aboutsummaryrefslogtreecommitdiff
path: root/safety.md
diff options
context:
space:
mode:
Diffstat (limited to 'safety.md')
-rw-r--r--safety.md40
1 files changed, 19 insertions, 21 deletions
diff --git a/safety.md b/safety.md
index 2918806..c50a06a 100644
--- a/safety.md
+++ b/safety.md
@@ -1,6 +1,4 @@
----
-title: Memory Safety
----
+# Memory Safety
Each item in Wikipedia's [list of types of memory errors](https://en.wikipedia.org/wiki/Memory_safety#Types_of_memory_errors) and what Crowbar does to prevent them.
@@ -8,9 +6,9 @@ In general, Crowbar does its best to ensure that code will not exhibit any of th
However, sometimes the compiler knows less than the programmer, and so code that looks dangerous is actually fine.
Crowbar allows programmers to suspend the memory safety checks with the `fragile` keyword.
-# Access errors
+## Access errors
-## Buffer overflow
+### Buffer overflow
Crowbar addresses buffer overflow with bounds checking.
In C, the type `char *` can point to a single character, a null-terminated string of unknown length, a buffer of fixed size, or nothing at all.
@@ -40,57 +38,57 @@ Note as well that the type of `argv` is complicated.
This is because the elements of `argv` have unconstrained size.
TODO figure out if that's the right way to handle that
-## Buffer over-read
+### Buffer over-read
bounds checking again
-## Race condition
+### Race condition
-uhhhhh 🤷‍♀️
+uhhhhh idk
-## Page fault
+### Page fault
bounds checking, dubious-pointer checking
-## Use after free
+### Use after free
`free(x);` not followed by `x = NULL;` is a compiler error.
`owned` and `borrowed` keywords
-# Uninitialized variables
+## Uninitialized variables
forbid them in syntax
-## Null pointer dereference
+### Null pointer dereference
dubious-pointer checking
-## Wild pointers
+### Wild pointers
dubious-pointer checking
-# Memory leak
+## Memory leak
-## Stack exhaustion
+### Stack exhaustion
-uhhhhhh 🤷‍♀️
+uhhhhhh idk
-## Heap exhaustion
+### Heap exhaustion
that counts as error handling, just the `malloc`-shaped kind
-## Double free
+### Double free
this is just use-after-free but the use is calling free on it
-## Invalid free
+### Invalid free
don't do that
-## Mismatched free
+### Mismatched free
how does that even happen
-## Unwanted aliasing
+### Unwanted aliasing
uhhh don't do that?
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-08 00:48:06 +0000