~mcf/cproc#17: Safety checks — sourcehut todo

~mcf/cproc#17:

Safety checks

I think some cool safety checks would be useful, I know I would appreciate them when building some network facing services.

Bounds checks (https://bellard.org/tcc/tcc-doc.html#Bounds)
Failing bounds checks, stack canary (probably qbe needed)
Undefined overflow checks

Status: REPORTED
Submitter: ~ach
Assigned to: No-one
Submitted: 6 years ago
Updated: 5 years ago
Labels: No labels applied.

~qcx 6 years ago

I would heavily prioritize memory-safety checks. Those are the ones responsible for serious vulnerabilities. An undefined overflow is only a problem when your compiler makes dumb assumptions about it not possibly happening; it could be the first step of an exploit but is likely followed by an unsafe memory access.

~vc 5 years ago

GCC and Clang have the options to use AddressSanitizer and UndefinedBehaviorSanitizer. Both of these act give useful diagnostic information when safety defined behavior checks are violated. It may be worth looking into optional linking of those libraries.

Register here or Log in to comment, or comment via email.