Many of the executables in demos/ are expected to not reproduce in common environments, or to have particular constraints on the environment beyond the usual "modern CPU on supported architecture running supported OS". Knowing whether something is expected to reproduce can be kind of hard, as e.g. it depends on whether it's been mitigated in your OS, or whether your hardware ever even had it at all. (For example, AIUI, ret2spec_sa is expected to reproduce on a typical stack, but ret2spec_ca is not (because it has been mitigated in the kernel), and so there are e.g. OS version constraints for reproducing ret2spec_ca on mitigated systems.)
It'd be nice to document where we expect it to run, and where we've actually verified that it runs, in either the file comments or some separate index (README.md?) This helps identify if unexpected failures are bugs in SafeSide or just an incorrect setup.
Many of the executables in demos/ are expected to not reproduce in common environments, or to have particular constraints on the environment beyond the usual "modern CPU on supported architecture running supported OS". Knowing whether something is expected to reproduce can be kind of hard, as e.g. it depends on whether it's been mitigated in your OS, or whether your hardware ever even had it at all. (For example, AIUI,
ret2spec_sais expected to reproduce on a typical stack, butret2spec_cais not (because it has been mitigated in the kernel), and so there are e.g. OS version constraints for reproducingret2spec_caon mitigated systems.)It'd be nice to document where we expect it to run, and where we've actually verified that it runs, in either the file comments or some separate index (README.md?) This helps identify if unexpected failures are bugs in SafeSide or just an incorrect setup.