Home > On-Demand Archives > Microtalks >

Memory Safety Dance

Tim Guite - Watch Now - EOC 2025 - Duration: 09:57

Memory Safety Dance
Tim Guite

Get Your Pass Today!

Accidents with memory are a well-known problem in the world of embedded systems. Now, they have entered the mainstream, with documents produced by the White House, NSA, and international cybersecurity organizations highlighting the threats posed by memory safety bugs. In the next few years, regulations will put increasing focus on these issues. So, what can we do?

In this talk, I will focus on the leading options for addressing memory safety:

  • Tools for static analysis and fuzzing
  • Memory-safe languages
  • New hardware architectures (such as CHERI)
M↓ MARKDOWN HELP
italicssurround text with 
*asterisks*
boldsurround text with 
**two asterisks**
hyperlink
[hyperlink](https://example.com)
or just a bare URL
code
surround text with 
`backticks`
strikethroughsurround text with 
~~two tilde characters~~
quote
prefix with 
>
Prabo
Score: 1 | 2 weeks ago | 1 reply

Very nice talk Tim!

TimGuiteSpeaker
Score: 0 | 2 weeks ago | no reply

Thanks Prabo, glad you enjoyed it!
SimonSmith
Score: 1 | 2 weeks ago | 1 reply

My first job used a MSL, Ada 83, long since forgotten. I started using memory safe "_s" functions like strncpy_s, memcpy_s etc *. A breakpoint or log entry in the abort handler is a great way to find and fix memory problems. I also overload new and delete to trap return codes for any failures immediately, before the rest of the application carries on and falls over sometime later.

TimGuiteSpeaker
Score: 1 | 2 weeks ago | no reply

Hi Simon, yes Ada is one of the parts I had to leave out, mainly due to its niche usage. However, I think it has a lot of great ideas which still have not been fully integrated into modern programming languages. I would endorse using the "_s" functions and other, safer functions such as ".at" as part of a coding guidelines / requirements. The hard part is enforcing this across a large codebase and team!
Rust
Score: 1 | 3 weeks ago | 1 reply

🦀🦀🦀

TimGuiteSpeaker
Score: 0 | 3 weeks ago | no reply

🦀🦀🦀
DS
Score: 0 | 3 weeks ago | 1 reply

Very nice micro-talk treatment of an important topic that is the root of many hard-to-kill bugs. Thanks you.

TimGuiteSpeaker
Score: 0 | 3 weeks ago | no reply

Thanks DS, not only are memory safety bugs hard to kill, they are also extremely dangerous! It has been interesting to see interest in this topic grow over the past few years with different mitigation strategies now becoming available. Hopefully this talk will help people to remember how to address memory safety in their own projects!
Tommy
Score: 1 | 3 weeks ago | 1 reply

5 stars for the intro

TimGuiteSpeaker
Score: 0 | 3 weeks ago | no reply

Thanks Tommy, it was quite fun making it!
MO
Score: 1 | 3 weeks ago | 1 reply

Short and quick with the rest of the information in the slides. I love it!!!

TimGuiteSpeaker
Score: 0 | 3 weeks ago | no reply

Thanks MO, that's what I was going for!
RaulPando
Score: 1 | 3 weeks ago | 1 reply

Thanks Tim for an entertaining presentation on a very relevant topic.
Very interesting the approach offered by CHERI, sounds like will be helping addressing the 'S' in IoT. HW compartmentalisation + Rust, pretty good combo to be excited about...

TimGuiteSpeaker
Score: 0 | 3 weeks ago | no reply

Thanks Raul! The CHERI/CHERIoT initiative has a lot of potential. Perhaps in the future it will be everywhere and we will wonder how we ever managed without it!
TimGuiteSpeaker
Score: 0 | 3 weeks ago | no reply

I hope you enjoyed this talk :) There are a lot of details and references in the slides so please check those out!

OUR SPONSORS & PARTNERS