jsha
commented
1 year ago This is great! Also worth mentioning that work is underway in rustls to allow pluggable crypto backends. That would let us sub in a pure-Rust crypto backend, which in turn would allow us to run more of our test cases under Miri. Right now we can run almost none under Miri because as soon as any *ring* FFI code is hit, it errors out.
There is a new tool under development called krabcake for checking adherence to Stacked Borrows at runtime. It is akin to Miri, but with a different architecture that supports codebases that use FFI and inline assembly. (using a combination of a custom Valgrind tool, and annotations inserted by rustc) Once this tool is ready, we could rebuild rustls-ffi with it, and try running various C programs under dynamic instrumentation to check for soundness bugs in the FFI API, or misuses by specific library consumers.