From 60d8655698fe642659cb85954ff58af9285d9b46 Mon Sep 17 00:00:00 2001 From: Nell Shamrell Date: Tue, 11 Jun 2024 15:46:08 -0700 Subject: [PATCH 1/8] slight modifications to memory safe by default definition Signed-off-by: Nell Shamrell --- docs/definitions.md | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/docs/definitions.md b/docs/definitions.md index b0bf3a0..5a8b4ef 100644 --- a/docs/definitions.md +++ b/docs/definitions.md @@ -12,7 +12,6 @@ A memory safe by default language prevents (by default) common memory safety vul * Buffer overflow * Buffer over-read -* Race condition - concurrent read/writes to shared memory * Invalid page fault * Use after free @@ -31,6 +30,14 @@ A memory safe by default language prevents (by default) common memory safety vul * Mismatched free * Unwanted aliasing +A memory safe by default language also addresses the following: + +**Race Conditions** + +* Concurrent read/writes to shared memory + +Some memory safe by default languages prevent data races (such as Rust), but others (such as Java and Go) require the use of additional packages or libraries to prevent data races. Please see [Best Practices for Memory Safe by Default Languages](best-practice-memory-safe-by-default-languages.md) + ## Undefined Behavior [From the definition in the Stack Overflow Wiki](https://stackoverflow.com/tags/undefined-behavior/info). From 9c48c1dc6eb0a7822bdf32692b17f7d29e04853e Mon Sep 17 00:00:00 2001 From: Nell Shamrell Date: Wed, 24 Jul 2024 14:23:18 -0700 Subject: [PATCH 2/8] tweaks text about data races Signed-off-by: Nell Shamrell --- docs/definitions.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/definitions.md b/docs/definitions.md index 5a8b4ef..f185348 100644 --- a/docs/definitions.md +++ b/docs/definitions.md @@ -36,7 +36,7 @@ A memory safe by default language also addresses the following: * Concurrent read/writes to shared memory -Some memory safe by default languages prevent data races (such as Rust), but others (such as Java and Go) require the use of additional packages or libraries to prevent data races. Please see [Best Practices for Memory Safe by Default Languages](best-practice-memory-safe-by-default-languages.md) +Some memory safe by default languages prevent data races (such as Rust), but others (such as Java and Go) require the use of additional conventions, packages, or libraries to prevent data races. Please see [Best Practices for Memory Safe by Default Languages](best-practice-memory-safe-by-default-languages.md) ## Undefined Behavior From e5fbef5ae9cbd75eb0e11a35c6af8b53ff83ec83 Mon Sep 17 00:00:00 2001 From: Nell Shamrell Date: Thu, 25 Jul 2024 10:40:42 -0700 Subject: [PATCH 3/8] add Charles and David to list of collaborators Signed-off-by: Nell Shamrell --- README.md | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 49378f8..d436aac 100644 --- a/README.md +++ b/README.md @@ -53,13 +53,15 @@ The [CHARTER.md](CHARTER.md) outlines the scope and governance of our group acti ### SIG Collaborators -* [Walter Pearce](https://github.com/walterpearce) -* [Randall T. Vasquez, Gentoo/Homebrew](https://github.com/ran-dall) * [Jay White, Microsoft](https://github.com/camaleon2016) -* [Christine Abernathy, F5](https://github.com/caabernathy) * [Gabriel Dos Reis (Microsoft)](https://github.com/GabrielDosReis) +* [Charles Palmer (IBM)](https://github.com/ccpalmer) +* [David Edelsohn (IBM)](https://github.com/edelsohn) +* [Walter Pearce](https://github.com/walterpearce) * [Josh Aas (he/him, ISRG/Prossimo)](https://github.com/bdaehlie) * [Jonathan Leitschuh (he/him) OpenSSF](https://github.com/JLLeitschuh) +* [Christine Abernathy, F5](https://github.com/caabernathy) +* [Randall T. Vasquez, Gentoo/Homebrew](https://github.com/ran-dall) ## **Intellectual Property** From 7d09b6eaba5d2a0a57bff2a9652bf28e0d48b416 Mon Sep 17 00:00:00 2001 From: Nell Shamrell Date: Fri, 2 Aug 2024 14:16:42 -0700 Subject: [PATCH 4/8] add C# to list of languages Signed-off-by: Nell Shamrell --- docs/definitions.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/definitions.md b/docs/definitions.md index f185348..ffdcc56 100644 --- a/docs/definitions.md +++ b/docs/definitions.md @@ -36,7 +36,7 @@ A memory safe by default language also addresses the following: * Concurrent read/writes to shared memory -Some memory safe by default languages prevent data races (such as Rust), but others (such as Java and Go) require the use of additional conventions, packages, or libraries to prevent data races. Please see [Best Practices for Memory Safe by Default Languages](best-practice-memory-safe-by-default-languages.md) +Some memory safe by default languages prevent data races (such as Rust), but others (such as Java, Go, and C#) require the use of additional conventions, packages, or libraries to prevent data races. Please see [Best Practices for Memory Safe by Default Languages](best-practice-memory-safe-by-default-languages.md) ## Undefined Behavior From 7910a159469f520ad0c180ee2f9c7a20805fe3f0 Mon Sep 17 00:00:00 2001 From: Nell Shamrell Date: Fri, 2 Aug 2024 14:54:10 -0700 Subject: [PATCH 5/8] adds second kind of use after free Signed-off-by: Nell Shamrell --- docs/definitions.