)]}' { "log": [ { "commit": "d340f8281e5c6b13e009e41fc723f3e1ad96e94f", "tree": "405a213a298b47cd4c1513319e656089ca55f61b", "parents": [ "a9a60d3c6152a2af394775cdf52a2491b45811ee" ], "author": { "name": "Zhao chaoyi", "email": "1251887477@qq.com", "time": "Fri Apr 03 00:03:34 2026 +0800" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Thu Apr 02 09:03:34 2026 -0700" }, "message": "Validate LDDW second-half instruction fields (#764)\n\n* Validate LDDW second-half instruction fields\n\nSigned-off-by: GOD_PPX \u003c1251887477@qq.com\u003e\n\n* Add LDDW second-half validation tests for src, offset, and combinations\n\nExercise each reserved field (dst, src, offset) individually and in\ncombination per RFC 9669, ensuring the validator rejects non-zero values\nin the LDDW pseudo-instruction\u0027s second slot.\n\nNew test cases:\n- invalid-src: src !\u003d 0 only\n- invalid-offset: offset !\u003d 0 only\n- invalid-dst-offset: dst !\u003d 0 + offset !\u003d 0\n- invalid-src-offset: src !\u003d 0 + offset !\u003d 0\n- invalid-all: dst !\u003d 0 + src !\u003d 0 + offset !\u003d 0\n\nCo-Authored-By: Claude Opus 4.6 \u003cnoreply@anthropic.com\u003e\n\n---------\n\nSigned-off-by: GOD_PPX \u003c1251887477@qq.com\u003e\nCo-authored-by: Claude Opus 4.6 \u003cnoreply@anthropic.com\u003e" }, { "commit": "a9a60d3c6152a2af394775cdf52a2491b45811ee", "tree": "34e1a7d9d0c6d15654f96504cab4195742f0fc45", "parents": [ "42729e64e1535ec9d0734b0858399418438deb12" ], "author": { "name": "Alan Jowett", "email": "alanjo@microsoft.com", "time": "Wed Apr 01 14:23:49 2026 -0700" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Wed Apr 01 14:23:49 2026 -0700" }, "message": "Add ISA-verified MIPS64r6 JIT backend specification (#782)\n\n* Add proposed MIPS64r6 JIT backend specification\n\nProposed BPF ISA to MIPS64 Release 6 instruction mapping, following\nthe same template structure as the existing x86-64 and ARM64 specs.\nAll mappings are marked [PROPOSED] — no implementation exists yet.\n\nKey design decisions:\n- Target MIPS64r6 (compact branches, native DDIV/DMOD, no delay slots)\n- N64 ABI with BPF R1-R5 -\u003e \\-\\ (zero-cost helper marshaling)\n- BPF R0 -\u003e \\ (natural return register)\n- BPF R6-R10 -\u003e \\-\\ (callee-saved)\n\nKey challenges identified:\n- 32-bit ALU zero-extension: MIPS64 sign-extends 32-bit results,\n BPF requires zero-extension (needs explicit DINSU or DSLL32+DSRL32)\n- No store-immediate instruction (all ST_IMM need temp register)\n- 16-bit immediate limit (64-bit values need 6-instruction sequences)\n- No PC-relative data access (unlike x86-64 RIP-relative)\n- Constant blinding cost: 13 instructions per blinded 64-bit load\n- Cache coherence: may need synci+sync after mprotect\n\n5 design decisions flagged for implementer resolution.\nAddresses iovisor/ubpf#182.\n\nCo-authored-by: Copilot \u003c223556219+Copilot@users.noreply.github.com\u003e\n\n* Address PR #781 review comments\n\n- Fix static dispatch: remove bogus DSLL \\,\\,3 (always 0),\n use DADDIU for index offset computation\n- Fix dynamic dispatch: OR cannot load immediate, use LI pseudo-op\n- Reconcile §3.6 vs §8.2: clarify that BPF offsets always fit in\n 16-bit MIPS offset; large-offset sequence is for non-BPF data only\n- Fix BC branch range: ±33M instructions / ±128MB (not ±256M)\n- Fix helper table base: document need for dedicated base register\n instead of ambiguous \\ reference\n- Fix prologue: set \\ \u003d \\ after saving (not unused save/restore)\n\nCo-authored-by: Copilot \u003c223556219+Copilot@users.noreply.github.com\u003e\n\n* Regenerate MIPS64r6 JIT spec from formal ISA reference\n\nReplace training-data-based MIPS spec with one verified against\nthe MIPS64 Architecture for Programmers Vol II, Rev 6.06 (MIPS Open).\n\nKey improvements:\n- 63 ISA ref citations (KNOWN: ISA ref) vs 0 in previous version\n- 8 explicit [DESIGN DECISION] markers with rationale\n- 0 [UNKNOWN] placeholders (all details verified)\n- Confirmed: 32-bit ALU sign-extension behavior from ISA ref\n (\u0027the 32-bit result is sign-extended and placed into GPR rt\u0027)\n- Verified all R6-specific instructions (compact branches, native\n DDIV/DMOD, DMUL, SEB/SEH, DSBH/DSHD, LLD/SCD, SYNCI)\n- Added generate-jit-mips64r6-prompt.md workflow for reproducibility\n\nAlso adds the workflow prompt used to generate the spec, enabling\nfuture regeneration with updated ISA references.\n\nCo-authored-by: Copilot \u003c223556219+Copilot@users.noreply.github.com\u003e\n\n* Address PR #782 review comments (7 issues)\n\n1. Add ALU32 immediate variants (ADD32_IMM, OR32_IMM, etc.)\n2. Add 32-bit DIV/MOD sequences with zero-extension and mod-by-zero\n upper-32-clear behavior per RFC 9669\n3. Add JMP32 instruction class with 32-bit compare sequences\n using SLL canonicalization\n4. Replace undefined \\ with dedicated \\ register;\n add \\ to register map, prologue save/restore, and init\n5. Replace LI pseudo-instruction with concrete ORI/LUI+ORI\n sequences in dispatcher call\n6. Add large data_offset handling (LUI+ORI+DADDU fallback)\n for BALC-based PC-relative data access\n7. Fix DSLL32/DSRL32 zero-extension comments for accuracy\n\nCo-authored-by: Copilot \u003c223556219+Copilot@users.noreply.github.com\u003e\n\n* Fix spec filename references in implementation workflow prompts\n\nReplace jit-mips64r6.md with jit-mips.md in all 4 workflow files\nto match the actual spec filename.\n\nCo-authored-by: Copilot \u003c223556219+Copilot@users.noreply.github.com\u003e\n\n* Fix three correctness issues in MIPS64r6 JIT spec\n\n1. Register naming: \\-\\ -\u003e \\-\\ to match n64 ABI aliases\n (n64: \\-\\ are \\-\\, not \\-\\ which is o32 naming)\n\n2. ALU32 UNPREDICTABLE avoidance: use 64-bit ops (DADDU/DSUBU/DMUL)\n instead of 32-bit word ops (ADDU/SUBU/MUL) for ALU32, then\n zero-extend. Avoids MIPS64 restriction that 32-bit word ops are\n UNPREDICTABLE if inputs aren\u0027t sign-extended 32-bit values.\n\n3. \\ preservation: save/restore \\ around every JALR (helper\n call) since JALR clobbers \\ and local function returns depend\n on it via BALC/JR \\.\n\nCo-authored-by: Copilot \u003c223556219+Copilot@users.noreply.github.com\u003e\n\n* Fix four more correctness issues in MIPS64r6 JIT spec\n\n1. Replace residual SUBU/ADDU in ALU32 table (NEG32, MOV32) with\n DSUBU/OR to match the stated 64-bit-ops-with-masking strategy\n2. Define distinct \\ save slots: helper_ra_save (for JALR around\n helper calls) vs ra_slot_offset (for local call frame linkage),\n preventing slot aliasing that would corrupt return addresses\n3. Add \\ save/restore to local call frame: SD \\ before BALC,\n LD \\ before JR, with native stack allocation per call depth\n to support nested local calls\n4. Clarify dispatcher parameter table: \\\u003dindex, \\\u003dcookie\n (was ambiguous with \\/\\ listed together)\n\nCo-authored-by: Copilot \u003c223556219+Copilot@users.noreply.github.com\u003e\n\n* Document SMOD INT_MIN/-1 edge case in MIPS64r6 spec\n\nExpand INT_MIN/-1 overflow handling to cover all 4 cases:\n- SDIV64/SDIV32: INT_MIN / -1 \u003d INT_MIN (uBPF extension)\n- SMOD64/SMOD32: INT_MIN % -1 \u003d 0 (uBPF extension)\n\nAdd concrete MIPS64r6 guard sequences for both SDIV and SMOD,\ncross-referencing REQ-UBPF-ISA-DIV-005.