Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add Support for Annex K functions according to C11 #13

Merged
merged 42 commits into from
Aug 18, 2024

Conversation

mostafa-salmaan
Copy link
Collaborator

Adding an implementation of the bounds-checking C functions (as specified in Annex K of the C11 standard) to the PicoLibc. These functions lower the risk of introducing security vulnerabilities such as buffer overflows and format string vulnerabilities into your code by providing clear and easy-to-use interfaces. For each C function a secure alternate function ending in a "_s" postfix is provided (e.g., strcpy_s). Use of these functions is recommended by security experts and secure coding standards.

@mostafa-salmaan mostafa-salmaan force-pushed the mostafas_add_support_for_Annex-k branch 19 times, most recently from 04afd0d to 56540aa Compare June 3, 2024 13:28
@mostafa-salmaan mostafa-salmaan force-pushed the mostafas_add_support_for_Annex-k branch from 9caaf80 to 9114c82 Compare June 24, 2024 09:38
@mostafa-salmaan mostafa-salmaan force-pushed the mostafas_add_support_for_Annex-k branch 4 times, most recently from caadf32 to a5676de Compare July 28, 2024 07:42
arichardson and others added 3 commits July 29, 2024 17:14
These functions make it easier to call the semihosting functions without
having to declare a local struct in each caller.
Since there is only one call with 4 indirect parameters, I did not add
a sys_semihost4 wrapper.
Optimize strcmp by calling orc.b (OR-Combine) instruction when Zbb extension
is supported instead of 4 instructions to detect if zero byte is exist in word

Signed-off-by: Mohamed Moawad <[email protected]>
Enable zbb extension in CI for RISC-V to test optimizations using bit manipulation instructions like `orc.b`. 
This ensures that the strcmp optimization and other features using zbb are tested and validated

Signed-off-by: Mohamed Moawad <[email protected]>
@mostafa-salmaan mostafa-salmaan force-pushed the mostafas_add_support_for_Annex-k branch 2 times, most recently from 0328b5e to ed68028 Compare July 31, 2024 08:09
@mostafa-salmaan mostafa-salmaan force-pushed the mostafas_add_support_for_Annex-k branch 4 times, most recently from 7a38b64 to 5ccabbb Compare August 6, 2024 09:37
Abdallahs70 and others added 2 commits August 6, 2024 21:29
…trtod()`

Quoting from C standard part 7.19.6.2

> `a,e,f,g` Matches an optionally signed floating-point number, infinity, or NaN, whose
format is the same as expected for the subject sequence of the `strtod`
function. The corresponding argument shall be a pointer to floating.

Regarding `strtod`, quoting from C standard part 7.20.1.3

> A character sequence `NAN` or `NAN(n-char-sequence)`, is interpreted as a quiet
NaN, if supported in the return type, else like a subject sequence part that does not have
the expected form; the meaning of the `n-char sequences` is implementation-defined.

Signed-off-by: Abdallah Abdelhafeez (Abdallahs70)
Make the new code match the old format

Signed-off-by: Keith Packard <[email protected]>
@mostafa-salmaan mostafa-salmaan force-pushed the mostafas_add_support_for_Annex-k branch 3 times, most recently from 67b9b80 to 514dd2e Compare August 8, 2024 08:39
To avoid depending on a .specs file, we can't let meson insert the
libraries relative to the link_args by itself as the link_args end up
after the libs, which breaks the printf/scanf symbol definitions.

Signed-off-by: Keith Packard <[email protected]>
The generated specs files reference installed versions of the library
files.  If those are already present in the system, we may end up
using them for things like #include_next. The existing compile and
link args already provide all of the values which the .specs files
want to add.

Signed-off-by: Keith Packard <[email protected]>
I couldn't figure out why it got confused about the bounds checking
for pmatches.

Signed-off-by: Keith Packard <[email protected]>
Keep stdio.h from making other standard symbols visible

Signed-off-by: Keith Packard <[email protected]>
Follow POSIX requirements for visible symbols by placing them all in
signal.h and then cleaning that up to stop making other symbols
visible.

Signed-off-by: Keith Packard <[email protected]>
sys/cdefs already includes this

Signed-off-by: Keith Packard <[email protected]>
move 'error_t' to argz.h and envz.h where it belongs.
Get rid of __LINUX_ERRNO_EXTENSIONS__ -- C allows the library
to define as many errno values as it likes.

Signed-off-by: Keith Packard <[email protected]>
Move sys/cdefs include to the top of the file.

Signed-off-by: Keith Packard <[email protected]>
sys/config.h is included by sys/cdefs.h, which is included by
every public header.

Signed-off-by: Keith Packard <[email protected]>
This will be included by any public header, so the internal
source files don't need to also include it.

Signed-off-by: Keith Packard <[email protected]>
Not even newlib still supports any of this mechanism. Remove the
collate.c file and eliminate all internal usage of __collate_load_error.

Signed-off-by: Keith Packard <[email protected]>
PATH_MAX is a posix value, not a C value.

Signed-off-by: Keith Packard <[email protected]>
Make sure limits.h doesn't expose any non-C limits unless the
application requests them.

Signed-off-by: Keith Packard <[email protected]>
This is a machine-specific file, not an OS specific file.

Signed-off-by: Keith Packard <[email protected]>
This is declared in sys/_timespec.h already, no need to duplicate it
here.

Signed-off-by: Keith Packard <[email protected]>
These are required by C.

Signed-off-by: Keith Packard <[email protected]>
_POSIX2_RE_DUP_MAX is the minimum acceptable value for any POSIX
system while RE_DUP_MAX is the value supported by the library.

Signed-off-by: Keith Packard <[email protected]>
@keith-packard keith-packard force-pushed the mostafas_add_support_for_Annex-k branch from 514dd2e to d306507 Compare August 9, 2024 20:55
Adding an implementation of the bounds-checking C functions (as specified in Annex K of the C11 standard) to the PicoLibc.
These functions lower the risk of introducing security vulnerabilities such as buffer overflows and format string vulnerabilities into your code by providing clear and easy-to-use interfaces.
For each C function a secure alternate function ending in a "_s" postfix is provided (e.g., strcpy_s).
Use of these functions is recommended by security experts and secure coding standards.

also, Implemented unit tests for the Annex-K functions to ensure their corrctness.
Covered various scenarios including normal operation, boundary conditions, and error handling.

Signed-off-by: Mostafa Salman <[email protected]>
@keith-packard keith-packard force-pushed the mostafas_add_support_for_Annex-k branch from d306507 to 1e23bb1 Compare August 12, 2024 17:13
@mostafa-salmaan mostafa-salmaan merged commit 1e23bb1 into main Aug 18, 2024
26 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants