Story-time: C++, bounds checking, performance, and compilers
Recently, several of my colleagues at Google shared the story of how we are retrofitting spatial safety onto our monolithic C++ codebase: https://security.googleblog.com/2024/11/retrofitting-spatial-safety-to-hundreds.html I wanted to have a bit of story-time about some of the strange ways that all this came to be, at least as I remember things. There are some really interesting developments that led us here, and some important lessons to learn from that history. Do note that this is just my retrospective memory. It’s entirely possible I’m misremembering some of it (let me know if so!). It’s also limited to my perspective, and others may have seen very different aspects of things (please share!). ...