\n\nCo-authored-by: Copilot \u003c223556219+Copilot@users.noreply.github.com\u003e\n\n---------\n\nCo-authored-by: Alan Jowett \u003calan.jowett@microsoft.com\u003e\nCo-authored-by: Copilot \u003c223556219+Copilot@users.noreply.github.com\u003e" }, { "commit": "42729e64e1535ec9d0734b0858399418438deb12", "tree": "30ec08647666dd6903b19321a9930ac9414e8151", "parents": [ "13c3fa7d3dd07e0cdb8a7b77d45625f841d01a36" ], "author": { "name": "Alan Jowett", "email": "alanjo@microsoft.com", "time": "Wed Apr 01 08:20:06 2026 -0700" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Wed Apr 01 08:20:06 2026 -0700" }, "message": "Add JIT backend specifications: BPF ISA -\u003e x86-64 and ARM64 mappings (#779)\n\n* Add JIT backend specifications: BPF ISA → x86-64 and ARM64\n\nExtract complete instruction-level mappings from the existing JIT\ncompiler source code to serve as reference specifications for future\nbackend implementations (RISC-V, MIPS).\n\ndocs/specs/jit-x86-64.md (1039 lines, 43KB):\n - Register mapping for System V and Win64 ABIs\n - All 13 BPF instruction categories → x86-64 sequences\n - Prologue/epilogue for Basic and Extended JIT modes\n - Constant blinding, retpoline, W^X security features\n - Helper dispatch (static table + dynamic dispatcher)\n - Patchable target system and fixup algorithm\n - Platform differences (System V vs Win64)\n\ndocs/specs/jit-arm64.md (1006 lines, 44KB):\n - BPF → ARM64 register mapping (R0→x5, R1-R5→x0-x4)\n - All 13 BPF instruction categories → ARM64 sequences\n - LDXR/STXR atomic operation loops\n - ARM64-specific constraints (immediate encoding, offset\n ranges, branch limits)\n - Constant blinding coverage analysis\n - MOVZ/MOVK sequences for large immediates\n\nBoth documents cite source file:line for every mapping and\ncross-reference REQ-UBPF-ISA-* IDs from isa-reconciliation.md.\n\nCo-authored-by: Copilot \u003c223556219+Copilot@users.noreply.github.com\u003e\n\n* Address PR #779 review comments\n\nx86-64 JIT spec:\n- Fix all 11 cross-reference IDs from numeric format (REQ-UBPF-ISA-005)\n to correct categorical format (REQ-UBPF-ISA-ALU-001, DIV-003, etc.)\n matching isa-reconciliation.md\n\nARM64 JIT spec:\n- Fix atomic pseudocode: address base uses x26 (not x25) to avoid\n aliasing with STXR status register (W25), matching the actual\n implementation logic in ubpf_jit_arm64.c:771-772\n- Strengthen constant blinding discrepancy note: add recommendation\n to update vm/inc/ubpf.h header in a follow-up change\n\nCo-authored-by: Copilot \u003c223556219+Copilot@users.noreply.github.com\u003e\n\n* Fix technical inaccuracies in JIT backend specs\n\nx86-64:\n- R12 note: clarify that R12 IS in platform_nonvolatile_registers\n (saved/restored) but not mapped as a BPF register on System V.\n On Windows it IS mapped to BPF R5.\n- Atomic fetch-ALU: x86-64 does have LOCK XADD for fetch-add,\n but JIT uses CAS loop for ALL fetch variants for uniformity.\n Corrected the explanation.\n\nARM64:\n- ADR resolution: fix encoding description to match implementation.\n resolve_adr() uses (immediate \u0026 0x00ffffff) \u003c\u003c 5, placing 24 bits\n into bits [28:5], not 21 bits as previously stated.\n\nCo-authored-by: Copilot \u003c223556219+Copilot@users.noreply.github.com\u003e\n\n* Fix position-dependent -\u003e position-independent description\n\nThe JIT output is copied from a working buffer to a final mmap\u0027d\nbuffer in ubpf_compile_ex(), so it must be relocatable. RIP-relative\naddressing makes it position-independent within the buffer.\n\nCo-authored-by: Copilot \u003c223556219+Copilot@users.noreply.github.com\u003e\n\n---------\n\nCo-authored-by: Alan Jowett \u003calan.jowett@microsoft.com\u003e\nCo-authored-by: Copilot \u003c223556219+Copilot@users.noreply.github.com\u003e" }, { "commit": "13c3fa7d3dd07e0cdb8a7b77d45625f841d01a36", "tree": "df052880109acd391a64b50f9d51ce0e47ec7f44", "parents": [ "f573175525e8847d535016520119e304cf79018e" ], "author": { "name": "Will Hawkins", "email": "whh8b@obs.cr", "time": "Wed Apr 01 11:15:08 2026 -0400" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Wed Apr 01 08:15:08 2026 -0700" }, "message": "WIP: Validate That NEG(64) Ops Have K Clear (#780)\n\nSigned-off-by: Will Hawkins \u003chawkinsw@obs.cr\u003e" }, { "commit": "f573175525e8847d535016520119e304cf79018e", "tree": "825fa02786aa2374f886254e09c42b0b2d494caf", "parents": [ "94af58b947e264980c7d5f06917e16afeb7f32c4" ], "author": { "name": "Alan Jowett", "email": "alanjo@microsoft.com", "time": "Tue Mar 31 19:56:56 2026 -0700" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Tue Mar 31 19:56:56 2026 -0700" }, "message": "Add ISA reconciliation report and workflow (#778)\n\nAdd reconciliation of uBPF ISA behavior against RFC 9669 (BPF ISA):\n\ndocs/specs/isa-reconciliation.md:\n 47 unified requirements (REQ-UBPF-ISA-*) across 12 categories\n comparing uBPF implementation against RFC 9669.\n\n Compatibility: 61.7% UNIVERSAL, 70.2% including MAJORITY.\n\n 6 DIVERGENT areas identified:\n - LDDW src_reg subtypes 1-6 (maps/variables) not supported\n - BTF calls (src_reg\u003d2) not supported\n - NEG instruction accepts any src field (RFC requires source\u003dK)\n - Legacy packet access not implemented (RFC deprecates)\n - Big-endian register encoding not supported\n - Conformance groups not formally declared\n\n 7 interoperability risks documented with mitigations.\n\nworkflows/reconcile-isa-requirements.md:\n LLM workflow for reconciling requirements across multiple source\n documents into a unified specification with compatibility\n classification (UNIVERSAL/MAJORITY/DIVERGENT/EXTENSION).\n\nCo-authored-by: Alan Jowett \u003calan.jowett@microsoft.com\u003e\nCo-authored-by: Copilot \u003c223556219+Copilot@users.noreply.github.com\u003e" }, { "commit": "94af58b947e264980c7d5f06917e16afeb7f32c4", "tree": "7978bf6c8a130853b36fb489061fc19855d369f0", "parents": [ "0308e84008fb1a758080a7d5f01a7a6b62e65f17" ], "author": { "name": "Alan Jowett", "email": "alanjo@microsoft.com", "time": "Tue Mar 31 19:22:35 2026 -0700" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Tue Mar 31 19:22:35 2026 -0700" }, "message": "Add specification baseline and workflow documentation (#777)\n\n* Add specification baseline and workflow documentation\n\nBootstrap the uBPF project with formal specification documents extracted\nfrom source code analysis:\n\nSpecification Documents (docs/specs/):\n- requirements.md: 86 formal requirements across 12 categories\n (LIFE, LOAD, EXEC, JIT, ELF, ISA, SEC, EXT, CFG, PLAT, ERR, CONST)\n with REQ-IDs, RFC 2119 keywords, acceptance criteria, confidence tags,\n and source code citations.\n- design.md: Architecture and detailed design specification covering\n component structure, data flows, security threat model, tradeoff\n analysis, and open questions.\n- validation.md: Validation plan with requirements traceability matrix\n mapping all 86 REQ-IDs to test cases, coverage gap analysis, and\n risk-based test prioritization.\n- audit-report.md: Adversarial consistency audit report with 19\n findings across 7 defect classifications (D1-D7), root cause\n analysis, and remediation plan.