Vale's "Fearless FFI", for Memory Safety, Safer Dependencies, and Supply-Chain Attack Mitigation

submited by
Style Pass
2022-06-22 17:30:04

This is part of Vale's goal to be the safest native language. 0 Most languages compromise memory safety in some way which can lead to difficult bugs and security vulnerabilities.

Vale takes a big step forward here, by isolating unsafe and untrusted code and keeping it from undermining the safe code around it.

This page describes the proof-of-concept we have so far, plus the next steps. It involves some borderline-insane acrobatics with inline assembly, bitwise xor and rotate, and two simultaneous stacks. Buckle up!

If you're impressed with our track record so far and believe in the direction we're heading, please consider sponsoring us on GitHub! We can't do this without you, and we appreciate all the support you've shown.

Normally, when a safe language's code calls functions written in an unsafe language, any bugs in the unsafe language can cause problems in the safe language. For example:

This is called "leaky safety", and its bugs are very difficult to track down, because their symptoms manifest so far from their cause.

Leave a Comment
Related Posts