Dawn MiraclePtr Rewrite Completed – Announcement & Explanation

423 views

Skip to first unread message

Arthur Sonzogni

unread,

Jan 29, 2024, 6:18:05 AM1/29/24

to memory-s...@chromium.org, dawn-g...@googlegroups.com, chrome-memory-safety, chrome-fuzzing-core

Dear @dawn-graphic & @memory-safety-dev,

I'm excited to announce that the MiraclePtr rewrite in Dawn (WebGPU) has been completed. 🎉🥳

Most of the rewrite was shipped in M122, with final changes completed in M123

This offers effective protection against UAFs, among other things.

What does this mean in Dawn?

PartitionAlloc became an optional dependency..
Member pointers/references within structs/classes have been replaced with raw_ptr<T> / raw_ref<T>
Dawn's tests utilize the PartitionAlloc allocator and enable the DanglingPointerDetector by default.

The raw_ptr<T> / raw_ref<T> types are designed for use as pointers/references in structs/classes members. They are not typically intended for local variables or function arguments.

For more details, please refer to the Dawn-specific documentation. Please don't hesitate to reach out if you have any questions or encounter specific errors.

What’s next (backlog):

Enforce raw_ptr<T> usage via the Clang plugin chromium/1504996
Investigate pre-existing dangling pointers: dawn/2345, dawn/2346, dawn/2348, dawn/2349.
Investigate RAW_PTR_EXCLUSION and potential memory safety problems: chromium/1521372, dawn/2365, dawn/2364, dawn/2361

Best regards,

Arthur Sonzogni

Bartek Nowierski

unread,

Jan 29, 2024, 10:57:37 AM1/29/24

to Kentaro Hara, Arthur Sonzogni, memory-s...@chromium.org, dawn-g...@googlegroups.com, chrome-memory-safety, chrome-fuzzing-core

This is amazing news Arthur! I know how difficult it was to spearhead MiraclePtr'ization of 3p libraries, and ironing numerous rough edges. You poured a lot of work into this. I hope subsequent libraries should be easier!

On Mon, Jan 29, 2024 at 9:10 PM Kentaro Hara <har...@google.com> wrote:

Thank you very much Arthur for all the hard work and making this milestone!!

--
You received this message because you are subscribed to the Google Groups "chrome-memory-safety" group.
To unsubscribe from this group and stop receiving emails from it, send an email to chrome-memory-sa...@google.com.
To view this discussion on the web visit https://groups.google.com/a/google.com/d/msgid/chrome-memory-safety/CAAzos5GH8Ht6a9e_vbV3ayjksZPcNiYW1kfU6dyvJO%3D%2B3UsARw%40mail.gmail.com.

--
Kentaro Hara, Tokyo

--
You received this message because you are subscribed to the Google Groups "chrome-memory-safety" group.
To unsubscribe from this group and stop receiving emails from it, send an email to chrome-memory-sa...@google.com.
To view this discussion on the web visit https://groups.google.com/a/google.com/d/msgid/chrome-memory-safety/CABg10jyuPWXrEzy4AM%2BeymxtBVE5wQJVRtshbZmWm05P8xFP%2BA%40mail.gmail.com.

Reply all

Reply to author

Forward

0 new messages