\n\nWorkflow Documentation (workflows/):\n- bootstrap-specs.md: LLM workflow for extracting specs from code\n- evolve-specs.md: LLM workflow for evolving specs with new features\n- maintain-specs.md: LLM workflow for auditing spec/code/test drift\n- README.md: Overview of the three workflow types\n\nKey decisions:\n- Requirements document is the canonical REQ-ID registry\n- UBPF_MAX_INSTS boundary: 65535 max valid (num_insts is uint16_t)\n- All cross-document REQ-ID references verified and aligned\n- Coverage gaps documented for future work (UB detection tests,\n instruction limit tests, thread safety model)\n\nCo-authored-by: Copilot \u003c223556219+Copilot@users.noreply.github.com\u003e\n\n* Address PR review comments\n\n- Fix remaining REQ-ID misalignments in validation.md traceability\n tables (LIFE, LOAD, EXEC sections now match canonical requirements.md)\n- Update audit-report.md: mark F-001/F-002 as resolved, update verdict\n from REVISE to PASS, add revision history entry\n- Fix dispatcher signature in requirements.md: spell out all parameters\n instead of using non-C syntax (uint64_t x 5)\n- Remove hardcoded Windows path (F:\\ubpf) from bootstrap-specs.md,\n replace with portable \u003crepo-root\u003e placeholder\n- Fix duplicate section numbering (### 7) in all three workflow files\n (bootstrap-specs.md, evolve-specs.md, maintain-specs.md)\n\nCo-authored-by: Copilot \u003c223556219+Copilot@users.noreply.github.com\u003e\n\n* Address second round of PR review comments\n\n- Fix requirements.md date to 2026-03-31 (consistent with other docs)\n- Fix REQ-EXT-001: document implicit 6th void* context parameter\n- Fix REQ-CFG-004: correct API signatures (no num_regs param), document\n DEBUG vs non-DEBUG build behavior per source code\n- Fix validation.md traceability matrix:\n - Deduplicate REQ-JIT-002 rows (merge Basic/Extended into one row)\n - Consolidate REQ-SEC-003 (shadow stack/registers into UB detection)\n - Move REQ-SEC-009 from Extensibility to Security section\n - Add missing REQ-IDs: REQ-SEC-002, REQ-JIT-008, REQ-JIT-011,\n REQ-ELF-002, REQ-EXT-002, REQ-ISA-004/006/012\n - Fix REQ-LOAD-005 coverage from High to Medium (toggle only)\n - Ensure every REQ-ID appears exactly once in matrix\n\nCo-authored-by: Copilot \u003c223556219+Copilot@users.noreply.github.com\u003e\n\n* Address third round of PR review comments\n\n- Fix REQ-PLAT-004 duplication: split into REQ-PLAT-004 (x86-64 JIT),\n REQ-PLAT-005 (crypto RNG), REQ-PLAT-006 (platform atomics)\n- Add missing TC definitions in section 5: TC-EXEC-009 (instruction\n limit), TC-EXEC-010 (debug callback), TC-JIT-012 (inst limit\n non-applicability), TC-JIT-013 (post-compile helper update),\n TC-SEC-005/006/007/010 (pointer secret, retpolines, W^X, toggle)\n- Fix requirements.md revision history date to 2026-03-31\n- Fix audit-report.md documents-examined table date\n- Update audit-report.md open questions: mark OQ-A1 through OQ-A4\n as resolved, OQ-A5 as deferred\n\nCo-authored-by: Copilot \u003c223556219+Copilot@users.noreply.github.com\u003e\n\n* Address fourth round of PR review comments\n\n- Mark F-001 as resolved and remove stale misalignment evidence table\n- Mark F-017 as resolved (all document dates now 2026-03-31)\n- Mark F-018 as resolved (REQ-LOAD-011 now correctly mapped in validation)\n- Fix REQ-LOAD-006 source citation: point to implementation in\n vm/ubpf_vm.c:2266-2290 (not just declarations in ubpf_int.h)\n\nCo-authored-by: Copilot \u003c223556219+Copilot@users.noreply.github.com\u003e\n\n* Address fifth round of PR review comments\n\n- Fix XOR encoding description: instructions are XOR\u0027d with both\n (uint64_t)vm-\u003einsts (base address) AND vm-\u003epointer_secret, not\n just the secret alone (requirements.md REQ-LOAD-006, design.md 4.4)\n- Mark F-003 and F-004 as resolved in audit-report.md (cross-refs\n and TC mappings have been corrected in earlier commits)\n\nCo-authored-by: Copilot \u003c223556219+Copilot@users.noreply.github.com\u003e\n\n* Address sixth round of PR review comments\n\n- Add missing TC definitions: TC-SEC-002 (UB detection), TC-SEC-008\n (shadow stack), TC-SEC-009 (shadow registers), TC-EXT-005 (custom\n bounds check callback)\n- Fix REQ-SEC-006 AC-1: remove [ASSUMPTION] tag, pointer_secret\n rejection after load is explicit (returns -1 if vm-\u003einsts set)\n- Fix REQ-ISA-002 AC-1: remove [ASSUMPTION] tag, R10 immutability\n enforced by instruction validation (destination_upper_bound\u003dBPF_REG_9)\n- Update F-005 in audit-report.md: mark partially resolved (TC-SEC-010\n now exists in validation plan)\n\nCo-authored-by: Copilot \u003c223556219+Copilot@users.noreply.github.com\u003e\n\n* Comprehensive local review: fix all remaining issues\n\nAudit report fixes:\n- Fix executive summary: 17 -\u003e 18 further findings (19 total)\n- Add explicit Status lines (Open/Resolved) to all 19 findings\n- Fix stale revision history date (2025-07-18 -\u003e 2026-03-31)\n- Replace REQ-X-001 placeholder with REQ-CATEGORY-001\n- Clarify partial resolution of F-005 in executive summary\n\nValidation plan fixes:\n- Add 63 missing TC definitions in section 5 to match all TC-IDs\n referenced in section 4 traceability matrices (96/96 now defined)\n- New subsections: TC-LOAD (10), TC-ELF (8), TC-ISA (15), TC-CFG (4),\n TC-PLAT (6), TC-ERR (3), TC-CONST (1)\n- Added to existing subsections: TC-EXEC (3), TC-JIT (8), TC-EXT (5)\n\nCo-authored-by: Copilot \u003c223556219+Copilot@users.noreply.github.com\u003e\n\n* Fix remaining issues from local comprehensive review\n\nRequirements fixes:\n- REQ-SEC-004 AC-3: remove [ASSUMPTION], cite ARM64 blinding count\n (3 sites vs 16 on x86-64 per source analysis)\n- REQ-PLAT-005: fix source citation to implementation file\n (ubpf_jit_support.c:173-210, not just header declaration)\n\nAudit report fixes:\n- Update F-006, F-007, F-008: reflect that validation entries now\n exist (TC-EXT-005, TC-EXT-008, TC-PLAT-007/008) but tests remain\n gaps\n- Mark F-011 resolved (helper signature discrepancy fixed in\n requirements - now documents implicit 6th param)\n- Mark F-012 resolved (TC-SEC-008/009 correctly trace to REQ-SEC-003)\n\nCo-authored-by: Copilot \u003c223556219+Copilot@users.noreply.github.com\u003e\n\n* Fix source citations, audit statuses, and test path\n\n- REQ-LOAD-008: fix source citation to ubpf_vm.c:2332-2348 (actual\n stack alignment check), not lines 258-261 (UBPF_EBPF_STACK_SIZE)\n- REQ-SEC-004 AC-3: remove specific counts, use qualitative comparison\n- F-011: fix status Open -\u003e Resolved (matches body text)\n- F-012: fix status Open -\u003e Resolved, restore description\n- TC-EXT-003: fix test path tests/helpers/ -\u003e tests/extensions/\n\nCo-authored-by: Copilot \u003c223556219+Copilot@users.noreply.github.com\u003e\n\n* Exhaustive local review: fix source citations, paths, and statuses\n\nrequirements.md (5 fixes):\n- REQ-ISA-006: add missing EBPF_OP_LE line reference\n- REQ-PLAT-001/002: fix swapped MSVC/GCC atomics citations\n- REQ-PLAT-005: remove incorrect [ASSUMPTION] on rand() fallback,\n fix ubpf_generate_blinding_constant line range\n- REQ-LOAD-006: fix XOR function line range\n\nvalidation.md (4 fixes):\n- Remove nonexistent tests/lddw.data reference (conformance suite)\n- Fix LDDW test path to external/bpf_conformance/tests/lddw.data\n- Replace non-ASCII multiplication sign with ASCII\n- Fix custom test filename reference\n\naudit-report.md (2 fixes):\n- F-017: status Open -\u003e Resolved (matches body)\n- F-018: status Open -\u003e Resolved (matches body)\n\ndesign.md (4 fixes):\n- Fix struct ubpf_vm line range citation\n- Fix interpreter execution line range\n- Fix constant blinding line range\n- Fix formatting typo\n\nCo-authored-by: Copilot \u003c223556219+Copilot@users.noreply.github.com\u003e\n\n* Fix remaining review items from paginated threads\n\n- REQ-SEC-005 coverage: High -\u003e Medium in