Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Rewrite Gankra's provenance draft to be lib-only #95229

Closed
wants to merge 5 commits into from

Commits on Mar 23, 2022

  1. WIP PROOF-OF-CONCEPT: experiment with very strict pointer provenance

    This patch series examines the question: how bad would it be if we adopted
    an extremely strict pointer provenance model that completely banished all
    int<->ptr casts.
    
    The key insight to making this approach even *vaguely* pallatable is the
    
    ptr.with_addr(addr) -> ptr
    
    function, which takes a pointer and an address and creates a new pointer
    with that address and the provenance of the input pointer. In this way
    the "chain of custody" is completely and dynamically restored, making the
    model suitable even for dynamic checkers like CHERI and Miri.
    
    This is not a formal model, but lots of the docs discussing the model
    have been updated to try to the *concept* of this design in the hopes
    that it can be iterated on.
    
    Many new methods have been added to ptr to attempt to fill in semantic gaps
    that this introduces, or to just get the ball rolling on "hey this is a
    problem that needs to be solved, here's a bad solution as a starting point".
    Gankra authored and workingjubilee committed Mar 23, 2022
    Configuration menu
    Copy the full SHA
    c75caa5 View commit details
    Browse the repository at this point in the history
  2. WIP PROOF-OF-CONCEPT: handle all the fallout in the libs

    Still working on this, but it seems to largely be a lot of `as usize` -> `.addr()`
    Gankra authored and workingjubilee committed Mar 23, 2022
    Configuration menu
    Copy the full SHA
    7112a9e View commit details
    Browse the repository at this point in the history
  3. WIP PROOF-OF-CONCEPT handle all the fallout in rustc

    Why does rustc do oh so many crimes? Oh so many...
    Gankra authored and workingjubilee committed Mar 23, 2022
    Configuration menu
    Copy the full SHA
    312187b View commit details
    Browse the repository at this point in the history
  4. Configuration menu
    Copy the full SHA
    81b7942 View commit details
    Browse the repository at this point in the history
  5. feature(strict_provenance) in doc examples

    and unsafe
    and ptr methods
    and cleaning up unused uses
    and intra-doc links...
    workingjubilee committed Mar 23, 2022
    Configuration menu
    Copy the full SHA
    8cc6326 View commit details
    Browse the repository at this point in the history