2021-04-02 13:04:40
We had a really good conversation with @insert_reference_here in the comments for "Memory tagging" post here https://t.me/bortlog/81
And I think the arguments presented there are really compelling, but to some degree, they are based on the assumption that memory safety features based on type system and static analysis are essentially free.
But there are actual proofs that this is not true, and here is one of them:
As you may know, Microsoft is working on a C language extension that will bring memory safety features to it https://t.me/bortlog/23
They added 3 new pointer types, with a whole bunch on statical analysis, and at some points where it is not possible to prove safety staticaly, they add runtime null and bounds checks.
Microsoft Research team recently presented their results
and they showed the effects of the conversion of some C codebases to Checked C. On average, they change 18% of code during conversion, code size increases by 7%, and runtime overhead is almost 9%, and compile-time increased by 25%.
Of course, we can not draw any conclusions for only one research team work, but I'd say that it is safe to admit that in real-world examples, even type system and static analysis assisted memory safety is not free, and hardware support of some runtime checks with only <5% overhead is definitely needed.
704 viewsedited 10:04