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/docs/definitions.md b/docs/definitions.md index ffdcc56..f8a5667 100644 --- a/docs/definitions.md +++ b/docs/definitions.md @@ -13,7 +13,7 @@ A memory safe by default language prevents (by default) common memory safety vul * Buffer overflow * Buffer over-read * Invalid page fault -* Use after free +* Use after free[^1] **Uninitialized variables (variable that has not been assigned a value is used)** @@ -45,3 +45,5 @@ Some memory safe by default languages prevent data races (such as Rust), but oth "In computer programming, undefined behavior (informally "UB") refers to computer code whose behavior is not specified by the programming language standard under certain conditions. The standards for some languages, most notably C and C++, leave certain aspects undefined, meaning the standard imposes no requirements whatsoever on the outcome. Implementations may regard such actions as erroneous, diagnosing them or not as they see fit, or may specify that they behave in some possibly-useful fashion without regard for whether the Standard requires them to do so." + +[^1]: This definition refers to a use after free error with regard to memory allocation and pointers. However, in this SIG's discusssions, we also realized there is a different kind of use after free error that can occur due to the improper sharing of heap objects where objects may be accessed on the heap level after they are freed on the object level. These errors are also relevant to memory safety. Please see [this GitHub issue](https://github.com/ossf/Memory-Safety/issues/29) for more discussion. \ No newline at end of file From 012ef33d4cb88268b536152d8731b6d054668098 Mon Sep 17 00:00:00 2001 From: Nell Shamrell Date: Fri, 2 Aug 2024 14:57:01 -0700 Subject: [PATCH 6/8] fixes markdown error Signed-off-by: Nell Shamrell --- docs/definitions.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/definitions.md b/docs/definitions.md index f8a5667..840724f 100644 --- a/docs/definitions.md +++ b/docs/definitions.md @@ -46,4 +46,4 @@ Some memory safe by default languages prevent data races (such as Rust), but oth The standards for some languages, most notably C and C++, leave certain aspects undefined, meaning the standard imposes no requirements whatsoever on the outcome. Implementations may regard such actions as erroneous, diagnosing them or not as they see fit, or may specify that they behave in some possibly-useful fashion without regard for whether the Standard requires them to do so." -[^1]: This definition refers to a use after free error with regard to memory allocation and pointers. However, in this SIG's discusssions, we also realized there is a different kind of use after free error that can occur due to the improper sharing of heap objects where objects may be accessed on the heap level after they are freed on the object level. These errors are also relevant to memory safety. Please see [this GitHub issue](https://github.com/ossf/Memory-Safety/issues/29) for more discussion. \ No newline at end of file +[^1]: This definition refers to a use after free error with regard to memory allocation and pointers. However, in this SIG's discusssions, we also realized there is a different kind of use after free error that can occur due to the improper sharing of heap objects where objects may be accessed on the heap level after they are freed on the object level. These errors are also relevant to memory safety. Please see [this GitHub issue](https://github.com/ossf/Memory-Safety/issues/29) for more discussion. From 886e97376de56d268d477f2f83f5aa19d2203828 Mon Sep 17 00:00:00 2001 From: Nell Shamrell-Harrington Date: Wed, 7 Aug 2024 14:03:25 -0700 Subject: [PATCH 7/8] Update docs/definitions.md Co-authored-by: Rich Lander Signed-off-by: Nell Shamrell-Harrington --- docs/definitions.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/docs/definitions.md b/docs/definitions.md index 840724f..65805fe 100644 --- a/docs/definitions.md +++ b/docs/definitions.md @@ -46,4 +46,5 @@ Some memory safe by default languages prevent data races (such as Rust), but oth The standards for some languages, most notably C and C++, leave certain aspects undefined, meaning the standard imposes no requirements whatsoever on the outcome. Implementations may regard such actions as erroneous, diagnosing them or not as they see fit, or may specify that they behave in some possibly-useful fashion without regard for whether the Standard requires them to do so." -[^1]: This definition refers to a use after free error with regard to memory allocation and pointers. However, in this SIG's discusssions, we also realized there is a different kind of use after free error that can occur due to the improper sharing of heap objects where objects may be accessed on the heap level after they are freed on the object level. These errors are also relevant to memory safety. Please see [this GitHub issue](https://github.com/ossf/Memory-Safety/issues/29) for more discussion. +[^1]: This definition refers to a use after free error with regard to memory allocation and pointers. However, in this SIG's discusssions, we also realized there is a different kind of use after free error that can occur due to the improper sharing of heap objects where objects may be accessed on the heap level after they are freed on the object level. These errors are also relevant to memory safety. Please see [ossf/Memory-Safety #29)](https://github.com/ossf/Memory-Safety/issues/29) for more discussion. + From 57c759c3f51c50cd776f45e132f5fbc6822ecfe4 Mon Sep 17 00:00:00 2001 From: Nell Shamrell Date: Wed, 7 Aug 2024 14:08:04 -0700 Subject: [PATCH 8/8] removes extra blank line Signed-off-by: Nell Shamrell --- docs/definitions.md | 1 - 1 file changed, 1 deletion(-) diff --git a/docs/definitions.md b/docs/definitions.md index 65805fe..5ebbb81 100644 --- a/docs/definitions.md +++ b/docs/definitions.md @@ -47,4 +47,3 @@ Some memory safe by default languages prevent data races (such as Rust), but oth The standards for some languages, most notably C and C++, leave certain aspects undefined, meaning the standard imposes no requirements whatsoever on the outcome. Implementations may regard such actions as erroneous, diagnosing them or not as they see fit, or may specify that they behave in some possibly-useful fashion without regard for whether the Standard requires them to do so." [^1]: This definition refers to a use after free error with regard to memory allocation and pointers. However, in this SIG's discusssions, we also realized there is a different kind of use after free error that can occur due to the improper sharing of heap objects where objects may be accessed on the heap level after they are freed on the object level. These errors are also relevant to memory safety. Please see [ossf/Memory-Safety #29)](https://github.com/ossf/Memory-Safety/issues/29) for more discussion. -