Example allocator making compartments on the heap #88
Conversation
|
Can we hook this into the build system so that buildbot checks it? @0152la might know the best way of doing that. |
|
You'll probably want to run LLVM's C formatter on this but wonderfully that formatter isn't entirely stable. By convention (since it's what we use in buildbot) we use the Morello C formatter https://github.com/capablevms/cheri-examples/blob/master/.buildbot.sh#L12 |
It would have to be added somewhere appropriately in the test file [1]. Presuming in the [1] https://github.com/capablevms/cheri-examples/blob/master/tests/run_tests.sh#L60-L93 |
|
Also you'll need to run [1] https://github.com/capablevms/cheri-examples/blob/master/.buildbot.sh#L9-L13 |
Andrei noted that incrementing `numCompartments` is more readable if done on its own line, rather than when indexing an array, in [PR review](capablevms#88 (comment)). Thanks for the feedback!
From review comments from [Laurie](capablevms#88 (comment)) and [Andrei](capablevms#88 (comment)). Thanks both!
From [review feedback from Laurie](capablevms#88 (comment)); thanks!
Should be added in b7d09f6. I think I've grokked the file correctly, but worth a quick check before it merges…! 🙏 |
|
Please squash. |
Adds an example allocator which manages "side compartments", which are introduced in the example's README. Add `utils.h`, accidentally ommitted earlier `int` => `size_t` for num bytes in a compartment Based on feedback from Andrei [in a PR](https://github.com/capablevms/cheri-examples/pull/88/files#r1383699783). Thanks, Andrei! Exit on error, don't fail silently Based on some feedback from Andrei in [PR review](https://github.com/capablevms/cheri-examples/pull/88/files#r1383704851). Thanks, Andrei! Increment `numCompartments` on its own line Andrei noted that incrementing `numCompartments` is more readable if done on its own line, rather than when indexing an array, in [PR review](capablevms#88 (comment)). Thanks for the feedback! Formatting fixes from `clang-format` From review comments from [Laurie](capablevms#88 (comment)) and [Andrei](capablevms#88 (comment)). Thanks both! README.md hard-wrapped at 80 chars From [review feedback from Laurie](capablevms#88 (comment)); thanks! Explain allocator example's "side comps" in README After feedback in review from Andrei. Thanks, Andrei! s/`cheri_cap_build`/`cheri_address_set`/g After review comments from Laurie and Andrei. Thanks both! Free unused compartments, so they don't leak Following review feedback from Andrei, Laurie. Thanks both! Formatting, tidyup of redundant comments &c Following review feedback from Andrei and Laurie. Thanks, both! Add `compartment_alloc` to buildbot tests
probablytom
force-pushed
the
side_compartments
branch
from
34bbc71 to
6290c65
Compare
Adds an example allocator which manages "side compartments", which are introduced in this example's README. Add `utils.h`, accidentally ommitted earlier `int` => `size_t` for num bytes in a compartment Based on feedback from Andrei [in a PR](https://github.com/capablevms/cheri-examples/pull/88/files#r1383699783). Thanks, Andrei! Exit on error, don't fail silently Based on some feedback from Andrei in [PR review](https://github.com/capablevms/cheri-examples/pull/88/files#r1383704851). Thanks, Andrei! Increment `numCompartments` on its own line Andrei noted that incrementing `numCompartments` is more readable if done on its own line, rather than when indexing an array, in [PR review](capablevms#88 (comment)). Thanks for the feedback! Formatting fixes from `clang-format` From review comments from [Laurie](capablevms#88 (comment)) and [Andrei](capablevms#88 (comment)). Thanks both! README.md hard-wrapped at 80 chars From [review feedback from Laurie](capablevms#88 (comment)); thanks! Explain allocator example's "side comps" in README After feedback in review from Andrei. Thanks, Andrei! s/`cheri_cap_build`/`cheri_address_set`/g After review comments from Laurie and Andrei. Thanks both! Free unused compartments, so they don't leak Following review feedback from Andrei, Laurie. Thanks both! Formatting, tidyup of redundant comments &c Following review feedback from Andrei and Laurie. Thanks, both! Add `compartment_alloc` to buildbot tests
probablytom
force-pushed
the
side_compartments
branch
from
6290c65 to
e4d1fdd
Compare
|
Squashed (sorry for the noise). From the other PRs it looks like |
|
We just deprecated bors, and reviewers are meant to decide when to merge (and for the future, when to allow force pushes to be made). |
|
@probablytom Could you please amend the commit message to be one consistent overview, rather than the squashed commit concatenation? Just discuss the overall changes, and omit small, uninteresting changes due to the review process. |
Adds an example allocator which manages "side compartments", which are introduced in this example's README. There are two functions here which are relevant to creating compartments and allocating memory within them. 1. `init_compartment` `mmap`s an area of memory, creates a "compartment" (see `README` for a high-level definition, or `compartment_alloc.h` for the definition of the struct itself) and returns a sealed capability which can be used to identify a compartment when allocating memory. 2. `malloc_compartment` allocates memory within a compartment's `mmap`'d buffer. It accepts two arguments: a number of bytes to allocate, and a capability identifying a compartment (i.e. one returned by `init_compartment`). It returns a capability which points to memory within the compartment, assuming it's able to allocate (errors such as running our of space cause the program to exit with RC 1, because this is an example and it doesn't have to handle things particularly gracefully). There's also a function to free a compartment — `free_compartment` — which takes a compartment's identifying capability and frees the mmap'd buffer associated with it. This is naive and not a complete implementation; capabilities pointing to somewhere in that now-free buffer are still valid capabilities, but will be unsafe to use.
probablytom
force-pushed
the
side_compartments
branch
from
e4d1fdd to
caec38f
Compare
|
Done! |
An unsophisticated hybrid allocator which create compartments on the heap, and allows
mallocs against those compartments.This is a modification of the existing bump allocator which works in hybrid mode and demonstrates these little compartments which — in theory — could sit "to the side" of the typical DDC-enforced compartments we use to police memory at the moment.