bug-gnulib
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

*alloc: Take advantage of CHERI bounds-checking

From: Bruno Haible
Subject: *alloc: Take advantage of CHERI bounds-checking
Date: Sat, 11 Nov 2023 20:14:46 +0100 
I was impressed by the fact that CHERI detected the multithread-safety
bug of gnulib's use of rand() in the test suite.

Now I'd like to try CHERI on packages like gettext, and see whether
it finds bugs that neither valgrind nor the gcc bounds-checking options
can detect.

For this purpose, it is useful if all functions that allocate memory
blocks return bounds for these memory blocks that are as tight as possible.
malloc(), realloc(), reallocarray(), alloca() already do so.
(To convince yourself, use a C program that makes use of these functions,
and print the return values from within gdb. gdb prints pointers with bounds.)

This set of patches handles most memory allocators that we have in gnulib.

The API is documented in
<https://www.cl.cam.ac.uk/techreports/UCAM-CL-TR-947.pdf>.


2023-11-11  Bruno Haible  <bruno@clisp.org>

        malloca: Take advantage of CHERI bounds-checking.
        * lib/malloca.h: Include <cheri.h>.
        (malloca) [CHERI]: In the stack-allocation case, return a pointer with
        a tight lower bound and a tight upper bound.
        * lib/malloca.c: Include <cheri.h>.
        (small_t) [CHERI]: Define as uintptr_t.
        (mmalloca) [CHERI]: Return a pointer with a tight upper bound.
        (freea) [CHERI]: Update.

2023-11-11  Bruno Haible  <bruno@clisp.org>

        safe-alloc: Take advantage of CHERI bounds-checking.
        * lib/safe-alloc.h: Include <cheri.h>.
        (safe_alloc_realloc_n): When count or size is 0, return a pointer whose
        bounds are of size 0, not 1.

2023-11-11  Bruno Haible  <bruno@clisp.org>

        ialloc: Take advantage of CHERI bounds-checking.
        * lib/ialloc.h: Include <cheri.h>.
        (irealloc): When s is 0, return a pointer whose bounds are of size 0,
        not 1.
        (ireallocarray): When n or s is 0, return a pointer whose bounds are of
        size 0, not 1.

2023-11-11  Bruno Haible  <bruno@clisp.org>

        eealloc: Take advantage of CHERI bounds-checking.
        * lib/eealloc.h: Include <cheri.h>.
        (eemalloc): When n is 0, return a pointer whose bounds are of size 0,
        not 1.
        (eerealloc): Likewise.

2023-11-11  Bruno Haible  <bruno@clisp.org>

        alignalloc: Take advantage of CHERI bounds-checking.
        * lib/alignalloc.h: Include <cheri.h>.
        (alignalloc): When size is 0, return a pointer whose bounds are of
        size 0, not 1.

Attachment: 0001-alignalloc-Take-advantage-of-CHERI-bounds-checking.patch
Description: Text Data

Attachment: 0002-eealloc-Take-advantage-of-CHERI-bounds-checking.patch
Description: Text Data

Attachment: 0003-ialloc-Take-advantage-of-CHERI-bounds-checking.patch
Description: Text Data

Attachment: 0004-safe-alloc-Take-advantage-of-CHERI-bounds-checking.patch
Description: Text Data

Attachment: 0005-malloca-Take-advantage-of-CHERI-bounds-checking.patch
Description: Text Data

reply via email to
[Prev in Thread] Current Thread [Next in Thread]