | ||||||||||||||
| ||||||||||||||
| ▲ | pjmlp 4 days ago | parent | prev | next [-] | |||||||||||||
Maybe it is because of Oracle's hate among the hacker community, however I always have to point out Solaris SPARC and Oracle Linux SPARC, have been shipping with ADI enabled since 2015, CHERI isn't the only option. https://docs.oracle.com/en/operating-systems/solaris/oracle-... | ||||||||||||||
| ▲ | astrange 4 days ago | parent | prev [-] | |||||||||||||
Secure hardware needs software cooperation to work - for instance to avoid type confusion you need to tag memory with types, but malloc() doesn't know the type of memory it's allocating. | ||||||||||||||