Stream: wg-secure-code

Topic: Help wanted for making mem::zeroed/uninititalized safer

RalfJ (Nov 28 2019 at 12:41, on Zulip):

I have been working on adding some extra dynamic checks to mem::uninitialized and mem::zeroed to hopefully detect some common misuses, but progress on the PR is stalled on analyzing the crater results, and I don't have much time. If someone reading this could help, that would be awesome. :D

(I figured this aligns with the goals of the WG so I hope this is appropriate to post here.)

Shnatsel (Nov 29 2019 at 00:45, on Zulip):

@RalfJ I see a bunch of seemingly unrelated failures, e.g. failing to get an environment variable. Should I ignore that and just focus on the error messages about the memory that's left uninitialized? What should be done once the places where this triggers are identified?

RalfJ (Nov 29 2019 at 18:08, on Zulip):

yeah I was wondering about those. I first thought they are all spurious (and some of them most likely are), but then I saw some weird failures without the panic in a crate triggering the invalid_value lint -- which seems more like a true positive where the panic message somehow got lost

RalfJ (Nov 29 2019 at 18:11, on Zulip):

but maybe I just misread that

RalfJ (Nov 29 2019 at 18:11, on Zulip):

I would discard logs that have no indication of having anything to do with mem::uninitialized/mem::zeroed through either deprecation warnings, invalid_valuelint or the panic message

RalfJ (Nov 29 2019 at 18:12, on Zulip):

What should be done once the places where this triggers are identified?

For now I think the most important part is getting a feel for how many of those there are, so that we have data to start a lang team discussion

RalfJ (Nov 29 2019 at 18:13, on Zulip):

like, I expect some of these to have the same root regression

RalfJ (Nov 29 2019 at 18:15, on Zulip):

what would also be interesting is if there are fixed versions of these libraries and people just didn't upgrade. But I think discussion can start without that.

Last update: Apr 05 2020 at 01:35UTC