frontpage.
newsnewestaskshowjobs

Made with ♥ by @iamnishanth

Open Source @Github

Open in hackernews

Evaluating the Effectiveness of Memory Safety Sanitizers

https://www.computer.org/csdl/proceedings-article/sp/2025/223600a088/21TfesaEHTy
38•signa11•2d ago

Comments

unpaydijk•9h ago
Looks interesting, but unfortunately the research paper is behind a paywall
signa11•6h ago
really sorry about that gaffe ! i had access, and the content was too interesting to not share.

as @osivertsson has kindly pointed out, may you please access that, and share your insights here ? thanks !

osivertsson•8h ago
Download possible without paywall from https://publica.fraunhofer.de/entities/publication/9d7783f8-...
rwmj•3h ago
Unfortunately that gives a 500 error when attempting to download the PDF (maybe the server is overloaded now?)
Ygg2•7h ago
Conclusion is scathing:

> The findings highlight significant variations in the theoretical detection capabilities of these techniques and reveal that, in practice, the implementations of most available sanitizers fall short of their conceptual potential. Furthermore, the evaluation demonstrates the complexities and diversity of memory bugs in C/C++, as well as the challenges associated with detecting them. For instance, our results show that SoftBound+CETS, a conceptually complete sanitizer, misses nearly a quarter of spatial memory bugs in its original implementation, while ASan, likely the most widely used memory sanitizer, cannot detect 50% of use-after-* bugs and any non-linear overflows and under- flows. Ultimately, our evaluation concludes that no sanitizer currently provides complete temporal or spatial memory safety

bgwalter•6h ago
If SoftBound+CETS has the best results, why does Fraunhofer not sponsor the creation of a Debian package?

It is unmaintained:

https://github.com/Fraunhofer-AISEC/softboundcets

lou1306•5h ago
Weird that Infer [1] was not included in the evaluation. It supports C/C++ and its underlying reasoning framework (Separation Logic [2]) is exactly geared towards checking memory safety.

[1] https://fbinfer.com/

[2] https://en.wikipedia.org/wiki/Separation_logic

UncleMeat•49m ago
Sanitizers are runtime tools, not static analysis tools.

Static analyzers are also virtually never sound as sound tools produce an outrageous number of false positives, especially when languages that so easily permit nonlocal mutation.

rwmj•3h ago
I wonder how true the assertion "This performance is partly achieved by sacrificing memory safety" is today. I suspect a sufficiently advanced compiler can remove bounds checks where they are provably unnecessary, and a sufficiently advanced CPU can run the remaining checks in parallel with the array accesses. But it'd be interesting if there's been any research on that.

(A sufficiently advanced programming language can avoid the entire issue by writing loops as map, fold, etc. but we're talking about C here.)

bluGill•3h ago
There are a few things that cannot be done as fast in rust, but those are rare to need in the real world. Most of the things rust cannot do are around sharing memory between threads with locks - Humans have a very hard time getting code that does this to work correctly and usually have race conditions because they analysed the problem wrong.
Someone•1h ago
> I suspect a sufficiently advanced compiler can remove bounds checks where they are provably unnecessary,

That’s true by definition, isn’t it?

> and a sufficiently advanced CPU can run the remaining checks in parallel with the array accesses.

But it still would slow down the program, as the CPU would have to commit resources to that bound checking that it then cannot use for doing other things.

ape4•1h ago
Seems like it should have "C/C++" in the title. Or maybe that's understood?
ben-schaaf•1h ago
Sanitizers aren't just for C/C++. Rust, go, D all have at least asan support.

Is Gemini 2.5 good at bounding boxes?

https://simedw.com/2025/07/10/gemini-bounding-boxes/
104•simedw•2h ago•18 comments

How to prove false statements: Practical attacks on Fiat-Shamir

https://www.quantamagazine.org/computer-scientists-figure-out-how-to-prove-lies-20250709/
149•nsoonhui•5h ago•98 comments

Optimizing a Math Expression Parser in Rust

https://rpallas.xyz/math-parser/
79•serial_dev•5h ago•40 comments

Show HN: Typeform was too expensive so I built my own forms

https://www.ikiform.com/
89•preetsuthar17•5h ago•55 comments

Mini robots detect and fix water pipe leaks without digging

https://www.foxnews.com/tech/mini-robots-detect-fix-water-pipe-leaks-without-digging
32•Bluestein•2d ago•23 comments

