[PATCH] Additional capabilities attributes
Aaron Ballman
aaron at aaronballman.com
Fri Feb 21 13:11:15 PST 2014
Thanks! Committed in r201890
~Aaron
On Fri, Feb 21, 2014 at 12:35 PM, Delesley Hutchins <delesley at google.com> wrote:
> LGTM.
>
> On Tue, Feb 18, 2014 at 11:55 AM, Aaron Ballman <aaron at aaronballman.com> wrote:
>> Lock-based thread safety attributes (r201585) were renamed to
>> "capability" attributes so that we would have a more generalized
>> nomenclature with which to implement capability-based analysis passes.
>> Given this more generalized attribute syntax, I am proposing to add a
>> role-based analysis approach using the capabilities attributes, which
>> works in conjunction with the lock-based analysis. This will be an
>> incremental, on-going WIP -- this initial patch is simply introducing
>> the attributes, with subsequent work being done to provide a
>> per-method analysis pass utilizing the attributes. This is a joint
>> venture between CERT and Google to extend the existing thread safety
>> functionality.
>>
>> Role capabilities provide a way to protect shared functionality via
>> policy. Eg) a role may define a policy that states a method should
>> never be called from something holding a different role. As a simple
>> example, a method holding the GUI role should not call a method
>> holding the database role because the policy says they are mutually
>> exclusive.
>>
>> This patch introduces attributes allowing you to express role
>> management: asserting that a capability is held and
>> acquiring/releasing a capability. There is some skeleton documentation
>> for the attributes included in the patch.
>>
>> ~Aaron
>
>
>
> --
> DeLesley Hutchins | Software Engineer | delesley at google.com | 505-206-0315
More information about the cfe-commits
mailing list