security traceability table\n (readonly_bytecode test only toggles mode, doesn\u0027t verify pages)\n- Design architecture diagram: fix split filename rendering for\n ubpf_instruction_valid.c\n\nCo-authored-by: Copilot \u003c223556219+Copilot@users.noreply.github.com\u003e\n\n---------\n\nCo-authored-by: Alan Jowett \u003calan.jowett@microsoft.com\u003e\nCo-authored-by: Copilot \u003c223556219+Copilot@users.noreply.github.com\u003e" }, { "commit": "0308e84008fb1a758080a7d5f01a7a6b62e65f17", "tree": "88b080453ab14d0228cc6a2adcfd4c095f73d0ff", "parents": [ "8f598f76b9aba63c2c7d7d8966eb44f1cd403e17" ], "author": { "name": "dependabot[bot]", "email": "49699333+dependabot[bot]@users.noreply.github.com", "time": "Mon Mar 30 18:32:35 2026 -0700" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Mon Mar 30 18:32:35 2026 -0700" }, "message": "build(deps): bump the actions group with 3 updates (#776)\n\nBumps the actions group with 3 updates: [step-security/harden-runner](https://github.com/step-security/harden-runner), [actions/cache](https://github.com/actions/cache) and [github/codeql-action](https://github.com/github/codeql-action).\n\n\nUpdates `step-security/harden-runner` from 2.15.1 to 2.16.0\n- [Release notes](https://github.com/step-security/harden-runner/releases)\n- [Commits](https://github.com/step-security/harden-runner/compare/58077d3c7e43986b6b15fba718e8ea69e387dfcc...fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594)\n\nUpdates `actions/cache` from 5.0.3 to 5.0.4\n- [Release notes](https://github.com/actions/cache/releases)\n- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)\n- [Commits](https://github.com/actions/cache/compare/cdf6c1fa76f9f475f3d7449005a359c84ca0f306...668228422ae6a00e4ad889ee87cd7109ec5666a7)\n\nUpdates `github/codeql-action` from 4.32.6 to 4.34.1\n- [Release notes](https://github.com/github/codeql-action/releases)\n- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)\n- [Commits](https://github.com/github/codeql-action/compare/0d579ffd059c29b07949a3cce3983f0780820c98...38697555549f1db7851b81482ff19f1fa5c4fedc)\n\n---\nupdated-dependencies:\n- dependency-name: step-security/harden-runner\n dependency-version: 2.16.0\n dependency-type: direct:production\n update-type: version-update:semver-minor\n dependency-group: actions\n- dependency-name: actions/cache\n dependency-version: 5.0.4\n dependency-type: direct:production\n update-type: version-update:semver-patch\n dependency-group: actions\n- dependency-name: github/codeql-action\n dependency-version: 4.34.1\n dependency-type: direct:production\n update-type: version-update:semver-minor\n dependency-group: actions\n...\n\nSigned-off-by: dependabot[bot] \u003csupport@github.com\u003e\nCo-authored-by: dependabot[bot] \u003c49699333+dependabot[bot]@users.noreply.github.com\u003e" }, { "commit": "8f598f76b9aba63c2c7d7d8966eb44f1cd403e17", "tree": "b6d87cb88409d99526ca76c7d3b6f67661b63560", "parents": [ "96a348c0bbd2cf1370abf3d5c5eeab0d3fb6d0cc" ], "author": { "name": "dependabot[bot]", "email": "49699333+dependabot[bot]@users.noreply.github.com", "time": "Tue Mar 17 12:41:38 2026 -0700" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Tue Mar 17 12:41:38 2026 -0700" }, "message": "build(deps): bump the actions group across 1 directory with 4 updates (#773)\n\nBumps the actions group with 4 updates in the / directory: [step-security/harden-runner](https://github.com/step-security/harden-runner), [actions/dependency-review-action](https://github.com/actions/dependency-review-action), [actions/download-artifact](https://github.com/actions/download-artifact) and [github/codeql-action](https://github.com/github/codeql-action).\n\n\nUpdates `step-security/harden-runner` from 2.15.0 to 2.15.1\n- [Release notes](https://github.com/step-security/harden-runner/releases)\n- [Commits](https://github.com/step-security/harden-runner/compare/a90bcbc6539c36a85cdfeb73f7e2f433735f215b...58077d3c7e43986b6b15fba718e8ea69e387dfcc)\n\nUpdates `actions/dependency-review-action` from 4.8.3 to 4.9.0\n- [Release notes](https://github.com/actions/dependency-review-action/releases)\n- [Commits](https://github.com/actions/dependency-review-action/compare/05fe4576374b728f0c523d6a13d64c25081e0803...2031cfc080254a8a887f58cffee85186f0e49e48)\n\nUpdates `actions/download-artifact` from 8.0.0 to 8.0.1\n- [Release notes](https://github.com/actions/download-artifact/releases)\n- [Commits](https://github.com/actions/download-artifact/compare/70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3...3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c)\n\nUpdates `github/codeql-action` from 4.32.4 to 4.32.6\n- [Release notes](https://github.com/github/codeql-action/releases)\n- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)\n- [Commits](https://github.com/github/codeql-action/compare/89a39a4e59826350b863aa6b6252a07ad50cf83e...0d579ffd059c29b07949a3cce3983f0780820c98)\n\n---\nupdated-dependencies:\n- dependency-name: step-security/harden-runner\n dependency-version: 2.15.1\n dependency-type: direct:production\n update-type: version-update:semver-patch\n dependency-group: actions\n- dependency-name: actions/dependency-review-action\n dependency-version: 4.9.0\n dependency-type: direct:production\n update-type: version-update:semver-minor\n dependency-group: actions\n- dependency-name: actions/download-artifact\n dependency-version: 8.0.1\n dependency-type: direct:production\n update-type: version-update:semver-patch\n dependency-group: actions\n- dependency-name: github/codeql-action\n dependency-version: 4.32.6\n dependency-type: direct:production\n update-type: version-update:semver-patch\n dependency-group: actions\n...\n\nSigned-off-by: dependabot[bot] \u003csupport@github.com\u003e\nCo-authored-by: dependabot[bot] \u003c49699333+dependabot[bot]@users.noreply.github.com\u003e" }, { "commit": "96a348c0bbd2cf1370abf3d5c5eeab0d3fb6d0cc", "tree": "f3911c39b9b34d8ac54ac48acf6b31f305a24a9e", "parents": [ "0b5028e801251b417c9002bf51b6e6027bcbc3c3" ], "author": { "name": "Will Hawkins", "email": "whh8b@obs.cr", "time": "Tue Mar 10 12:01:13 2026 -0400" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Tue Mar 10 09:01:13 2026 -0700" }, "message": "Only Link libFuzzer\u0027s Main on ubpf_fuzzer Target (#772)\n\nUnless we are building the target that will do the fuzzing, do not link\nthe libFuzzer library that has a main. Linking with the libFuzzer\nlibrary with main causes linker errors for other targets (e.g.,\ntesting).\n\nSigned-off-by: Will Hawkins \u003chawkinsw@obs.cr\u003e" }, { "commit": "0b5028e801251b417c9002bf51b6e6027bcbc3c3", "tree": "435a8ff277e0d18dc99f6d49459ba6f36f8a6b45", "parents": [ "026ec21a72ead09b2c319b681e817c6856900907" ], "author": { "name": "Copilot", "email": "198982749+Copilot@users.noreply.github.com", "time": "Tue Mar 03 16:37:23 2026 -0800" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Tue Mar 03 16:37:23 2026 -0800" }, "message": "Add timeout to prevent verifier hang on malformed programs (#763)\n\n* Add timeout mechanism to prevent verifier infinite loops\n\nAdd a 5-second timeout around prevail::analyze() to prevent the fuzzer\nfrom hanging on malformed BPF programs that cause the verifier to enter\ninfinite loops (e.g., nested loops which are a known limitation of prevail).\n\nThe timeout uses a separate thread with std::future::wait_for() to detect\nwhen verification takes too long. If the timeout is reached, the verification\nthread is detached and the function returns false (verification failed).