Sujet : Re: Memory protection between compilation units?
De : mateusz (at) *nospam* x.invalid (Mateusz Viste)
Groupes : comp.lang.cDate : 12. Jun 2025, 10:05:02
Autres entêtes
Organisation : ...
Message-ID : <20250612110502.48dba8b0@mateusz>
References : 1 2
User-Agent : Claws Mail 4.2.0 (GTK 3.24.43; x86_64-suse-linux-gnu)
On Thu, 12 Jun 2025 11:40 Mikko wrote:
The traditional method to ensure that a program or a part of a program
does not do what it must not do is testing. In this case the tester
must modify the code so that the array socks is a part of a larger
data structure and and call update_my_socks with different values for
val, including the critical values -1, 0, 0xfffe, and 0xffff.
Essentially checking for out-of-bounds writes using safeguard markers:
struct {
int low;
int array[0xffff];
int high;
} x;
low = -1;
high = -1;
do_some_job(&x);
assert((low == -1) && (high == -1));
This approach might be a valid strategy, but is it practical?
Uncertain. Foolproof? Definitely not: an out-of-bounds write could
easily occur 4 KiB past the array and be undetected.
While various testing methods exist, my original question wasn’t about
testing scenarios, but rather about potential methods to isolate and
protect compilation units from one another.
It appears this is not a novel idea and there are some solutions, for
example CHERI:
https://en.wikipedia.org/wiki/Capability_Hardware_Enhanced_RISC_InstructionsBut this requires special hardware, while I am looking for something
that would be usable on Linux with commodity x86_64 hardware.
Mateusz
Memory protection between compilation units?
Re: Memory protection between compilation units?