mirror of
https://github.com/Relintai/sdl2_frt.git
synced 2024-12-29 20:27:12 +01:00
02daab8736
This is needed to support CHERI, and thus Arm's experimental Morello prototype, where pointers are implemented using unforgeable capabilities that include bounds and permissions metadata to provide fine-grained spatial and referential memory safety, as well as revocation by sweeping memory to provide heap temporal memory safety. The C standard does not guarantee that if two pointers compare equal they are the same pointer, as C pointers have a notion of provenance, and compilers have been known to exploit this during optimisation. For CHERI, this becomes even more important, as in-place expansion can result in realloc returning a capability to the same address but with increased capability bounds, and so reusing the old capability will trap trying to access outside the bounds of the original allocation. In the case that ptr == mem, memdiff and ptrdiff should still be equal, so the only overhead is a small amount of pointer arithmetic and a store of the new pointer (which is required per the C standard in order to not be undefined behaviour when next loaded). This also fixes the calculation of oldmem to use uintptr_t rather than size_t as casting the pointer to size_t on CHERI will strip the capability metadata, including the validity tag, with the subsequent cast back to void * resulting in a null-derived capability whose validity tag is clear and thus cannot be dereferenced without trapping. |
||
---|---|---|
.. | ||
SDL_cpuinfo.c |