Chandler Carruth @chandlerc1024

Software, performance, optimization, programming languages, security, open source, #CarbonLang lead, #LLVM, #Clang, C++. 🏳️‍🌈 he / they

 San Jose, CA
chandlerc.blog/
Joined November 2011
FYI: I'm not engaging on Twitter. It's leadership is undermining saftey and enabling hateful content targeting my 🏳️‍🌈 and 🏳️‍⚧️ friends (among others). But I still want to reach people here, so will be posting basic updates w/ links off-site for discussion. hachyderm.io/@chandlerc

Chandler Carruth (@chandlerc@hachyderm.io)

1.87K Posts, 191 Following, 2.02K Followers · Software, performance, optimization, programming languages, security, open source, #CarbonLang lead, #LLVM, #Clang, C++. 🏳️‍🌈 http://pronoun.is/he or...

hachyderm.io
1
49
Thoughts on predictors.fail/ over where I regularly post: hachyderm.io/@chandlerc/1139… (Reminder, I'm not active here, find me on hachyderm or bsky)

Chandler Carruth (@chandlerc@hachyderm.io)

The gift that keeps on giving: https://predictors.fail/ This is IMO a great example of why **process isolation is the only path to confidentiality on modern CPUs**. Site- (or origin-) process...

hachyderm.io
1
8
Really excited about what the team has accomplished here! Also, the post shares some really fun details of hardened libc++, huge credit to the #Clang, #LLVM, and libc++ community!
Alex Rebert @ayper
15 Nov 2024
Excited to share our latest post on memory safety! We're tackling spatial safety in our massive C++ codebase by hardening libc++ *by default*. It adds bounds checks to things like std::vector, preventing a fair bit of out-of-bounds vulnerabilities: security.googleblog.com/2024…
4
32
Replying to @static_assert_0
Basically. There may be some differences, but id generally expect us to have a borrow checker or something equivalent.
1
1
Replying to @JAldrichPL
If it works, much more comprehensive, integrated, and incremental interop and even automated migration where possible.
4
Replying to @static_assert_0
Carbon is still early stages, but we're aiming to have a similar level of safety to Rust or Swift long term.
1
4
Chandler Carruth retweeted
Alex Rebert @ayper
15 Oct 2024
Excited to share Google's memory safety strategy! We're working to build safer software by migrating to memory-safe languages like Rust as well as hardening our existing C++: security.googleblog.com/2024…. We'll be sharing more details in upcoming posts.

Safer with Google: Advancing Memory Safety

Posted by Alex Rebert, Security Foundations, and Chandler Carruth, Jen Engel, Andy Qin, Core Developers Error-prone interactions between ...

security.googleblog.com
3
72
2
237
Proud to start sharing Google's strategy for tackling our remaining memory safety challenges: security.googleblog.com/2024… High level, but it outlines the long-term strategy. We'll be sharing more detailed posts in this series. #CPlusPlus #RustLang #CarbonLang

Safer with Google: Advancing Memory Safety

Posted by Alex Rebert, Security Foundations, and Chandler Carruth, Jen Engel, Andy Qin, Core Developers Error-prone interactions between ...

security.googleblog.com
6
12
69
Replying to @ocornut
Yes, ASan and other sanitizers will complain. You could also get unlucky and have mapped memory end. For example, with a string view of an exact page-sized string, but where it was shrunk to zero length at the end, you could easily have the one byte be on an unmapped page.
1
15
Amazing update to one of my favorite stories about memory safety from Android folks: security.googleblog.com/2024… Degree to which memory safe languages reduces this category of exploitation, and lower the aggregate exploit severity of a product is remarkable. hachyderm.io/@chandlerc/1131…

Eliminating Memory Safety Vulnerabilities at the Source

Posted by Jeff Vander Stoep - Android team, and Alex Rebert - Security Foundations Memory safety vulnerabilities remain a pervasive threa...

security.googleblog.com
3
18
And the fourth amazing edition of the Carbon Copy, your newsletter for #CarbonLang, is out! github.com/carbon-language/c…

Carbon Copy Newsletter No.4 · carbon-language carbon-lang · Discussion #4273

Carbon Copy, September 2024 Here is the new Carbon Copy, your periodic update on the Carbon language! Carbon Copy is designed for those people who want a high-level view of what's happening on ...

github.com
2
22
Chandler Carruth retweeted
Tavis Ormandy
 @taviso
20 Jul 2024
This strange tweet got >25k retweets. The author sounds confident, and he uses lots of hex and jargon. There are red flags though... like what's up with the DEI stuff, and who says "stack trace dump"? Let's take a closer look... 🧵1/n
250
3,134
495
15,650
Replying to @__phantomderp
TBH, few of your, or anyone elses PL tweets go as hard as this. +100, well said.
2
Hot off the virtual presses is the 3rd edition of the Carbon Copy!! =D I'm particularly excited about this one as it digs in a bit deeper into some meaty bits of the language design. github.com/carbon-language/c… #CarbonLang

Carbon Copy Newsletter No.3 · carbon-language carbon-lang · Discussion #4068

Carbon Copy, June 2024 Here is the new Carbon Copy, your periodic update on the Carbon language! Carbon Copy is designed for those people who want a high-level view of what's happening on the p...

github.com
1
2
20
Replying to @joseph_h_garvin
Yeah, adding it afterward makes things harder, no doubt. But we need to figure out how because we're starting with C++ which is already deeply unsafe, and interop is essential. So harder, but not avoidable IMO. We have some good ideas tho, including making it a bit less painful
2
Replying to @joseph_h_garvin
Carbon will definitely try to get to rigorous memory safety. We're just starting with the C++ (thus unsafe) interoperable layer. We will then build up the safe end state and all the bridging needed to get there incrementally. It's a sequencing thing, not lack of a goal.
1
12
Replying to @joseph_h_garvin
We definition check variadics with symbolic arity. This also lets us definition check the variadic's arity being valid in all uses of the pack, etc. The CppNow talk about this should be posted soon, and the proposal for it is under active work: github.com/carbon-language/c…

Proposal: Variadics by geoffromer · Pull Request #2240 · carbon-language/carbon-lang

Proposes a set of core features for declaring and implementing generic variadic functions. A "pack expansion" is a syntactic unit beginning with ..., which is a kind of compile-ti...

github.com
1
1
Replying to @FioraAeterna
Oh yeah....
Implementation defined: eel.is/c++draft/expr.call#6.…
2
There are calling conventions that do callee-destruction of by-value parameters, which would make returning a reference to them dangle.
1
Chandler Carruth retweeted
Alex Bradbury @asbradbury
12 May 2024
New blog post: Notes from the Carbon panel session at EuroLLVM 2024. muxup.com/2024q2/notes-from-…

Notes from the Carbon panel session at EuroLLVM 2024

Why I enjoy following Carbon development and what I learned from the panel session about it at EuroLLVM this year

muxup.com
6
20
Load more