"If you want Rust-like promises then redbean can be compiled with ASAN memory safety. Cosmopolitan Libc has the only open source implementation of the Address Sanitizer runtime that's intended for production use. It causes redbean worker processes to crash and log a report should a bug like a buffer overrun, use-after-free, or stack smash occur. This has a marginal impact on performance. It can be useful in environments where interruptions in a service are more desirable than risking the system being compromised."
ASAN by itself cannot make those guarantees, from what I understand. Cosmopolitan would also have to make sure never to reuse virtual memory addresses for a start, and there’s actually even more to it than that. So, no, I’m not impressed by arbitrary claims like that. It’s such a bold claim. If it were true, Apple and Google would be adopting this ASAN implementation ASAP since they have tons of C and C++ code that would benefit from better safety at marginal performance cost.
In the mean time, if Redbean and Cosmopolitan want Rust-like promises of memory safety… they need to write it in Rust.
Uhm you realize Google invented ASAN? It's how they hunt for memory bugs in software like Chrome. If you love Rust, then we're actively working to port Rust to Cosmopolitan. https://github.com/ahgamut/rust-ape-example Rust in practice has `unsafe` code which needs something like ASAN to make it safer. In order to do that, you need a C library that has first-class support for ASAN where it isn't just an afterthought. I believe that in the future, Cosmopolitan Libc is going to help Rust be even more safe going forward.
I did specify “this ASAN implementation” with emphasis on the “this”, since it was presented higher in the thread as having marginal performance impact and excellent, rust-like safety. Google’s ASAN is not used on all production instances, last I heard, due to the large performance penalty. All sorts of memory safety issues slip past ASAN right now, especially when it is only used outside of production.
If ASAN were a silver bullet, C memory safety vulnerabilities would be a distant memory. They’re not. ASAN helps, but it isn’t enough.
From https://redbean.dev is this:
"If you want Rust-like promises then redbean can be compiled with ASAN memory safety. Cosmopolitan Libc has the only open source implementation of the Address Sanitizer runtime that's intended for production use. It causes redbean worker processes to crash and log a report should a bug like a buffer overrun, use-after-free, or stack smash occur. This has a marginal impact on performance. It can be useful in environments where interruptions in a service are more desirable than risking the system being compromised."
More at https://redbean.dev/#security