Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

WIP PROOF-OF-CONCEPT: experiment with very strict pointer provenance #95199

Closed
wants to merge 10 commits into from
Closed

WIP PROOF-OF-CONCEPT: experiment with very strict pointer provenance #95199

wants to merge 10 commits into from

Commits on Mar 22, 2022

  1. WIP PROOF-OF-CONCEPT: experiment with very strict pointer provenance 

    This patch series examines the question: how bad would it be if we adopted
an extremely strict pointer provenance model that completely banished all
int<->ptr casts.

The key insight to making this approach even *vaguely* pallatable is the

ptr.with_addr(addr) -> ptr

function, which takes a pointer and an address and creates a new pointer
with that address and the provenance of the input pointer. In this way
the "chain of custody" is completely and dynamically restored, making the
model suitable even for dynamic checkers like CHERI and Miri.

This is not a formal model, but lots of the docs discussing the model
have been updated to try to the *concept* of this design in the hopes
that it can be iterated on.

Many new methods have been added to ptr to attempt to fill in semantic gaps
that this introduces, or to just get the ball rolling on "hey this is a
problem that needs to be solved, here's a bad solution as a starting point".
    @Gankra
    Gankra committed Mar 22, 2022
    Configuration menu
    Copy the full SHA
    a6f45ee View commit details
    Browse the repository at this point in the history

  2. WIP PROOF-OF-CONCEPT: Make the compiler complain about all int<->ptr … 

    …casts.

ALL

OF

THEM
    @Gankra
    Gankra committed Mar 22, 2022
    Configuration menu
    Copy the full SHA
    93f7f06 View commit details
    Browse the repository at this point in the history

  3. WIP PROOF-OF-CONCEPT: handle all the fallout in the libs 

    Still working on this, but it seems to largely be a lot of `as usize` -> `.addr()`
    @Gankra
    Gankra committed Mar 22, 2022
    Configuration menu
    Copy the full SHA
    701aa6c View commit details
    Browse the repository at this point in the history

  4. WIP PROOF-OF-CONCEPT handle all the fallout in rustc 

    Why does rustc do oh so many crimes? Oh so many...
    @Gankra
    Gankra committed Mar 22, 2022
    Configuration menu
    Copy the full SHA
    09be027 View commit details
    Browse the repository at this point in the history

Commits on Mar 23, 2022

  1. WIP PROOF-OF-CONCEPT fixup linux libs

    @Gankra
    Gankra committed Mar 23, 2022
    Configuration menu
    Copy the full SHA
    81f77d3 View commit details
    Browse the repository at this point in the history

  2. WIP PROOF-OF-CONCEPT fix stdarch?

    @Gankra
    Gankra committed Mar 23, 2022
    Configuration menu
    Copy the full SHA
    f016122 View commit details
    Browse the repository at this point in the history

  3. FIXUP PTR

    @Gankra
    Gankra committed Mar 23, 2022
    Configuration menu
    Copy the full SHA
    9052a68 View commit details
    Browse the repository at this point in the history

  4. unblech a dep

    @Gankra
    Gankra committed Mar 23, 2022
    Configuration menu
    Copy the full SHA
    4e588d1 View commit details
    Browse the repository at this point in the history

  5. default the lint to allow

    @Gankra
    Gankra committed Mar 23, 2022
    Configuration menu
    Copy the full SHA
    e60b84b View commit details
    Browse the repository at this point in the history

  6. fixup ptr docs

    @Gankra
    Gankra committed Mar 23, 2022
    Configuration menu
    Copy the full SHA
    8643aa4 View commit details
    Browse the repository at this point in the history