>the original homogeneous operations (__builtin_smull_overflow, etc) led to very substantial correctness bugs when users had to pick a single common type for the operation and add conversions.
Hi Stephen, thank you for bringing this to our attention. David Svoboda and I are now working to revise the proposal to add a supplemental proposal to support operations on heterogeneous types. We are leaning toward proposing a three-argument syntax, where the 3rd argument specifies the return type, like:
ckd_add(a, b, T)
where a and b are integer values and T is an integer type, in addition to the two-argument form
ckd_add(a, b)
(Or maybe the two-argument and three-argument forms should have different names, to make it easier to implement.)
Glad to hear it, looking forward to seeing what you come up with! The question becomes, once you have the heterogeneous operations, is there any reason to keep the others around (my experience is that they simply become a distraction / attractive nuisance, and we're better off without them, but there may be use cases I haven't thought of that justify their inclusion).
When David and I are done revising the proposal, we would like to send you a copy. If you would be interested in reviewing, can you please let us know how to get in touch with you? David and I can be reached at {svoboda,weklieber}
@ cert.org.
>once you have the heterogeneous operations, is there any reason to keep the others around
The two-argument form is shorter, but perhaps that isn't a strong enough reason to keep it. Also, requiring a redundant 3rd argument can provide an opportunity for mistakes to happen if it gets out of sync with the type of first two arguments.
As for the non-generic functions (e.g., ckd_int_add, ckd_ulong_add, etc.), we are considering removing them in favor of having only the generic function-like macros.
Software Engineering Institute (SEI) | Compiler Researcher | Pittsburgh, PA, USA | ONSITE
Our team is developing techniques for automatically repairing C source code to remove memory-safety vulnerabilities. The ultimate goal is to enable a proof of some or all aspects of memory safety of the repaired program. By repairing at the level of source code (as opposed to a compiler pass, like AddressSanitizer or SoftBound+CETS), the user isn’t tied to a particular build chain. Furthermore, although the goal is to as automatic as possible, nevertheless it is likely that the developer will need to manually tune performance-critical sections of the codebase, which is facilitated by doing the repair at the source-code level.
We are looking to hire someone with experience in static analysis, compiler development, or formal verification. The successful candidate will both work on advanced research projects and work directly with customers to help transition our research into practice. Candidates will be subject to a background check and must be eligible to obtain and maintain a Department of Defense security clearance.
If interested, please email your resume to me at weklieber+hiring@sei(DOT)cmu(DOT)edu.
We welcome applications for intern positions as well as full-time positions. I think we can do winter internships, but I'm not completely sure -- I'll check with HR to confirm. Thank you for your interest!
Software Engineering Institute (SEI) | Compiler Researcher | Pittsburgh, PA, USA | ONSITE
We are looking for someone familiar with compilers (particularly dataflow analysis or other forms of static analysis) to work on projects developing techniques for automatically repairing source code to remove certain common classes of vulnerabilities.
Software vulnerabilities constitute a major threat to many of our nation’s critical systems. The SEI is currently looking at improving software analysis and code repair technologies to eliminate security vulnerabilities much faster and at a much lower cost than current manual repair capabilities. We are improving the technologies by developing new techniques for analyzing and transforming code, in source code and intermediate representations.
The successful candidate will both work on advanced research projects and work directly with customers to help transition our research into practice. Candidates will be subject to a background check and must be eligible to obtain and maintain a Department of Defense security clearance.
Software Engineering Institute (SEI) | Compiler Researcher | Pittsburgh, PA, USA | ONSITE
We are looking for someone familiar with compilers (particularly dataflow analysis or other forms of static analysis) to work on projects developing techniques for automatically repairing source code to remove certain common classes of vulnerabilities.
Software vulnerabilities constitute a major threat to many of our nation’s critical systems. The SEI is currently looking at improving software analysis and code repair technologies to eliminate security vulnerabilities much faster and at a much lower cost than current manual repair capabilities. We are improving the technologies by developing new techniques for analyzing and transforming code, in source code and intermediate representations.
The successful candidate will both work on advanced research projects and work directly with customers to help transition our research into practice. Candidates will be subject to a background check and must be eligible to obtain and maintain a Department of Defense security clearance.
Software Engineering Institute (SEI) | Compiler Researcher | Pittsburgh, PA, USA | ONSITE
We are looking for someone familiar with compilers (particularly dataflow analysis or other forms of static analysis) to work on projects developing techniques for automatically repairing source code to remove certain common classes of vulnerabilities.
Software vulnerabilities constitute a major threat to many of our nation’s critical systems. The SEI is currently looking at improving software analysis and code repair technologies to eliminate security vulnerabilities much faster and at a much lower cost than current manual repair capabilities. We are improving the technologies by developing new techniques for analyzing and transforming code, in source code and intermediate representations.
The successful candidate will both work on advanced research projects and work directly with customers to help transition our research into practice. Candidates will be subject to a background check and must be eligible to obtain and maintain a Department of Defense security clearance.
Software Engineering Institute (SEI) | Compiler Researcher | Pittsburgh, PA, USA | ONSITE
We are looking for someone familiar with compilers (particularly dataflow analysis or other forms of static analysis) to work on projects developing techniques for automatically repairing source code to remove certain common classes of vulnerabilities.
Software vulnerabilities constitute a major threat to many of our nation’s critical systems. The SEI is currently looking at improving software analysis and code repair technologies to eliminate security vulnerabilities much faster and at a much lower cost than current manual repair capabilities. We are improving the technologies by developing new techniques for analyzing and transforming code, in source code and intermediate representations.
The successful candidate will both work on advanced research projects and work directly with customers to help transition our research into practice. Candidates will be subject to a background check and must be eligible to obtain and maintain a Department of Defense security clearance.
Hi Stephen, thank you for bringing this to our attention. David Svoboda and I are now working to revise the proposal to add a supplemental proposal to support operations on heterogeneous types. We are leaning toward proposing a three-argument syntax, where the 3rd argument specifies the return type, like:
where a and b are integer values and T is an integer type, in addition to the two-argument form (Or maybe the two-argument and three-argument forms should have different names, to make it easier to implement.)