Had a bunch of thoughts about the recent safety stuff, way more than fit in social media post... Blog post story time! (It's a bit of a ramble, sorry about that...)
https://chandlerc.blog/posts/2024/11/story-time-bounds-checking/
2 posts total
Had a bunch of thoughts about the recent safety stuff, way more than fit in social media post... Blog post story time! (It's a bit of a ramble, sorry about that...) https://chandlerc.blog/posts/2024/11/story-time-bounds-checking/ Weird. So I had a strong suspicion that there was a useful correlation between line count and unique identifier count in source code. Specifically, that there would be some factor of the number of lines that would be a likely and reasonably tight upper bound for the number of unique identifiers. The distribution below it, as the number of samples grow, would look roughly normal. And, seems true! And the high probability upper bound? ** 1:1 ** Really didn't guess it would be exactly 1:1.... @chandlerc this aligns with my suspicion that we are all secretly forth programmers |
@chandlerc
It reminds me how many programming languages got a little bit faster when processors started using branch target prediction for dynamic jumps/calls, which weren't optimized earlier because they are rare in C code.
@chandlerc This seems very reasonable. In the dim past, I worked on "Omniware" (a low-level IR plus Software Fault Isolation) and we were surprised - even then - at how cheap adding more instructions to a basic block was. That's with 90s hardware - way less deep/wide than 2020s h/w, which should make 'instrumentation' costs even lower.
@chandlerc I completely agree with your conclusion. At the same time there is a lot of (proprietary) legacy code that will be used for years without anyone actively looking to improve its security. Are there efforts ongoing to make these and previous hardening options the defaults for C++ and C in the compilers?