AT2k Design BBS Message Area
Casually read the BBS message area using an easy to use interface. Messages are categorized exactly like they are on the BBS. You may post new messages or reply to existing messages!

You are not logged in. Login here for full access privileges.

Previous Message | Next Message | Back to Slashdot  <--  <--- Return to Home Page
   Local Database  Slashdot   [2 / 112] RSS
 From   To   Subject   Date/Time 
Message   VRSS    All   What Happened After Google Retrofitted Memory Safety Onto Its C+   November 16, 2024
 10:40 PM   

Feed: Slashdot
Feed Link: https://slashdot.org/
---

Title: What Happened After Google Retrofitted Memory Safety Onto Its C++
Codebase?

Link: https://tech.slashdot.org/story/24/11/16/0630...

Google's transistion to Safe Coding and memory-safe languages "will take
multiple years," according to a post on Google's security blog. So "we're
also retrofitting secure-by-design principles to our existing C++ codebase
wherever possible," a process which includes "working towards bringing
spatial memory safety into as many of our C++ codebases as possible,
including Chrome and the monolithic codebase powering our services." We've
begun by enabling hardened libc++, which adds bounds checking to standard C++
data structures, eliminating a significant class of spatial safety bugs.
While C++ will not become fully memory-safe, these improvements reduce risk
as discussed in more detail in our perspective on memory safety, leading to
more reliable and secure software... It's also worth noting that similar
hardening is available in other C++ standard libraries, such as libstdc++.
Building on the successful deployment of hardened libc++ in Chrome in 2022,
we've now made it default across our server-side production systems. This
improves spatial memory safety across our services, including key performance-
critical components of products like Search, Gmail, Drive, YouTube, and
Maps... The performance impact of these changes was surprisingly low, despite
Google's modern C++ codebase making heavy use of libc++. Hardening libc++
resulted in an average 0.30% performance impact across our services (yes,
only a third of a percent) ... In just a few months since enabling hardened
libc++ by default, we've already seen benefits. Hardened libc++ has already
disrupted an internal red team exercise and would have prevented another one
that happened before we enabled hardening, demonstrating its effectiveness in
thwarting exploits. The safety checks have uncovered over 1,000 bugs, and
would prevent 1,000 to 2,000 new bugs yearly at our current rate of C++
development... The process of identifying and fixing bugs uncovered by
hardened libc++ led to a 30% reduction in our baseline segmentation fault
rate across production, indicating improved code reliability and quality.
Beyond crashes, the checks also caught errors that would have otherwise
manifested as unpredictable behavior or data corruption... Hardened libc++
enabled us to identify and fix multiple bugs that had been lurking in our
code for more than a decade. The checks transform many difficult-to-diagnose
memory corruptions into immediate and easily debuggable errors, saving
developers valuable time and effort. The post notes that they're also working
on "making it easier to interoperate with memory-safe languages. Migrating
our C++ to Safe Buffers shrinks the gap between the languages, which
simplifies interoperability and potentially even an eventual automated
translation."

Read more of this story at Slashdot.

---
VRSS v2.1.180528
  Show ANSI Codes | Hide BBCodes | Show Color Codes | Hide Encoding | Hide HTML Tags | Show Routing
Previous Message | Next Message | Back to Slashdot  <--  <--- Return to Home Page
VADV-PHP
Execution Time: 0.0145 seconds

If you experience any problems with this website or need help, contact the webmaster.
VADV-PHP Copyright © 2002-2024 Steve Winn, Aspect Technologies. All Rights Reserved.
Virtual Advanced Copyright © 1995-1997 Roland De Graaf.
 v2.1.241108