Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Strict Provenance MVP #95241

Merged
merged 15 commits into from
Mar 30, 2022
Merged

Strict Provenance MVP #95241

merged 15 commits into from
Mar 30, 2022
+621 −126

Commits on Mar 30, 2022

  1. Introduce experimental APIs for conforming to "strict provenance". 

    This patch series examines the question: how bad would it be if we adopted
an extremely strict pointer provenance model that completely banished all
int<->ptr casts.

The key insight to making this approach even *vaguely* pallatable is the

ptr.with_addr(addr) -> ptr

function, which takes a pointer and an address and creates a new pointer
with that address and the provenance of the input pointer. In this way
the "chain of custody" is completely and dynamically restored, making the
model suitable even for dynamic checkers like CHERI and Miri.

This is not a formal model, but lots of the docs discussing the model
have been updated to try to the *concept* of this design in the hopes
that it can be iterated on.
    @Gankra
    Gankra committed Mar 30, 2022
    Configuration menu
    Copy the full SHA
    5167b68 View commit details
    Browse the repository at this point in the history

  2. Make the stdlib largely conform to strict provenance. 

    Some things like the unwinders and system APIs are not fully conformant,
this only covers a lot of low-hanging fruit.
    @Gankra
    Gankra committed Mar 30, 2022
    Configuration menu
    Copy the full SHA
    c7de289 View commit details
    Browse the repository at this point in the history

  3. Make some rustc code conform to strict provenance. 

    There's some really bad stuff around `ty` and pointer tagging stuff that
was too much work to handle here.
    @Gankra
    Gankra committed Mar 30, 2022
    Configuration menu
    Copy the full SHA
    6864360 View commit details
    Browse the repository at this point in the history

  4. Make some linux/unix APIs better conform to strict provenance. 

    This largely makes the stdlib conform to strict provenance on Ubuntu.
Some hairier things have been left alone for now.
    @Gankra
    Gankra committed Mar 30, 2022
    Configuration menu
    Copy the full SHA
    09395f6 View commit details
    Browse the repository at this point in the history

  5. revert changes that cast functions to raw pointers, portability hazard

    @Gankra
    Gankra committed Mar 30, 2022
    Configuration menu
    Copy the full SHA
    b608df8 View commit details
    Browse the repository at this point in the history

  6. clean up pointer docs

    @Gankra
    Gankra committed Mar 30, 2022
    Configuration menu
    Copy the full SHA
    31e1cde View commit details
    Browse the repository at this point in the history

  7. cleanup some of the less terrifying library code

    @Gankra
    Gankra committed Mar 30, 2022
    Configuration menu
    Copy the full SHA
    7514d76 View commit details
    Browse the repository at this point in the history

  8. Add even more details to top-level pointer docs

    @Gankra
    Gankra committed Mar 30, 2022
    Configuration menu
    Copy the full SHA
    9efcd99 View commit details
    Browse the repository at this point in the history

  9. more review fixes to ptr docs

    @Gankra
    Gankra committed Mar 30, 2022
    Configuration menu
    Copy the full SHA
    5f720fa View commit details
    Browse the repository at this point in the history

  10. mark FIXMES for all the places found that are probably offset_from

    @Gankra
    Gankra committed Mar 30, 2022
    Configuration menu
    Copy the full SHA
    28576e9 View commit details
    Browse the repository at this point in the history

  11. refine the definition of temporal provenance

    @Gankra
    Gankra committed Mar 30, 2022
    Configuration menu
    Copy the full SHA
    378ed25 View commit details
    Browse the repository at this point in the history

  12. fix doc link

    @Gankra
    Gankra committed Mar 30, 2022
    Configuration menu
    Copy the full SHA
    075c576 View commit details
    Browse the repository at this point in the history

  13. clarify that WASM has address spaces

    @Gankra
    Gankra committed Mar 30, 2022
    Configuration menu
    Copy the full SHA
    a91a9ee View commit details
    Browse the repository at this point in the history

  14. fixup feature position in liballoc

    @Gankra
    Gankra committed Mar 30, 2022
    Configuration menu
    Copy the full SHA
    37d4753 View commit details
    Browse the repository at this point in the history

  15. fix unix typedef

    @Gankra
    Gankra committed Mar 30, 2022
    Configuration menu
    Copy the full SHA
    e3a3afe View commit details
    Browse the repository at this point in the history