Home > On-Demand Archives > Microtalks >
Memory Safety Dance
Tim Guite - Watch Now - EOC 2025 - Duration: 09:57

Accidents with memory are a well-known problem in the world of embedded systems. Now, they have entered the mainstream, with documents produced by the White House, NSA, and international cybersecurity organizations highlighting the threats posed by memory safety bugs. In the next few years, regulations will put increasing focus on these issues. So, what can we do?
In this talk, I will focus on the leading options for addressing memory safety:
- Tools for static analysis and fuzzing
- Memory-safe languages
- New hardware architectures (such as CHERI)
Thanks Prabo, glad you enjoyed it!
My first job used a MSL, Ada 83, long since forgotten. I started using memory safe "_s" functions like strncpy_s, memcpy_s etc *. A breakpoint or log entry in the abort handler is a great way to find and fix memory problems. I also overload new and delete to trap return codes for any failures immediately, before the rest of the application carries on and falls over sometime later.
Hi Simon, yes Ada is one of the parts I had to leave out, mainly due to its niche usage. However, I think it has a lot of great ideas which still have not been fully integrated into modern programming languages. I would endorse using the "_s" functions and other, safer functions such as ".at" as part of a coding guidelines / requirements. The hard part is enforcing this across a large codebase and team!
🦀🦀🦀
🦀🦀🦀
Very nice micro-talk treatment of an important topic that is the root of many hard-to-kill bugs. Thanks you.
Thanks DS, not only are memory safety bugs hard to kill, they are also extremely dangerous! It has been interesting to see interest in this topic grow over the past few years with different mitigation strategies now becoming available. Hopefully this talk will help people to remember how to address memory safety in their own projects!
5 stars for the intro
Thanks Tommy, it was quite fun making it!
Short and quick with the rest of the information in the slides. I love it!!!
Thanks MO, that's what I was going for!
Thanks Tim for an entertaining presentation on a very relevant topic.
Very interesting the approach offered by CHERI, sounds like will be helping addressing the 'S' in IoT. HW compartmentalisation + Rust, pretty good combo to be excited about...
Thanks Raul! The CHERI/CHERIoT initiative has a lot of potential. Perhaps in the future it will be everywhere and we will wonder how we ever managed without it!
I hope you enjoyed this talk :) There are a lot of details and references in the slides so please check those out!
Very nice talk Tim!