Conversation
bsdjhb
commented
Feb 5, 2026
bsdjhb
commented
- csu: Don't require a single segment of each type for purecap
- cheribsdtest: Add initial sub-object compartments test
bsdjhb
force-pushed
the
cheribsdtest_compart
branch
from
962922f to
3e7aa20
Compare
| assert_disjoint_bounds(void *one, void *two, const char *label_one, | ||
| const char *label_two) | ||
| { | ||
| CHERIBSDTEST_VERIFY2( | ||
| !cheri_is_address_inbounds(one, cheri_address_get(two)) && | ||
| !cheri_is_address_inbounds(two, cheri_address_get(one)), | ||
| "%#p (%s) and %#p (%s) overlap", one, label_one, two, label_two); | ||
| } |
There was a problem hiding this comment.
This isn't quite asserting that they're disjoint, just that the entry point (ignoring Morello's LSB...) isn't within the other's bounds. Doesn't mean the test necessarily needs to be different, but the naming/description isn't quite right.
There was a problem hiding this comment.
Hmm, yeah, I guess that's true. You'd really want to verify that one is strictly above/below the other. It's probably not hard to fix the test to check that the bounds are truly disjoint. Maybe as simple as if ((ptraddr_t)one < ptraddr_t(two)) and then verify that the top of the lower one is < the base of the upper one.
There was a problem hiding this comment.
Also, I wonder if it would be sufficient to just check the base instead of the address? If they overlap, then at least one of the base addresses should be in-bounds of the other.
With compartments, there can be multiple executable and writable segments interleaved in the address space breaking these assertions. Simplify the code to avoid all these checks for purecap if PT_CHERI_PCC is present since all cap relocs will set suitable bounds in that case.
This adds two sub-object compartments and verifies that PCC bounds for those compartments do not overlap with each other or with the default compartment.
bsdjhb
force-pushed
the
cheribsdtest_compart
branch
from
3e7aa20 to
d9dba2e
Compare
2 participants
