Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use pointers, not addresses, in more places #188

Merged
merged 2 commits into from
May 19, 2020
Merged

Use pointers, not addresses, in more places #188

merged 2 commits into from
May 19, 2020

Conversation

nwf
Copy link
Collaborator

@nwf nwf commented May 15, 2020

This should produce equivalent code everywhere and more obviously preserves provenance where desired. Ultimately, eliminate pointer_cast entirely since it won't make sense to cast an address back to a pointer on CHERI platforms.

davidchisnall
davidchisnall approved these changes May 16, 2020
View reviewed changes
mjp41
mjp41 approved these changes May 19, 2020
View reviewed changes
Copy link
Member

@mjp41 mjp41 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Otherwise, LGTM.

src/mem/alloc.h Outdated

while (size > 64)
{
// This is a large alloc redirect.
ss = ss - (1ULL << (size - 64));
ss = pointer_offset_signed(ss, -(1 << (size - 64)));
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm always worried about lines like this, and that the shift will occur not at 64bits, because it decides 1 is 32bit, and then this doesn't behave as expected.

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Annoyingly, when I use 1LL, my host compiler barfs:

/cheri/source/mainline/snmalloc/src/mem/alloc.h:431:40: error: implicit conversion changes signedness: 'long long' to 'ptrdiff_t' (aka 'long') [-Werror,-Wsign-conversion]

which just seems wrong to me? Anyway, I've worked around it by doing static_cast<ptrdiff_t>(1) which should make everyone happy on all platforms, yes?

nwf added 2 commits May 19, 2020 14:53
@nwf
alloc: eliminate external_pointer/address distinction
79ad663 
Just always work with pointers using the functions defined in
ds/address.h.  This more obviously preserves provenance through the
chain of reasoning.  Note that there is still risk of malloc() being
used as an amplification oracle on CHERI, but there's no additional risk
from this change.

Rename the external_address into external_pointer.
@nwf
Eliminate pointer_cast()
3f32f37 
Since we anticipate address_t not carrying provenance on CHERI, but
rather being vaddr_t there, it doesn't make sense to offer conversion
back to a provenance-carrying pointer.

Thankfully, there is not much to be done here: the uses were few and
could be replaced with the vocabulary of other pointer operations in
ds/address.h
@mjp41 mjp41 merged commit 958de73 into microsoft:master May 19, 2020
@nwf nwf deleted the ptr-not-addr branch May 19, 2020 20:29
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@davidchisnall davidchisnall davidchisnall approved these changes

@mjp41 mjp41 mjp41 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@nwf @mjp41 @davidchisnall