Update README.md and add code of conduct. (#476)
This commit is contained in:
David Tarditi
GitHub
Родитель
d47eaf7f53
Коммит
5eca3f518c
|
|
@ -0,0 +1,128 @@
|
|||
# Contributor Covenant Code of Conduct
|
||||
|
||||
## Our Pledge
|
||||
|
||||
We as members, contributors, and leaders pledge to make participation in our
|
||||
community a harassment-free experience for everyone, regardless of age, body
|
||||
size, visible or invisible disability, ethnicity, sex characteristics, gender
|
||||
identity and expression, level of experience, education, socio-economic status,
|
||||
nationality, personal appearance, race, religion, or sexual identity
|
||||
and orientation.
|
||||
|
||||
We pledge to act and interact in ways that contribute to an open, welcoming,
|
||||
diverse, inclusive, and healthy community.
|
||||
|
||||
## Our Standards
|
||||
|
||||
Examples of behavior that contributes to a positive environment for our
|
||||
community include:
|
||||
|
||||
* Demonstrating empathy and kindness toward other people
|
||||
* Being respectful of differing opinions, viewpoints, and experiences
|
||||
* Giving and gracefully accepting constructive feedback
|
||||
* Accepting responsibility and apologizing to those affected by our mistakes,
|
||||
and learning from the experience
|
||||
* Focusing on what is best not just for us as individuals, but for the
|
||||
overall community
|
||||
|
||||
Examples of unacceptable behavior include:
|
||||
|
||||
* The use of sexualized language or imagery, and sexual attention or
|
||||
advances of any kind
|
||||
* Trolling, insulting or derogatory comments, and personal or political attacks
|
||||
* Public or private harassment
|
||||
* Publishing others' private information, such as a physical or email
|
||||
address, without their explicit permission
|
||||
* Other conduct which could reasonably be considered inappropriate in a
|
||||
professional setting
|
||||
|
||||
## Enforcement Responsibilities
|
||||
|
||||
Community leaders are responsible for clarifying and enforcing our standards of
|
||||
acceptable behavior and will take appropriate and fair corrective action in
|
||||
response to any behavior that they deem inappropriate, threatening, offensive,
|
||||
or harmful.
|
||||
|
||||
Community leaders have the right and responsibility to remove, edit, or reject
|
||||
comments, commits, code, wiki edits, issues, and other contributions that are
|
||||
not aligned to this Code of Conduct, and will communicate reasons for moderation
|
||||
decisions when appropriate.
|
||||
|
||||
## Scope
|
||||
|
||||
This Code of Conduct applies within all community spaces, and also applies when
|
||||
an individual is officially representing the community in public spaces.
|
||||
Examples of representing our community include using an official e-mail address,
|
||||
posting via an official social media account, or acting as an appointed
|
||||
representative at an online or offline event.
|
||||
|
||||
## Enforcement
|
||||
|
||||
Instances of abusive, harassing, or otherwise unacceptable behavior may be
|
||||
reported to the community leaders responsible for enforcement at
|
||||
admin@secure-software-development-project.org.
|
||||
All complaints will be reviewed and investigated promptly and fairly.
|
||||
|
||||
All community leaders are obligated to respect the privacy and security of the
|
||||
reporter of any incident.
|
||||
|
||||
## Enforcement Guidelines
|
||||
|
||||
Community leaders will follow these Community Impact Guidelines in determining
|
||||
the consequences for any action they deem in violation of this Code of Conduct:
|
||||
|
||||
### 1. Correction
|
||||
|
||||
**Community Impact**: Use of inappropriate language or other behavior deemed
|
||||
unprofessional or unwelcome in the community.
|
||||
|
||||
**Consequence**: A private, written warning from community leaders, providing
|
||||
clarity around the nature of the violation and an explanation of why the
|
||||
behavior was inappropriate. A public apology may be requested.
|
||||
|
||||
### 2. Warning
|
||||
|
||||
**Community Impact**: A violation through a single incident or series
|
||||
of actions.
|
||||
|
||||
**Consequence**: A warning with consequences for continued behavior. No
|
||||
interaction with the people involved, including unsolicited interaction with
|
||||
those enforcing the Code of Conduct, for a specified period of time. This
|
||||
includes avoiding interactions in community spaces as well as external channels
|
||||
like social media. Violating these terms may lead to a temporary or
|
||||
permanent ban.
|
||||
|
||||
### 3. Temporary Ban
|
||||
|
||||
**Community Impact**: A serious violation of community standards, including
|
||||
sustained inappropriate behavior.
|
||||
|
||||
**Consequence**: A temporary ban from any sort of interaction or public
|
||||
communication with the community for a specified period of time. No public or
|
||||
private interaction with the people involved, including unsolicited interaction
|
||||
with those enforcing the Code of Conduct, is allowed during this period.
|
||||
Violating these terms may lead to a permanent ban.
|
||||
|
||||
### 4. Permanent Ban
|
||||
|
||||
**Community Impact**: Demonstrating a pattern of violation of community
|
||||
standards, including sustained inappropriate behavior, harassment of an
|
||||
individual, or aggression toward or disparagement of classes of individuals.
|
||||
|
||||
**Consequence**: A permanent ban from any sort of public interaction within
|
||||
the community.
|
||||
|
||||
## Attribution
|
||||
|
||||
This Code of Conduct is adapted from the [Contributor Covenant][homepage],
|
||||
version 2.0, available at
|
||||
https://www.contributor-covenant.org/version/2/0/code_of_conduct.html.
|
||||
|
||||
Community Impact Guidelines were inspired by [Mozilla's code of conduct
|
||||
enforcement ladder](https://github.com/mozilla/diversity).
|
||||
|
||||
[homepage]: https://www.contributor-covenant.org
|
||||
|
||||
For answers to common questions about this code of conduct, see the FAQ at
|
||||
https://www.contributor-covenant.org/faq. Translations are available at
|
||||
https://www.contributor-covenant.org/translations.
|
||||
62
README.md
62
README.md
|
|
@ -1,77 +1,71 @@
|
|||
# Checked C
|
||||
This is the Secure Software Development Project (SSDP) fork of Checked C.
|
||||
The Checked C extension was
|
||||
originally developed at Microsoft from 2016-2021. Microsoft has stopped
|
||||
funding further development of Checked C. We greatly appreciate the support
|
||||
of Microsoft for the project through 2021. We created this fork to continue
|
||||
development of Checked C.
|
||||
|
||||
Checked C adds static and dynamic checking to C to detect or prevent common programming
|
||||
errors such as buffer overruns and out-of-bounds memory accesses.
|
||||
The goal of the project is to improve systems programming by making fundamental improvements to C.
|
||||
The goal of Checked C is to improve systems programming by making fundamental improvements to C.
|
||||
This repo contains
|
||||
sample code, the [extension specification](https://github.com/Microsoft/checkedc/releases),
|
||||
sample code, the SSDP [extension specification](https://github.com/secure-sw-dev/checkedc/releases),
|
||||
and test code.
|
||||
|
||||
- For a quick overview of Checked C, more information, and pointers to example code,
|
||||
see our [Wiki](https://github.com/Microsoft/checkedc/wiki).
|
||||
- The PDF of the specification is available [here](https://github.com/Microsoft/checkedc/releases).
|
||||
- Compilers are available [here](https://github.com/Microsoft/checkedc-clang/releases).
|
||||
- The Checked C clang repo is
|
||||
[here](https://github.com/Microsoft/checkedc-clang).
|
||||
see our [Wiki](https://github.com/secure-sw-dev/checkedc/wiki).
|
||||
- The PDF of the specification is available [here](https://github.com/secure-sw-dev/checkedc/releases).
|
||||
- The Checked C fork of LLVM/clang is
|
||||
[here](https://github.com/secure-sw-dev/checkedc-llvm-project).
|
||||
- The instructions to build and test the Checked C compiler are documented on
|
||||
the [Checked C clang wiki](https://github.com/Microsoft/checkedc-clang/wiki).
|
||||
the [SSDP Checked C clang wiki](https://github.com/secure-sw-dev/checkedc-llvm-project/wiki).
|
||||
|
||||
# Publications and Presentations
|
||||
- We presented a [research paper](https://www.microsoft.com/en-us/research/publication/checkedc-making-c-safe-by-extension/) on
|
||||
Checked C at the [IEEE 2018 Cybersecurity Development Conference](https://secdev.ieee.org/2018/home):
|
||||
- There was a [research paper](https://www.microsoft.com/en-us/research/publication/checkedc-making-c-safe-by-extension/) on
|
||||
Checked C presented at the [IEEE 2018 Cybersecurity Development Conference](https://secdev.ieee.org/2018/home):
|
||||
"Checked C: Making C Safe by Extension". The paper describes the key ideas of Checked C in 8 pages. Note that we have added features to Checked C for improving type safety (and reducing type confusion)
|
||||
since writing the paper. The [Wiki](https://github.com/Microsoft/checkedc/wiki) and [specification](https://github.com/Microsoft/checkedc/releases) provide up-to-date descriptions of Checked C.
|
||||
since writing the paper. The [Wiki](https://github.com/secure-sw-dev/checkedc/wiki) and [specification](https://github.com/secure-sw-dev/checkedc/releases) provide up-to-date descriptions of Checked C.
|
||||
|
||||
- We presented another [paper](https://www.microsoft.com/en-us/research/uploads/prod/2019/05/checkedc-post2019.pdf)
|
||||
- There was another [paper](https://www.microsoft.com/en-us/research/uploads/prod/2019/05/checkedc-post2019.pdf)
|
||||
on Checked C at the [2019 Principles of Security and Trust Conference](http://www.etaps.org/2019/post):
|
||||
"Achieving Safety Incrementally With Checked C".
|
||||
This paper describes a tool for converting existing C code to use Ptr types. It also proves a blame
|
||||
property about checked regions that shows that checked regions are blameless for any memory corruption. This proof is formalized for a core subset of the language extension.
|
||||
|
||||
- We presented a
|
||||
[poster](https://github.com/microsoft/checkedc/blob/master/papers/presentations/llvmdevmeet2019-checkedc_for_memory_safety.pdf)
|
||||
at the [LLVM Dev Meeting
|
||||
- There was a
|
||||
[poster](https://github.com/secure-sw-dev/checkedc/blob/main/papers/presentations/llvmdevmeet2019-checkedc_for_memory_safety.pdf)
|
||||
presented at the [LLVM Dev Meeting
|
||||
2019](https://llvm.org/devmtg/2019-10/talk-abstracts.html#post6): "Overflows Be
|
||||
Gone: Checked C for Memory Safety". The poster provides an introduction to
|
||||
Checked C, outlines the compiler implementation and presents an experimental
|
||||
evaluation of Checked C.
|
||||
|
||||
- We presented a [talk](https://youtu.be/EuxAzvtX9CI)
|
||||
([slides](https://github.com/microsoft/checkedc/blob/master/papers/presentations/llvmdevmeet2020-checkedc_adding_memory_safety_to_llvm.pdf))
|
||||
- Therew was a [talk](https://youtu.be/EuxAzvtX9CI)
|
||||
([slides](https://github.com/secure-sw-dev/checkedc/blob/main/papers/presentations/llvmdevmeet2020-checkedc_adding_memory_safety_to_llvm.pdf))
|
||||
at the [2020 LLVM Virtual Dev
|
||||
Meeting](https://llvm.org/devmtg/2020-09/program): "Checked C: Adding memory
|
||||
safety support to LLVM". The talk describes the design of bounds annotations
|
||||
for checked pointers and array pointers as well as the framework for the static
|
||||
checking of the soundness of bounds. We also briefly describe novel algorithms
|
||||
checking of the soundness of bounds. The talk also briefly describes novel algorithms
|
||||
to automatically widen bounds for null-terminated arrays and for comparison of
|
||||
expressions for equivalence.
|
||||
|
||||
# Build Status
|
||||
|
||||
|Configuration|Testing|Status|
|
||||
|--------|---------------|-------|
|
||||
|Debug X86 Windows| Checked C and clang regression tests||
|
||||
|Debug X64 Windows| Checked C and clang regression tests| |
|
||||
|Debug X64 Linux | Checked C and clang regression tests| |
|
||||
|Release X64 Linux| Checked C, clang, and LLVM nightly tests||
|
||||
Automated testing is not currently available.
|
||||
|
||||
# Participating
|
||||
We're happy to have the help! You can contribute by trying out Checked C,
|
||||
reporting bugs, and giving us feedback. There are other ways to [contribute](CONTRIBUTING.md) too.
|
||||
You can watch the [announcement page](https://github.com/microsoft/checkedc/discussions/categories/announcements)
|
||||
for announcements about the project.
|
||||
|
||||
# Licensing
|
||||
The software in this repository is covered by the MIT license. See the file LICENSE.TXT for the license. The
|
||||
Checked C specification is made available by Microsoft under the [OpenWeb Foundation Final
|
||||
Specification Agreement, version 1.0](http://www.openwebfoundation.org/legal/the-owf-1-0-agreements/owfa-1-0).
|
||||
Contributions of code to the Checked LLVM/clang repos are
|
||||
subject to the [CLANG/LLVM licensing terms](https://github.com/Microsoft/checkedc-clang/blob/master/LICENSE.TXT).
|
||||
Contributions of code to the SSDP Checked LLVM/clang repos are
|
||||
subject to the [LLVM/clang licensing terms](https://github.com/secure-sw-dev/checkedc-llvm-project/blob/main/clang/LICENSE.TXT).
|
||||
|
||||
# Code of conduct
|
||||
|
||||
This project has adopted the
|
||||
[Microsoft Open Source Code of Conduct](https://opensource.microsoft.com/codeofconduct/).
|
||||
For more information see the
|
||||
[Code of Conduct FAQ](https://opensource.microsoft.com/codeofconduct/faq/) or
|
||||
contact [opencode@microsoft.com](mailto:opencode@microsoft.com) with any
|
||||
additional questions or comments.
|
||||
This project has adopted a [Code of Conduct](CODE_OF_CONDUCT.md).
|
||||
Загрузка…
Ссылка в новой задаче