market | past-systems | competition | team | intellectual-property | contact
Competition
Note that this problem of enforcing runtime constraints on software has a unique all-or-nothing quality to it: any solution that does not completely solve the problem fails to be even a stepping stone to a complete solution. Further, since the interface to the hardware is just the existing interface, no competition can obtain any lock-in. Therefore any such partial solutions will eventually simply be discarded in the face of a complete solution. In the 60 years of attempts to solve the problem, Dewdrop is the first complete solution.
Some attempts at competition follow.
ARM Memory Tagging Extension
ARM Memory Tagging Extension https://community.arm.com/developer/ip-products/processors/b/processors-ip-blog/posts/enhancing-memory-safety : has a tagged-memory system coming out which might detect memory safety violations but is just best-effort (provides no guarantee).
Dover Microsystems CoreGuard®
Dover Microsystems CoreGuard® https://www.dovermicrosystems.com : offers something even more heavyweight than ARM tagged memory, but in their ASPLOS paper they admit that their attempt at memory safety is also just best-effort (despite their more recent slides suggesting otherwise).
The University of Cambridge CHERI project
The University of Cambridge CHERI project https://www.cl.cam.ac.uk/research/security/ctsrd/cheri/ : while they solve the spatial bounds problem, they do not not solve the temporal bounds problem (use-after-free). CHERI also doubles the size of a pointer, which is very heavyweight.
Google’s opinion on CHERI sounds like what you say at an art show when you do not like the art but you do not want to insult the artist, saying "intriguing", "has … potential", and "remains an open question".
Google Security Engineering, 2024: "Secure by Design: Google’s Perspective on Memory Safety": https://research.google/pubs/secure-by-design-googles-perspective-on-memory-safety/
CHERI is an intriguing research project that has the potential to provide rigorous memory safety guarantees for legacy C++ code…. CHERI temporal safety guarantees rely on quarantining of deallocated memory, and sweeping revocation, and it remains an open question whether the runtime overhead will be acceptable for production workloads.
In contrast to CHERI, Dewdrop enforces both spatial and temporal bounds on heap and stack, even preventing use-after-free for stack objects (for stack objects < 128 bytes). Dewdrop also provides many other useful features which CHERI does not even attempt. Further, if Dewdrop were allowed to have the same size pointers at CHERI, we could do even better, including providing far more uses of an object before a stale pointer collection pass is required (one billion for a 128-bit Dewdrop vs one for CHERI).