Originally posted by ryao
View Post
Originally posted by ryao
View Post
It's not a silver bullet but it is a good default behavior, having abort by default is better than having a memory corruption.
You can do the same in Rust using the `get` API I listed https://doc.rust-lang.org/std/primit...tml#method.get and then easily recover from that.
Sadly, it just occurs that there are a lot of memory bugs that will silently corrupt the program without terminating it.
It occurs in iOS 16.4 recently, occurs a lot before.
And it's even harder to catch that in kernel at runtime.
Apple actually does a lot inside kernel, by separating control data allocation from pure data, and splitting allocation pool for different types.
Originally posted by ryao
View Post
Are you referring to this program https://gpsd.gitlab.io/gpsd/ ?
If it crashes, why don't you just restart it, same as any other program?
Even Google Map can crash frequently, I don't see anybody directly killing by its crashes.
It's running as a client for GPS on the mobile phone and other devices, not some critical services running on the satelite.
Originally posted by ryao
View Post
Can you elaborate on what static analysis that can eliminate all memory bugs inside selected pieces of code (excluding "unsafe" code, like inline assembly, implementation of list, vec, etc), I really want to look into that, thank you.
Originally posted by ryao
View Post
Nobody can bear the cost of running C with sanitizers in release build.
Originally posted by ryao
View Post
Originally posted by ryao
View Post
That is just not impossible.
How do you prove inline assembly to be safe?
How do you prove syscalls to be safe?
And how do you write code that can handle any runtime condition?
That's simply not possible, at one time or another it will end up aborting because the whole program is broken beyond repair.
For a static analyzers to verify C code, it will have to go through all code path because C code provides no lifetime annotation (information).
Thus, it has to do the same thing as sanitizer (miri) by emulating through all code and it also has to go through all paths.
That will take really long for anything really large, such as system for avation, not to mention its feasibility.
Leave a comment: