Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Add a security benchmark #153

Closed
16 tasks done
jvoisin opened this issue Jul 21, 2022 · 1 comment
Closed
16 tasks done

Add a security benchmark #153

jvoisin opened this issue Jul 21, 2022 · 1 comment
Assignees
@jvoisin

Comments

@jvoisin
Copy link
Collaborator

jvoisin commented Jul 21, 2022
edited
Loading

It would be nice to have a security-related benchmark, not focused on memory consumption or speed, but on the ability of allocators to detect and neuter memory corruptions. For example, allocators should instantly abort on double-free.

List of tests to add, for large, small and medium allocations:

  • Double-free
  • Double-free, delayed
  • Double-free, interleaved
  • Invalid free
  • 1-byte overflow
  • 1-byte underflow
  • 1Mb overflow
  • 1Mb underflow
  • Read-after-free
  • Write-after-free
  • Read of a zero-sized allocation
  • Write of a zero-sized allocation
  • Unaligned free
  • Uninitialized free
  • Sized delete in C++
  • Guarded memcpy/memset

We should take inspiration from hardened_malloc's testsuite, and shellphish's how2heap
@jvoisin jvoisin self-assigned this Jul 21, 2022
@jvoisin jvoisin mentioned this issue Aug 10, 2022
Merged
@jvoisin
Copy link
Collaborator Author

jvoisin commented Aug 20, 2022

See https://github.com/daanx/mimalloc-bench/tree/master/bench/security

@jvoisin jvoisin closed this as completed Aug 20, 2022
# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees

@jvoisin jvoisin

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@jvoisin