\n\nThis fix addresses CI failures where the fuzzer would timeout after 60+\nseconds on programs that trigger verifier infinite loops.\n\nCo-authored-by: Alan-Jowett \u003c20480683+Alan-Jowett@users.noreply.github.com\u003e\n\n* Update documentation with implementation notes\n\nCo-authored-by: Alan-Jowett \u003c20480683+Alan-Jowett@users.noreply.github.com\u003e\n\n* Revert \"Update documentation with implementation notes\"\n\nThis reverts commit e1c27a141df89e117cf70058302a1d4a4d4e055f.\n\n* Move verification state to heap to fix use-after-free on timeout\n\nAddress review feedback:\n- Move all shared state (program, result, promise, completion flag) to\n heap-allocated shared_ptrs so detached thread cannot access destroyed\n stack locals on timeout.\n- Add safe_set_value wrapper to guard against set_value throwing when\n promise is already satisfied or has no state.\n\nCo-authored-by: Copilot \u003c223556219+Copilot@users.noreply.github.com\u003e\n\n---------\n\nCo-authored-by: copilot-swe-agent[bot] \u003c198982749+Copilot@users.noreply.github.com\u003e\nCo-authored-by: Alan-Jowett \u003c20480683+Alan-Jowett@users.noreply.github.com\u003e\nCo-authored-by: Alan Jowett \u003calanjo@microsoft.com\u003e\nCo-authored-by: Copilot \u003c223556219+Copilot@users.noreply.github.com\u003e" }, { "commit": "026ec21a72ead09b2c319b681e817c6856900907", "tree": "f299ef8deb0fc7645011a1e0f804ea3d3192a410", "parents": [ "7110fda0cc2f5635c73914933ffc0c69b104db41" ], "author": { "name": "dependabot[bot]", "email": "49699333+dependabot[bot]@users.noreply.github.com", "time": "Tue Mar 03 14:34:34 2026 -0800" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Tue Mar 03 14:34:34 2026 -0800" }, "message": "build(deps): bump the actions group across 1 directory with 5 updates (#769)\n\nBumps the actions group with 5 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [step-security/harden-runner](https://github.com/step-security/harden-runner) | `2.14.2` | `2.15.0` |\n| [actions/dependency-review-action](https://github.com/actions/dependency-review-action) | `4.8.2` | `4.8.3` |\n| [actions/upload-artifact](https://github.com/actions/upload-artifact) | `6.0.0` | `7.0.0` |\n| [actions/download-artifact](https://github.com/actions/download-artifact) | `7.0.0` | `8.0.0` |\n| [github/codeql-action](https://github.com/github/codeql-action) | `4.32.2` | `4.32.4` |\n\n\n\nUpdates `step-security/harden-runner` from 2.14.2 to 2.15.0\n- [Release notes](https://github.com/step-security/harden-runner/releases)\n- [Commits](https://github.com/step-security/harden-runner/compare/5ef0c079ce82195b2a36a210272d6b661572d83e...a90bcbc6539c36a85cdfeb73f7e2f433735f215b)\n\nUpdates `actions/dependency-review-action` from 4.8.2 to 4.8.3\n- [Release notes](https://github.com/actions/dependency-review-action/releases)\n- [Commits](https://github.com/actions/dependency-review-action/compare/3c4e3dcb1aa7874d2c16be7d79418e9b7efd6261...05fe4576374b728f0c523d6a13d64c25081e0803)\n\nUpdates `actions/upload-artifact` from 6.0.0 to 7.0.0\n- [Release notes](https://github.com/actions/upload-artifact/releases)\n- [Commits](https://github.com/actions/upload-artifact/compare/b7c566a772e6b6bfb58ed0dc250532a479d7789f...bbbca2ddaa5d8feaa63e36b76fdaad77386f024f)\n\nUpdates `actions/download-artifact` from 7.0.0 to 8.0.0\n- [Release notes](https://github.com/actions/download-artifact/releases)\n- [Commits](https://github.com/actions/download-artifact/compare/37930b1c2abaa49bbe596cd826c3c89aef350131...70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3)\n\nUpdates `github/codeql-action` from 4.32.2 to 4.32.4\n- [Release notes](https://github.com/github/codeql-action/releases)\n- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)\n- [Commits](https://github.com/github/codeql-action/compare/45cbd0c69e560cd9e7cd7f8c32362050c9b7ded2...89a39a4e59826350b863aa6b6252a07ad50cf83e)\n\n---\nupdated-dependencies:\n- dependency-name: step-security/harden-runner\n dependency-version: 2.15.0\n dependency-type: direct:production\n update-type: version-update:semver-minor\n dependency-group: actions\n- dependency-name: actions/dependency-review-action\n dependency-version: 4.8.3\n dependency-type: direct:production\n update-type: version-update:semver-patch\n dependency-group: actions\n- dependency-name: actions/upload-artifact\n dependency-version: 7.0.0\n dependency-type: direct:production\n update-type: version-update:semver-major\n dependency-group: actions\n- dependency-name: actions/download-artifact\n dependency-version: 8.0.0\n dependency-type: direct:production\n update-type: version-update:semver-major\n dependency-group: actions\n- dependency-name: github/codeql-action\n dependency-version: 4.32.4\n dependency-type: direct:production\n update-type: version-update:semver-patch\n dependency-group: actions\n...\n\nSigned-off-by: dependabot[bot] \u003csupport@github.com\u003e\nCo-authored-by: dependabot[bot] \u003c49699333+dependabot[bot]@users.noreply.github.com\u003e" }, { "commit": "7110fda0cc2f5635c73914933ffc0c69b104db41", "tree": "30a6d09b210711dea9001dd77ed9f1e49d083e8a", "parents": [ "2749995cc90d65b720787ae33341a439885625e4" ], "author": { "name": "dependabot[bot]", "email": "49699333+dependabot[bot]@users.noreply.github.com", "time": "Tue Mar 03 14:34:16 2026 -0800" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Tue Mar 03 14:34:16 2026 -0800" }, "message": "build(deps): bump the actions group with 2 updates (#765)\n\nBumps the actions group with 2 updates: [external/bpf_conformance](https://github.com/Alan-Jowett/bpf_conformance) and [external/ebpf-verifier](https://github.com/vbpf/prevail).\n\n\nUpdates `external/bpf_conformance` from `eef2cfc` to `4334864`\n- [Release notes](https://github.com/Alan-Jowett/bpf_conformance/releases)\n- [Commits](https://github.com/Alan-Jowett/bpf_conformance/compare/eef2cfc9b787281ac09ee041a1d529c25071f0d0...43348644c4b4701f976da1d1dcee53176d61b7b3)\n\nUpdates `external/ebpf-verifier` from `665a412` to `429d09d`\n- [Release notes](https://github.com/vbpf/prevail/releases)\n- [Commits](https://github.com/vbpf/prevail/compare/665a412af9608a7e65c757fd4bc915b22d716aae...429d09d0bba8b36ee0fb5591eaf19de5cb9919aa)\n\n---\nupdated-dependencies:\n- dependency-name: external/bpf_conformance\n dependency-version: 43348644c4b4701f976da1d1dcee53176d61b7b3\n dependency-type: direct:production\n dependency-group: actions\n- dependency-name: external/ebpf-verifier\n dependency-version: 429d09d0bba8b36ee0fb5591eaf19de5cb9919aa\n dependency-type: direct:production\n dependency-group: actions\n...\n\nSigned-off-by: dependabot[bot] \u003csupport@github.com\u003e\nCo-authored-by: dependabot[bot] \u003c49699333+dependabot[bot]@users.noreply.github.com\u003e" }, { "commit": "2749995cc90d65b720787ae33341a439885625e4", "tree": "bf22ceea79cf623f6b643e673bfe934c09ff21d7", "parents": [ "44888ceec2ecbdc9f0507190ae3bde160911fe4a" ], "author": { "name": "Copilot", "email": "198982749+Copilot@users.noreply.github.com", "time": "Mon Feb 09 14:21:50 2026 -0800" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Mon Feb 09 14:21:50 2026 -0800" }, "message": "Implement MOVSX instruction support for CPU v4 (RFC 9669) (#760)\n\n* Implement MOVSX support for validation, interpreter and JIT\n\nCo-authored-by: Alan-Jowett \u003c20480683+Alan-Jowett@users.noreply.github.com\u003e\n\n* Fix x86_64 JIT MOVSX - force REX prefix for byte register access\n\nCo-authored-by: Alan-Jowett \u003c20480683+Alan-Jowett@users.noreply.github.com\u003e\n\n* Format code with clang-format\n\nCo-authored-by: Alan-Jowett \u003c20480683+Alan-Jowett@users.noreply.github.com\u003e\n\n* Revert \"Format code with clang-format\"\n\nThis reverts commit 0f55b0593233aeaf6c155ce4ee916fc6448a6d67.