[PATCH] D91898: [attributes] Add a facility for defining and enforcing a Trusted Computing Base.
Aaron Puchert via Phabricator via cfe-commits
cfe-commits at lists.llvm.org
Mon Nov 23 09:22:06 PST 2020
aaronpuchert added a comment.
Thread safety attributes want **callers** of a function to have the same attribute, while this change wants **callees** to have the same attribute. So the attributes propagate in different directions.
By contraposition <https://en.wikipedia.org/wiki/Contraposition> the absence of an attribute propagates the other way around as the attribute itself, so you could have a role "untrusted", and callers of untrusted functions would have to be untrusted as well.
I guess it depends on how many functions need to be annotated one way or the other, if the TCB-based functions are a small subset of the code then this attribute is better, if most functions are based on the TCB and only some are not, the capability-based approach would be better.
CHANGES SINCE LAST ACTION
https://reviews.llvm.org/D91898/new/
https://reviews.llvm.org/D91898
More information about the cfe-commits
mailing list