Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Rewrite Gankra's provenance draft to be lib-only #95229

Closed
wants to merge 5 commits into from
Closed

Rewrite Gankra's provenance draft to be lib-only #95229

wants to merge 5 commits into from

Commits on Mar 23, 2022

  1. WIP PROOF-OF-CONCEPT: experiment with very strict pointer provenance 

    This patch series examines the question: how bad would it be if we adopted
an extremely strict pointer provenance model that completely banished all
int<->ptr casts.

The key insight to making this approach even *vaguely* pallatable is the

ptr.with_addr(addr) -> ptr

function, which takes a pointer and an address and creates a new pointer
with that address and the provenance of the input pointer. In this way
the "chain of custody" is completely and dynamically restored, making the
model suitable even for dynamic checkers like CHERI and Miri.

This is not a formal model, but lots of the docs discussing the model
have been updated to try to the *concept* of this design in the hopes
that it can be iterated on.

Many new methods have been added to ptr to attempt to fill in semantic gaps
that this introduces, or to just get the ball rolling on "hey this is a
problem that needs to be solved, here's a bad solution as a starting point".
    @Gankra @workingjubilee
    Gankra authored and workingjubilee committed Mar 23, 2022
    Configuration menu
    Copy the full SHA
    c75caa5 View commit details
    Browse the repository at this point in the history

  2. WIP PROOF-OF-CONCEPT: handle all the fallout in the libs 

    Still working on this, but it seems to largely be a lot of `as usize` -> `.addr()`
    @Gankra @workingjubilee
    Gankra authored and workingjubilee committed Mar 23, 2022
    Configuration menu
    Copy the full SHA
    7112a9e View commit details
    Browse the repository at this point in the history

  3. WIP PROOF-OF-CONCEPT handle all the fallout in rustc 

    Why does rustc do oh so many crimes? Oh so many...
    @Gankra @workingjubilee
    Gankra authored and workingjubilee committed Mar 23, 2022
    Configuration menu
    Copy the full SHA
    312187b View commit details
    Browse the repository at this point in the history

  4. WIP PROOF-OF-CONCEPT fixup linux libs

    @Gankra @workingjubilee
    Gankra authored and workingjubilee committed Mar 23, 2022
    Configuration menu
    Copy the full SHA
    81b7942 View commit details
    Browse the repository at this point in the history

  5. feature(strict_provenance) in doc examples 

    and unsafe
and ptr methods
and cleaning up unused uses
and intra-doc links...
    @workingjubilee
    workingjubilee committed Mar 23, 2022
    Configuration menu
    Copy the full SHA
    8cc6326 View commit details
    Browse the repository at this point in the history