\n\n* Add CPU version v4 flag for MOVSX and RFC9669 conformance tests\n\nConfigure cmake/ctest to automatically run MOVSX and RFC9669 tests\nwith --cpu_version v4 flag. This ensures these v4 instruction tests\nrun with the correct CPU version instead of being skipped.\n\nTests affected:\n- All movsx* tests (movsx832-reg, movsx1632-reg, movsx864-reg,\n movsx1664-reg, movsx3264-reg, rfc9669_movsx)\n- All rfc9669_* conformance tests (88 tests total)\n\nCo-authored-by: Alan-Jowett \u003c20480683+Alan-Jowett@users.noreply.github.com\u003e\n\n* Fix type conversion portability in MOVSX interpreter\n\nAdd intermediate unsigned casts to make sign-extension behavior\nwell-defined across all platforms. Converting uint64_t directly to\nint8_t/int16_t/int32_t is implementation-defined when the value\ndoesn\u0027t fit. Cast through uint8_t/uint16_t/uint32_t first to ensure\nportable truncation before sign extension.\n\nCo-authored-by: Alan-Jowett \u003c20480683+Alan-Jowett@users.noreply.github.com\u003e\n\n---------\n\nCo-authored-by: copilot-swe-agent[bot] \u003c198982749+Copilot@users.noreply.github.com\u003e\nCo-authored-by: Alan-Jowett \u003c20480683+Alan-Jowett@users.noreply.github.com\u003e" }, { "commit": "44888ceec2ecbdc9f0507190ae3bde160911fe4a", "tree": "e920c66447055386155a2492cfb6e35a59f8c74e", "parents": [ "82f44fcfdc7a35c8b6d36d3f480318e861207cee" ], "author": { "name": "dependabot[bot]", "email": "49699333+dependabot[bot]@users.noreply.github.com", "time": "Mon Feb 09 11:19:48 2026 -0800" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Mon Feb 09 11:19:48 2026 -0800" }, "message": "build(deps): bump external/bpf_conformance (#761)\n\nBumps the actions group with 1 update in the / directory: [external/bpf_conformance](https://github.com/Alan-Jowett/bpf_conformance).\n\n\nUpdates `external/bpf_conformance` from `e208f52` to `eef2cfc`\n- [Release notes](https://github.com/Alan-Jowett/bpf_conformance/releases)\n- [Commits](https://github.com/Alan-Jowett/bpf_conformance/compare/e208f525a428f3da5c5f04d721a18491ecb4e597...eef2cfc9b787281ac09ee041a1d529c25071f0d0)\n\n---\nupdated-dependencies:\n- dependency-name: external/bpf_conformance\n dependency-version: eef2cfc9b787281ac09ee041a1d529c25071f0d0\n dependency-type: direct:production\n dependency-group: actions\n...\n\nSigned-off-by: dependabot[bot] \u003csupport@github.com\u003e\nCo-authored-by: dependabot[bot] \u003c49699333+dependabot[bot]@users.noreply.github.com\u003e" }, { "commit": "82f44fcfdc7a35c8b6d36d3f480318e861207cee", "tree": "ce436fc44593febe1f53940efcd4b75136595f72", "parents": [ "4e3b98e95eea9c791daa501a85c7149e284edb31" ], "author": { "name": "Alan Jowett", "email": "alanjo@microsoft.com", "time": "Mon Feb 09 10:13:16 2026 -0800" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Mon Feb 09 10:13:16 2026 -0800" }, "message": "Switch to mainline prevail (#759)\n\nSigned-off-by: Alan Jowett \u003calan.jowett@microsoft.com\u003e\nCo-authored-by: Alan Jowett \u003calan.jowett@microsoft.com\u003e" }, { "commit": "4e3b98e95eea9c791daa501a85c7149e284edb31", "tree": "320a1355bf9925db30ab9c739cd79f28934311df", "parents": [ "3737bbf3c14fb0ca5d061b548a99bdb16e221a1c" ], "author": { "name": "dependabot[bot]", "email": "49699333+dependabot[bot]@users.noreply.github.com", "time": "Sat Feb 07 16:36:38 2026 -0800" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Sat Feb 07 16:36:38 2026 -0800" }, "message": "build(deps): bump the actions group with 2 updates (#756)\n\nBumps the actions group with 2 updates: [step-security/harden-runner](https://github.com/step-security/harden-runner) and [github/codeql-action](https://github.com/github/codeql-action).\n\n\nUpdates `step-security/harden-runner` from 2.14.1 to 2.14.2\n- [Release notes](https://github.com/step-security/harden-runner/releases)\n- [Commits](https://github.com/step-security/harden-runner/compare/e3f713f2d8f53843e71c69a996d56f51aa9adfb9...5ef0c079ce82195b2a36a210272d6b661572d83e)\n\nUpdates `github/codeql-action` from 4.32.0 to 4.32.2\n- [Release notes](https://github.com/github/codeql-action/releases)\n- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)\n- [Commits](https://github.com/github/codeql-action/compare/b20883b0cd1f46c72ae0ba6d1090936928f9fa30...45cbd0c69e560cd9e7cd7f8c32362050c9b7ded2)\n\n---\nupdated-dependencies:\n- dependency-name: step-security/harden-runner\n dependency-version: 2.14.2\n dependency-type: direct:production\n update-type: version-update:semver-patch\n dependency-group: actions\n- dependency-name: github/codeql-action\n dependency-version: 4.32.2\n dependency-type: direct:production\n update-type: version-update:semver-patch\n dependency-group: actions\n...\n\nSigned-off-by: dependabot[bot] \u003csupport@github.com\u003e\nCo-authored-by: dependabot[bot] \u003c49699333+dependabot[bot]@users.noreply.github.com\u003e" }, { "commit": "3737bbf3c14fb0ca5d061b548a99bdb16e221a1c", "tree": "3d60afbf853bd418b826263eb7b86db8a3235484", "parents": [ "d8af62f3a5f720d74a1d84ce6b94b86fb7c7cb10" ], "author": { "name": "Alan Jowett", "email": "alanjo@microsoft.com", "time": "Thu Feb 05 09:56:33 2026 -0800" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Thu Feb 05 09:56:33 2026 -0800" }, "message": "submodule: point verifier to vbpf/prevail (#755)\n\n* Switch to cmake fix\n\nSigned-off-by: Alan Jowett \u003calan.jowett@microsoft.com\u003e\n\n* libfuzzer: build with upstream prevail\n\n* submodule: point verifier to vbpf/prevail\n\n* libfuzzer: restore constraint checks with prevail\n\n* libfuzzer: check pre-invariants in debug hook\n\n* libfuzzer: disable prevail IPO under ubpf\n\n* libfuzzer: avoid inline-bool-flag sanitizer coverage on Windows\n\n* libfuzzer: disable external verifier LTO on posix\n\n* libfuzzer: fix stack frame delimiter\n\n* libfuzzer: make register mask shift type-safe\n\n* libfuzzer: avoid throwing on missing invariants\n\n* libfuzzer: pass verifier options to unmarshal\n\n* libfuzzer: fail if executed label lacks invariants\n\n---------\n\nSigned-off-by: Alan Jowett \u003calan.jowett@microsoft.com\u003e\nCo-authored-by: Alan Jowett \u003calan.jowett@microsoft.com\u003e" }, { "commit": "d8af62f3a5f720d74a1d84ce6b94b86fb7c7cb10", "tree": "e77f27cb762a3f26d4e2e47621c4d837034cbeb1", "parents": [ "b09f6b6e1c84277cb6544214e51754bb2c972ef5" ], "author": { "name": "dependabot[bot]", "email": "49699333+dependabot[bot]@users.noreply.github.com", "time": "Mon Feb 02 10:39:53 2026 -0800" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Mon Feb 02 10:39:53 2026 -0800" }, "message": "build(deps): bump the actions group with 3 updates (#754)\n\nBumps the actions group with 3 updates: [step-security/harden-runner](https://github.com/step-security/harden-runner), [actions/cache](https://github.com/actions/cache) and [github/codeql-action](https://github.com/github/codeql-action).