Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Some unsafe Rust comments for drivers/src/fips_test_hooks.rs #1759

Open
zhalvorsen opened this issue Oct 30, 2024 · 0 comments
Open

Some unsafe Rust comments for drivers/src/fips_test_hooks.rs #1759

zhalvorsen opened this issue Oct 30, 2024 · 0 comments

Comments

@zhalvorsen
Copy link
Contributor

During an internal Google unsafe Rust review of Caliptra the reviewer had a few comments about drivers/src/fips_test_hooks.rs.

As a general comment for the file, the reviewer said the safety comments on functions appear to describe the general behavior of the function (a typical doc comment) but do not specify any soundness invariants and the unsafe code inside functions is not documented/justified.

Then specifically called out the following items:

  • code let byte_0 = unsafe { &mut *mut_u8 };: This is unsound: T may have uninitialized bits, and it is illegal to dereference a pointer that exposes those.
  • code let soc_ifc = unsafe { SocIfcReg::new() };: There is no safety comment explaining how SocIfcReg::new's invariants are satisfied, and those invariants are not propagated to the caller.
  • code let soc_ifc = unsafe { SocIfcReg::new() };: Same as above
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@zhalvorsen