[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: CHERI vs. address sanitizer
From: |
Bruno Haible |
Subject: |
Re: CHERI vs. address sanitizer |
Date: |
Mon, 13 Nov 2023 04:31:46 +0100 |
Jessica Clarke wrote:
> > The answer is in [3], page 4, table III: CHERI does not detect
> > use-after-free
> > and stack-use-after-return bugs ("temporal memory safety").
> ...
> clarifies how things were at the time of writing a bit:
>
> e) Double-free: This is an example of a temporal mem- ory safety
> vulnerability that the Cornucopia [33] extension of PureCap could
> detect, but the stable version does not.
>
> For many years heap temporal safety was in a separate branch
In other words: heap temporal safety was work in progress.
This coincides with what I read in [1]:
Userspace temporal safety — Experimental
> but our
> upcoming 23.11 release (i.e. later this month, all being well) will have
> heap temporal safety available (it's already in our development
> snapshots) and enabled by default for all CHERI processes, and at some
> point when I get the chance after that I will upgrade cfarm240 to that
> release.
Nice! I had been under the impression that temporal pointer safety was
not included in the CHERI architecture. Glad to hear that it is.
> ASan has
> the advantage of being instrumentation that you can inject for your
> native architecture, but CHERI can catch more things
And I'm reading [2][3] that CHERI instrumentation is also coming to
Linux/x86_64 and Linux/arm64. This would also be cool :-)
Bruno
[1] https://www.morello-project.org/cheri-feature-matrix/
[2]
https://www.morello-project.org/resources/cheriseed-port-effortlessly-to-cheri/
[3]
https://git.morello-project.org/morello/llvm-project/-/blob/cheriseed/clang/docs/CHERIseed.rst