Skip to content

[strict provenance] make the compiler's tagged_ptr stuff conform #95493

New issue
New issue
Closed
Closed
[strict provenance] make the compiler's tagged_ptr stuff conform#95493
Labels
A-strict-provenanceArea: Strict provenance for raw pointersT-compilerRelevant to the compiler team, which will review and decide on the PR/issue.
@Gankra

Description

@Gankra
Gankra
opened on Mar 30, 2022

This issue is part of the Strict Provenance Experiment - #95228

tagged_ptr and everything that uses it is entirely provenance crimes

rust/compiler/rustc_data_structures/src/tagged_ptr.rs

Lines 52 to 60 in bb5c437

fn into_usize(self) -> usize;
/// # Safety
///
/// The passed `ptr` must be returned from `into_usize`.
///
/// This acts as `ptr::read` semantically, it should not be called more than
/// once on non-`Copy` `Pointer`s.
unsafe fn from_usize(ptr: usize) -> Self;

This is the precise point in updating std+compiler to conform to strict-provenance that I ran out of energy and just started marking the compiler as WONTFIX for the MVP. I believe @eddyb started working on this, but got a bit sidetracked because they ran into the fact that we're shifting pointers down so that we can high-bit-tag instead of low-bit-tag, and while this isn't per-se a problem for strict-provenance, it wasn't obviously portable to CHERI, which sucks.

Since then it's been clarified that e.g. Morello (CHERI on ARM) actually has allowances for high-bit tagging and pointer shifting, so it's possible that the code can just be changed to properly use pointers and with_addr and friends.

Metadata

Metadata

Assignees

No one assigned

    Labels

    A-strict-provenanceArea: Strict provenance for raw pointersT-compilerRelevant to the compiler team, which will review and decide on the PR/issue.

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions