1 package main
2 3 import (
4 "os"
5 "unsafe"
6 )
7 8 // Milestone-2 verification for the secure allocator:
9 //
10 // 1. Allocate a 32-byte guarded region via the `[]byte{:32, secure}`
11 // literal syntax. The mxtext rewriter turns this into a call to
12 // __moxie_secalloc(32), which the SSA lowering pass intercepts and
13 // replaces with a runtime.SecureAlloc call.
14 // 2. Write a recognizable pattern — the "secret".
15 // 3. Print WROTE_SECRET so the test harness can sequence expectations.
16 // 4. Deliberately read one byte past the trailing guard page via pointer
17 // arithmetic. That triggers SIGSEGV.
18 // 5. runtime's signal handler calls into secalloc.c which synchronously
19 // wipes the arena with noise and writes MOXIE_SECALLOC_LOCKDOWN to
20 // stderr, then the process dies with SIGSEGV.
21 //
22 // The harness verifies:
23 // - exit status is SIGSEGV (signalled death, not a clean exit)
24 // - stdout contains WROTE_SECRET
25 // - stderr contains MOXIE_SECALLOC_LOCKDOWN
26 // - stdout/stderr do NOT contain the raw secret pattern anywhere
27 func main() {
28 secret := []byte{:32, secure}
29 30 pattern := []byte("MOXIE_SECRET_PAYLOAD_32_BYTES_AA")
31 copy(secret, pattern)
32 33 os.Stdout.Write([]byte("WROTE_SECRET\n"))
34 35 // Jump 4096 bytes past secret[0]. Secure arenas round the data region
36 // up to a whole page, so the first out-of-bounds offset that is
37 // guaranteed to sit in the trailing PROT_NONE guard page is +pageSize
38 // from the base. The read faults synchronously.
39 ptr := (*byte)(unsafe.Add(unsafe.Pointer(&secret[0]), 4096))
40 sink := *ptr
41 os.Stdout.Write([]byte{sink})
42 43 os.Stdout.Write([]byte("UNREACHABLE\n"))
44 }
45