Thunderbird 140 “Eclipse”

https://blog.thunderbird.net/2025/07/welcome-to-thunderbird-140-eclipse/
205•TangerineDream•2d ago•123 comments

Automatically Packaging a Haskell Library as a Swift Binary XCFramework

https://alt-romes.github.io/posts/2025-07-05-packaging-a-haskell-library-as-a-swift-binary-xcframework.html
7•Bogdanp•2d ago•0 comments

MCP-B: A Protocol for AI Browser Automation

https://mcp-b.ai/
279•bustodisgusto•16h ago•146 comments

Author of William the Conqueror's 'Medieval Big Data' Project Revealed

https://www.ox.ac.uk/news/2025-07-02-author-william-conqueror-s-medieval-big-data-project-revealed
29•zeristor•3d ago•2 comments

Tree Borrows

https://plf.inf.ethz.ch/research/pldi25-tree-borrows.html
530•zdw•1d ago•136 comments

A Typology of Canadianisms

https://dchp.arts.ubc.ca/how-to-use
201•gnabgib•16h ago•228 comments

Show HN: MCP server for searching and downloading documents from Anna's Archive

https://github.com/iosifache/annas-mcp
204•iosifache•17h ago•65 comments

Show HN: FlopperZiro – A DIY open-source Flipper Zero clone

https://github.com/lraton/FlopperZiro
317•iraton•21h ago•67 comments

Biomni: A General-Purpose Biomedical AI Agent

https://github.com/snap-stanford/Biomni
205•GavCo•19h ago•30 comments

The Origin of the Research University

https://asteriskmag.com/issues/10/the-origin-of-the-research-university
106•Petiver•3d ago•22 comments

The jank programming language

https://jank-lang.org/
373•akkad33•3d ago•101 comments

Solar power has begun to transform the world’s energy system

https://www.newyorker.com/news/annals-of-a-warming-planet/46-billion-years-on-the-sun-is-having-a-moment
240•dmazin•1d ago•361 comments

Radiocarbon dating reveals Rapa Nui not as isolated as previously thought

https://phys.org/news/2025-06-radiocarbon-dating-reveals-rapa-nui.html
32•wglb•2d ago•0 comments

Linda Yaccarino is leaving X

https://www.nytimes.com/2025/07/09/technology/linda-yaccarino-x-steps-down.html
502•donohoe•23h ago•895 comments

The death of partying in the USA

https://www.derekthompson.org/p/the-death-of-partying-in-the-usaand
135•tysone•18h ago•228 comments

Koala: A benchmark suite for performance-oriented shell-optimization research

https://github.com/kbensh/koala
6•matt_d•2d ago•2 comments

Show HN: Petrichor – a free, open-source, offline music player for macOS

https://github.com/kushalpandya/Petrichor
164•kushalpandya•16h ago•84 comments

A fast 3D collision detection algorithm

https://cairno.substack.com/p/improvements-to-the-separating-axis
246•OlympicMarmoto•1d ago•29 comments

Bootstrapping a side project into a profitable seven-figure business

https://projectionlab.com/blog/we-reached-1m-arr-with-zero-funding
880•jonkuipers•2d ago•239 comments

Could a Paper Plane Thrown from the ISS Survive the Flight?

https://www.sciencealert.com/could-a-paper-plane-thrown-from-the-international-space-station-survive-the-flight
14•dxs•58m ago•6 comments

Archaeologists unveil 3,500-year-old city in Peru

https://www.bbc.co.uk/news/articles/c07dmx38kyeo
171•neversaydie•3d ago•61 comments

Show HN: BreakerMachines – Modern Circuit Breaker for Rails with Async Support

https://github.com/seuros/breaker_machines
36•seuros•4d ago•17 comments

Xenharmlib: A music theory library that supports non-western harmonic systems

https://xenharmlib.readthedocs.io/en/latest/
185•retooth•1d ago•18 comments

Evaluating the Effectiveness of Memory Safety Sanitizers

https://www.computer.org/csdl/proceedings-article/sp/2025/223600a088/21TfesaEHTy
38•signa11•2d ago•13 comments

Grok 4 Launch [video]

https://twitter.com/xai/status/1943158495588815072
307•meetpateltech•10h ago•308 comments