The memory model of RISC-V is being formally verified, providing stronger guarantees than proprietary ISAs!
miniblog.
Related Posts
Here's a scary example from the tree-sitter-c bug tracker: before running the preprocessor, there's no guarantee that C code will parse!
(Typically it will I think, but no guarantees.)
Adding LLVM control flow integrity to make exploits harder is coming to Rust: https://rcvalle.com/docs/rust-cfi-design-doc.pdf
The primary use case is mixing C/C++ with Rust: you have weaker memory safety guarantees and hardening is still necessary. You don't want a partial Rust port to reduce security!
It's amazing that merging work at all.
It's a dumb textual transform that provides no guarantees that the code is even syntactically valid, let alone correct. The problem feels AI-complete.
I've seen bad resolutions of merge conflicts way more than bad automatic merges though.