\n\n\nUpdates `step-security/harden-runner` from 2.14.0 to 2.14.1\n- [Release notes](https://github.com/step-security/harden-runner/releases)\n- [Commits](https://github.com/step-security/harden-runner/compare/v2.14.0...e3f713f2d8f53843e71c69a996d56f51aa9adfb9)\n\nUpdates `actions/cache` from 5.0.2 to 5.0.3\n- [Release notes](https://github.com/actions/cache/releases)\n- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)\n- [Commits](https://github.com/actions/cache/compare/8b402f58fbc84540c8b491a91e594a4576fec3d7...cdf6c1fa76f9f475f3d7449005a359c84ca0f306)\n\nUpdates `github/codeql-action` from 4.31.11 to 4.32.0\n- [Release notes](https://github.com/github/codeql-action/releases)\n- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)\n- [Commits](https://github.com/github/codeql-action/compare/19b2f06db2b6f5108140aeb04014ef02b648f789...b20883b0cd1f46c72ae0ba6d1090936928f9fa30)\n\n---\nupdated-dependencies:\n- dependency-name: step-security/harden-runner\n dependency-version: 2.14.1\n dependency-type: direct:production\n update-type: version-update:semver-patch\n dependency-group: actions\n- dependency-name: actions/cache\n dependency-version: 5.0.3\n dependency-type: direct:production\n update-type: version-update:semver-patch\n dependency-group: actions\n- dependency-name: github/codeql-action\n dependency-version: 4.32.0\n dependency-type: direct:production\n update-type: version-update:semver-minor\n dependency-group: actions\n...\n\nSigned-off-by: dependabot[bot] \u003csupport@github.com\u003e\nCo-authored-by: dependabot[bot] \u003c49699333+dependabot[bot]@users.noreply.github.com\u003e" }, { "commit": "b09f6b6e1c84277cb6544214e51754bb2c972ef5", "tree": "91b8300b13f7f39cf03f591c71bd64a2fb5c8e0a", "parents": [ "c5b28c5339d7da7392a8c3a0db39e4afdcf4a4e1" ], "author": { "name": "Alan Jowett", "email": "alanjo@microsoft.com", "time": "Thu Jan 29 20:02:13 2026 -0800" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Thu Jan 29 20:02:13 2026 -0800" }, "message": "Fix MSVC C6262 warning: reduce ubpf_exec_ex stack usage (#752)\n\n* Fix MSVC C6262 warning: reduce ubpf_exec_ex stack usage\n\nAddresses issue #751 where ubpf_exec_ex exceeded MSVC\u0027s 1024-byte stack\nthreshold (was 1324 bytes).\n\nChanges:\n- Reduce _reg array from 16 to 11 elements (R0-R10 per RFC 9669)\n- Reduce saved_registers array from 5 to 4 elements (R6-R9 callee-saved)\n- Hoist dividend/divisor locals from signed div/mod switch cases\n- Hoist _base_addr/_offset/_eff_addr/_ptr from BOUNDS_CHECK macros\n- Hoist atomic operation locals (fetch, dest, val, res) to function scope\n\nEstimated stack reduction: ~250-316 bytes.\n\nFixes #751\n\n* Initialize hoisted variables to fix sanitizer warnings\n\nThe uninitialized hoisted variables triggered maybe-uninitialized warnings\nin sanitizer builds. Initialize all hoisted locals to zero/NULL.\n\n* Revert _reg[11] to _reg[16] for API compatibility\n\nThe ubpf_debug_fn callback signature in the public API uses registers[16],\nso we must keep 16 elements in the _reg array. The other stack reduction\noptimizations remain in place.\n\n---------\n\nCo-authored-by: Alan Jowett \u003calan.jowett@microsoft.com\u003e" }, { "commit": "c5b28c5339d7da7392a8c3a0db39e4afdcf4a4e1", "tree": "f94a1b90dd36184881af5c6d92a2f4cb790373b1", "parents": [ "fcaf2795399856be67d252179c246ff1d8804ac0" ], "author": { "name": "Copilot", "email": "198982749+Copilot@users.noreply.github.com", "time": "Thu Jan 29 08:34:02 2026 -0800" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Thu Jan 29 08:34:02 2026 -0800" }, "message": "Add memory-leak detection to CI (ASan + Valgrind) (#747)\n\n* Add memory-leak detection to CI with ASan and Valgrind\n\nCo-authored-by: Alan-Jowett \u003c20480683+Alan-Jowett@users.noreply.github.com\u003e\n\n* Restrict ASan leak detection to Linux platforms only\n\nmacOS does not support leak detection in AddressSanitizer, so\nASAN_OPTIONS\u003ddetect_leaks\u003d1 is now only set on Linux platforms\n(ubuntu-latest and ubuntu-24.04-arm).\n\nCo-authored-by: Alan-Jowett \u003c20480683+Alan-Jowett@users.noreply.github.com\u003e\n\n* Use environment variable for CTest Valgrind options\n\nReplace --overwrite flag with CTEST_MEMORYCHECK_COMMAND_OPTIONS\nenvironment variable for better reliability and compatibility with CTest.\n\nCo-authored-by: Alan-Jowett \u003c20480683+Alan-Jowett@users.noreply.github.com\u003e\n\n---------\n\nCo-authored-by: copilot-swe-agent[bot] \u003c198982749+Copilot@users.noreply.github.com\u003e\nCo-authored-by: Alan-Jowett \u003c20480683+Alan-Jowett@users.noreply.github.com\u003e" }, { "commit": "fcaf2795399856be67d252179c246ff1d8804ac0", "tree": "78bdea9f739d010dad172d322f1be2c15caaba71", "parents": [ "54804c47a4327da735bd944a6182cf3dd42b2659" ], "author": { "name": "Alan Jowett", "email": "alanjo@microsoft.com", "time": "Wed Jan 28 16:52:38 2026 -0800" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Wed Jan 28 16:52:38 2026 -0800" }, "message": "Revert \"Add bounds checking to x86_64 JIT compiler for load/store operations …\" (#749)\n\nThis reverts commit ebfb44fb2f6384c7505d5aae44cec55491b6efe1." }, { "commit": "54804c47a4327da735bd944a6182cf3dd42b2659", "tree": "0f160174a82e59dc50624cda153c62d2b84280c1", "parents": [ "953be42794c3ad8d2ef3bb6949033d9db86edd4a" ], "author": { "name": "Copilot", "email": "198982749+Copilot@users.noreply.github.com", "time": "Wed Jan 28 16:28:16 2026 -0800" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Wed Jan 28 16:28:16 2026 -0800" }, "message": "Fix memory leak in ubpf_unload_code when reloading programs (#745)\n\n* Initial plan\n\n* Fix memory leak in ubpf_unload_code and add test\n\n- Added free(vm-\u003eint_funcs) and set it to NULL in ubpf_unload_code()\n- Created custom test ubpf_test_reload_code_memleak to verify the fix\n- Verified with valgrind: no memory leaks detected\n\nCo-authored-by: Alan-Jowett \u003c20480683+Alan-Jowett@users.noreply.github.com\u003e\n\n---------\n\nCo-authored-by: copilot-swe-agent[bot] \u003c198982749+Copilot@users.noreply.github.com\u003e\nCo-authored-by: Alan-Jowett \u003c20480683+Alan-Jowett@users.noreply.github.com\u003e" }, { "commit": "953be42794c3ad8d2ef3bb6949033d9db86edd4a", "tree": "58f0cca558771c14f280360d878e414ec122a8fc", "parents": [ "ebfb44fb2f6384c7505d5aae44cec55491b6efe1" ], "author": { "name": "Copilot", "email": "198982749+Copilot@users.noreply.github.com", "time": "Wed Jan 28 15:56:11 2026 -0800" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Wed Jan 28 15:56:11 2026 -0800" }, "message": "Add symbolic label support to uBPF assembler (#739)\n\n* Add label support to uBPF assembler - parser and assembler changes\n\nCo-authored-by: Alan-Jowett \u003c20480683+Alan-Jowett@users.noreply.github.com\u003e\n\n* Add unit tests for label support\n\nCo-authored-by: Alan-Jowett \u003c20480683+Alan-Jowett@users.noreply.github.com\u003e\n\n* Fix call local encoding and improve test validation\n\n- Fix call local to use relative offsets (not absolute indices)\n- Preserve \u0027local\u0027 marker so src_reg\u003d1 is set correctly\n- Restrict label names to start with letter/underscore (not digits)\n- Remove unused imports (Reg, MemRef)\n- Update tests to validate actual instruction encoding (offsets, src_reg)\n\nAddresses review comments:\n- Comment 2738187712: call local now uses relative offsets and sets src_reg\u003d1\n- Comment 2738187765: labels cannot start with digits\n- Comment 2738187789: tests now verify actual instruction encoding\n- Comment 2738187831: removed unused imports\n\nCo-authored-by: Alan-Jowett \u003c20480683+Alan-Jowett@users.noreply.github.com\u003e\n\n* Fix