ckb-vm icon indicating copy to clipboard operation
ckb-vm copied to clipboard

Published 20 hours ago verified publisher icon nervosnetwork

Tagging pointers

Open xxuejie opened this issue 3 years ago • 2 comments

For a design without MMU, ckb-vm can be more vulnerable to certain types of memory corruption problems. Since ckb-vm typically runs scripts that guards assets, this issue is much more critical.

One possible solution would be introducing tagging pointers, which might leverage, but would not eliminate the problem, this paper describes a similar attempt: https://arxiv.org/abs/2105.08712

xxuejie avatar May 25 '21 02:05 xxuejie

I realized that HeapSafe append the ROCC instructions, which would require us to modify the toolchains, versatility will be an issue.

mohanson avatar May 28 '21 01:05 mohanson

Yes, tagging pointer will definitely require toolchain change. I've seen people limiting it to malloc library only. Considering we are patching malloc for non-MMU environment, I feel like the tradeoff here might be fine.

xxuejie avatar May 28 '21 03:05 xxuejie