-memory-safe C++
Memory safety issues are one of the most costly and common of software vulnerabilities. They were listed as 6 out of the 2021 CWE (Common Weakness Enumeration) Top 25, and account for 40% of the total points scored for all categories of the Most Dangerous Software Weaknesses listed. To combat this, we introduce a new compiler and runtime to enable building memory safe C++ and C applications. The binaries built with this new tooling require no modifications to source code and can find common memory safety issues such as buffer overflow, double free, use-after-free, new-delete type mismatch, and much more, at compile-time and runtime.
In this talk, we will present the new tooling and discuss how static analysis is key to early detection of program errors in the developer’s inner loop. Using concise examples, we will illustrate scenarios where static analysis can never completely prove memory safety for unaltered C++ or C. We demonstrate how our new tooling addresses memory safety with formal analysis that falls back to runtime checks when required for all safety guarantees. All runtime checks diagnose, report, and allow the application to continue.
Jim Radigan
Architect with over twenty years of experience shipping code gen. technology at Microsoft. Shipped C++ compilers, JIT’s, runtimes, and built large retail operating systems for initial release. Experience leading teams, recruiting, while implementing key technologies on the critical path. Implemented key compiler technology for SSA based global optimizations, vectorization, parallelization, coroutines, hot-patching, secure code gen, Asan, JIT’s and IDE functionality. Started and shipped: platforms on V1 hardware and created lasting cross-team processes to bring up Windows XP through Win 11 (for x86, X64, arm, arm64).