diff options
| author | Aria Beingessner <a.beingessner@gmail.com> | 2022-03-22 01:27:28 -0400 |
|---|---|---|
| committer | Aria Beingessner <a.beingessner@gmail.com> | 2022-03-29 20:16:34 -0400 |
| commit | 5167b6891ccf05aa7a2191675e6c3da95d84374a (patch) | |
| tree | 4fa1e0a70903ebadad05cae2e6fbd6b2df35efe6 /library/alloc/src/slice.rs | |
| parent | 9c06e1ba47e1077725a950e0b5d1870a89c8b536 (diff) | |
| download | rust-5167b6891ccf05aa7a2191675e6c3da95d84374a.tar.gz rust-5167b6891ccf05aa7a2191675e6c3da95d84374a.zip | |
Introduce experimental APIs for conforming to "strict provenance".
This patch series examines the question: how bad would it be if we adopted an extremely strict pointer provenance model that completely banished all int<->ptr casts. The key insight to making this approach even *vaguely* pallatable is the ptr.with_addr(addr) -> ptr function, which takes a pointer and an address and creates a new pointer with that address and the provenance of the input pointer. In this way the "chain of custody" is completely and dynamically restored, making the model suitable even for dynamic checkers like CHERI and Miri. This is not a formal model, but lots of the docs discussing the model have been updated to try to the *concept* of this design in the hopes that it can be iterated on.
Diffstat (limited to 'library/alloc/src/slice.rs')
0 files changed, 0 insertions, 0 deletions