Microsoft ya gano abubuwan ci gaba masu alaƙa da aikin CHERIoT (Karfafa Hardware Extension zuwa RISC-V don Intanet na Abubuwa), da nufin toshe matsalolin tsaro a cikin lambar data kasance a cikin C da C++. CHERIoT yana ba da mafita wanda ke ba ku damar kare bayanan C/C++ data kasance ba tare da buƙatar sake yin aiki da su ba. Ana aiwatar da kariyar ta hanyar amfani da na'ura mai haɗawa wanda ke amfani da tsawaita tsari na musamman na umarnin sarrafawa (ISA), wanda mai sarrafawa ya bayar kuma a matakin sa ido kan damar ƙwaƙwalwar ajiya, bincika daidaiton aiki tare da masu nuni da tabbatar da keɓance katangar lambar.
An ƙirƙiri aikin tare da ido don gaskiyar cewa ƙananan yanayin harshen C ya zama tushen kurakurai yayin aiki tare da ƙwaƙwalwar ajiya, yana haifar da matsaloli kamar buffer overflows, samun dama ga ƙwaƙwalwar ajiya da aka rigaya, ɓangarorin nuni, ko kyauta biyu. . Ayyuka sun nuna cewa har ma da manyan kamfanoni irin su Google da Microsoft, waɗanda ke da ƙayyadaddun manufofin bita na canji da amfani da hanyoyin ci gaban zamani da kayan aikin bincike na tsaye, ba za su iya ba da garantin rashin kurakurai yayin aiki tare da ƙwaƙwalwar ajiya (misali, kusan kashi 70% na rashin ƙarfi a cikin Microsoft). kuma Google ana haifar da shi ta hanyar sarrafa ƙwaƙwalwar ajiya mara aminci).
Ana iya magance matsalar ta amfani da yarukan shirye-shirye waɗanda ke ba da garantin aiki mai aminci tare da ƙwaƙwalwar ajiya, ko ɗaure tare da ƙarin cak, alal misali, ta amfani da maimakon masifu na yau da kullun kamar MiraclePtr (raw_ptr), wanda ke yin ƙarin bincike don samun damar wuraren ƙwaƙwalwar ajiya. Amma irin waɗannan hanyoyin sun fi dacewa da sabon lambar, kuma sake yin ayyukan C/C++ da ake da su yana da matsala sosai, musamman ma idan an tsara su don aiki a cikin mahallin da ke tattare da albarkatu, kamar tsarin da aka saka da na'urorin Intanet na Abubuwa.
CHERIoT kayan aikin kayan aikin an tsara su azaman microcontroller dangane da gine-ginen RISC-V, aiwatar da tsarin CHERI mai kariya (Ƙarfin Hardware Extension zuwa RISC-V), wanda ke ba da samfurin sarrafa damar ƙwaƙwalwar ajiya dangane da "ikon" (kowane karantawa da rubutawa). An ba da izini aiki zuwa ƙwaƙwalwar ajiya). Dangane da tsarin tsarin tsarin koyarwa (ISA) da aka bayar a cikin CHERIoT, an gina samfurin software wanda ke ba da garantin amincin aiki tare da ƙwaƙwalwar ajiya a matakin abubuwan mutum ɗaya, yana ba da kariya daga samun damar zuwa ƙwaƙwalwar ajiya da aka rigaya, da aiwatar da tsarin keɓewar ƙwaƙwalwar ajiya mara nauyi. . Ƙimar kariyar software da aka ƙayyade tana nunawa kai tsaye a cikin ƙirar harshen C/C++, wanda ke ba da damar yin amfani da shi don kare aikace-aikacen da ake da su (kawai sake tarawa da aiki akan kayan aiki masu goyan bayan ISA CHERIoT ana buƙata).
Maganin da aka tsara yana ba ku damar toshe kurakuran da ke haifar da wani abu ya wuce iyakokin ƙwaƙwalwar ajiya, baya ba da izinin sauya mai nuna alama (duk masu nuni dole ne a samar da su daga masu nunin da ke akwai), da kuma kula da damar ƙwaƙwalwar ajiya bayan an saki (duk wani damar yin amfani da ƙwaƙwalwar ajiya ta amfani da kuskuren kuskure). mai nuni ko mai nuni ga abin da aka 'yanta yana haifar da keɓancewar jifa). Misali, amfani da CHERIoT yana ba ku damar aiwatar da duba iyakoki ta atomatik, bin diddigin rayuwar ƙwaƙwalwar ajiya, da aiwatar da amincin mai nuni a cikin abubuwan da ke sarrafa bayanan da ba a amince da su ba ba tare da buƙatar kowane canje-canje na lamba ba.
Aikin ya haɗa da ƙayyadaddun ƙayyadaddun tsarin saiti na koyarwa na CHERIoT, aiwatar da tunani na 32-bit RISC-V CPU tare da goyan bayan CHERIoT ISA, da kayan aikin LLVM da aka gyara. Zane-zanen samfurin CPU da bayanin toshe kayan masarufi a cikin Verilog ana rarraba su ƙarƙashin lasisin Apache 2.0. An yi amfani da ainihin Ibex daga aikin lowRISC azaman tushen CPU. An bayyana samfurin lambar CHERIoT ISA a cikin yaren Sail kuma yana da lasisi ƙarƙashin lasisin BSD.
Bugu da ƙari, an gabatar da samfurin tsarin aiki na ainihin lokacin CHERIoT RTOS, wanda ke ba da ikon keɓe sassa ko da akan tsarin da aka saka tare da 256 MB na RAM. An rubuta lambar CHERIoT RTOS a cikin C++ kuma ana rarraba ta ƙarƙashin lasisin MIT. Abubuwan asali na OS, kamar bootloader, jadawali da tsarin rarraba ƙwaƙwalwar ajiya, an tsara su a cikin nau'i na sassa.
Wani sashe a cikin CHERIoT RTOS keɓaɓɓen haɗin lamba ne da masu canjin duniya waɗanda ke kama da ɗakin karatu na ɗaya, amma ba kamar na ƙarshen ba, yana iya canza yanayin sa (mai canzawa) kuma yana gudana cikin yanayin tsaro daban. Babu lamba daga waje da zai iya canja wurin sarrafawa zuwa lamba a cikin daki da samun dama ga abubuwa, sai ta hanyar shiga takamaiman wuraren shigarwa da amfani da masu nuni ga abubuwan da aka wuce a sarari lokacin kiran wani sashi. An tabbatar da mutunci da sirri don lamba da abubuwa na duniya a cikin daki.
source: budenet.ru