Python 2.7/3.5 compatibility and improve documentation\n\n- Replace all f-strings with % formatting for Python 2.7/3.5 compatibility\n- Add detailed docstring to resolve_labels_in_inst explaining intentional\n variation in return tuple sizes based on BPF instruction operand counts\n- All tests pass with Python 2.7/3.5 compatible syntax\n\nAddresses review comments:\n- Comment 2738386602: f-strings replaced with % formatting\n- Comment 2738386631: documented intentional tuple size variation\n\nCo-authored-by: Alan-Jowett \u003c20480683+Alan-Jowett@users.noreply.github.com\u003e\n\n* Fix isinstance order and add test for digit rejection\n\n- Fix isinstance check order: check for Label before tuple since Label\n is a namedtuple (subclass of tuple)\n- Add test_label_starts_with_digit_error to verify parser rejects labels\n starting with digits\n- All 10 label tests passing\n\nAddresses review comments:\n- Comment 2738465775: Fixed isinstance order\n- Comment 2738465803: Added test for digit rejection\n\nCo-authored-by: Alan-Jowett \u003c20480683+Alan-Jowett@users.noreply.github.com\u003e\n\n* Refactor to reuse resolve_label_ref and improve test\n\n- Refactor call local label resolution to reuse resolve_label_ref function\n instead of duplicating logic for undefined label checks and offset calculation\n- Improve test_label_starts_with_digit_error to properly distinguish between\n parse errors and ValueError exceptions\n- Remove ambiguous test case that didn\u0027t assert any behavior\n\nAddresses review comments:\n- Comment 2738874168: Fixed test to assert expected behavior\n- Comment 2738874186: Refactored to reuse resolve_label_ref\n\nCo-authored-by: Alan-Jowett \u003c20480683+Alan-Jowett@users.noreply.github.com\u003e\n\n* Improve test to catch specific ParseException\n\n- Import ParseException from parcon for precise error checking\n- Update test_label_starts_with_digit_error to catch ParseException specifically\n- Verify the error message contains expected keywords (expected/position)\n- Prevent masking unrelated failures with broad Exception catch\n\nAddresses review comment:\n- Comment 2738934334: Test now asserts specific exception type and message\n\nCo-authored-by: Alan-Jowett \u003c20480683+Alan-Jowett@users.noreply.github.com\u003e\n\n---------\n\nCo-authored-by: copilot-swe-agent[bot] \u003c198982749+Copilot@users.noreply.github.com\u003e\nCo-authored-by: Alan-Jowett \u003c20480683+Alan-Jowett@users.noreply.github.com\u003e" }, { "commit": "ebfb44fb2f6384c7505d5aae44cec55491b6efe1", "tree": "61e19bc10d04432b49390ddcb87baa40e52f481f", "parents": [ "53a9b292843178ea7476e7f53d04abe6b3802462" ], "author": { "name": "Copilot", "email": "198982749+Copilot@users.noreply.github.com", "time": "Wed Jan 28 15:47:26 2026 -0800" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Wed Jan 28 15:47:26 2026 -0800" }, "message": "Add bounds checking to x86_64 JIT compiler for load/store operations (#721)\n\n* Implement bounds checking for load/store operations in x86-64 JIT compiler\n\nCo-authored-by: Alan-Jowett \u003c20480683+Alan-Jowett@users.noreply.github.com\u003e\n\n* Add bounds checking for x86_64 JIT compiler - initial implementation\n\nCo-authored-by: Alan-Jowett \u003c20480683+Alan-Jowett@users.noreply.github.com\u003e\n\n* Fix register offset calculations in bounds check, verify basic JIT works\n\nCo-authored-by: Alan-Jowett \u003c20480683+Alan-Jowett@users.noreply.github.com\u003e\n\n* Fix stack base calculation for BasicJitMode and error path stack cleanup\n\nCo-authored-by: Alan-Jowett \u003c20480683+Alan-Jowett@users.noreply.github.com\u003e\n\n* Fix all 5 review comments: remove unused function, fix register loading, use patchable jumps, fix stack cleanup, reserve parameter storage\n\nCo-authored-by: Alan-Jowett \u003c20480683+Alan-Jowett@users.noreply.github.com\u003e\n\n* Fix 5 new review comments: use R11 for address, fix stack alignment, clean up comments, fix error return, fix type signatures\n\nCo-authored-by: Alan-Jowett \u003c20480683+Alan-Jowett@users.noreply.github.com\u003e\n\n* Fix 6 new review comments: use R10 for address, add atomic bounds checks, fix formatting, add error patterns to tests\n\nCo-authored-by: Alan-Jowett \u003c20480683+Alan-Jowett@users.noreply.github.com\u003e\n\n* Fix JIT bounds checking register save/restore order and disable by default\n\nThe JIT bounds checking implementation had issues with register corruption:\n1. Registers were being computed into before being saved\n2. R10 (mapped to BPF_REG_1 on Windows) was not being properly restored\n3. Stack offsets for accessing saved registers were incorrect\n\nFixed by:\n- Save all volatile registers BEFORE computing the effective address\n- Load saved register values from stack if addr_reg was pushed\n- Fix stack layout comments and offsets for both Windows and Linux\n- Properly restore R10 by popping instead of discarding\n\nSince the JIT bounds checking is still not fully working (tests still crash),\nbounds_check_enabled now defaults to false. Users can opt-in by calling\nubpf_toggle_bounds_check(vm, true). The interpreter bounds checking\ncontinues to work correctly.\n\nSigned-off-by: Copilot \u003ccopilot@github.com\u003e\nSigned-off-by: Alan Jowett \u003calan.jowett@microsoft.com\u003e\n\n* jit/x86_64: remove unused emit_lea_imm\n\n---------\n\nSigned-off-by: Copilot \u003ccopilot@github.com\u003e\nSigned-off-by: Alan Jowett \u003calan.jowett@microsoft.com\u003e\nCo-authored-by: copilot-swe-agent[bot] \u003c198982749+Copilot@users.noreply.github.com\u003e\nCo-authored-by: Alan-Jowett \u003c20480683+Alan-Jowett@users.noreply.github.com\u003e\nCo-authored-by: Alan Jowett \u003calan.jowett@microsoft.com\u003e" }, { "commit": "53a9b292843178ea7476e7f53d04abe6b3802462", "tree": "137dec7af0622bc9d5244889f227a71f0459f949", "parents": [ "4dc9d2b65eb550a9e517db2384b7c69c130bf9eb" ], "author": { "name": "Copilot", "email": "198982749+Copilot@users.noreply.github.com", "time": "Wed Jan 28 15:02:33 2026 -0800" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Wed Jan 28 15:02:33 2026 -0800" }, "message": "Consolidate test files: eliminate duplicates with bpf_conformance (#743)\n\n* Consolidate test files: organize ubpf-specific tests and remove duplicates\n\nCo-authored-by: Alan-Jowett \u003c20480683+Alan-Jowett@users.noreply.github.com\u003e\n\n* Fix typo in err-call-invalid-jump.data test file\n\nCo-authored-by: Alan-Jowett \u003c20480683+Alan-Jowett@users.noreply.github.com\u003e\n\n---------\n\nCo-authored-by: copilot-swe-agent[bot] \u003c198982749+Copilot@users.noreply.github.com\u003e\nCo-authored-by: Alan-Jowett \u003c20480683+Alan-Jowett@users.noreply.github.com\u003e" }, { "commit": "4dc9d2b65eb550a9e517db2384b7c69c130bf9eb", "tree": "244c4208c4161a61f969b20f28ece05cf070f6c1", "parents": [ "d6337f304ca255cd4946d23e31014d08b13de0f1" ], "author": { "name": "Copilot", "email": "198982749+Copilot@users.noreply.github.com", "time": "Wed Jan 28 14:40:49 2026 -0800" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Wed Jan 28 14:40:49 2026 -0800" }, "message": "ARM64 JIT: Implement constant blinding support (#733)\n\n* Implement ARM64 constant blinding support in JIT\n\nCo-authored-by: Alan-Jowett \u003c20480683+Alan-Jowett@users.noreply.github.com\u003e\n\n* Fix register allocation bug in emit_movewide_immediate_blinded\n\nCo-authored-by: Alan-Jowett \u003c20480683+Alan-Jowett@users.noreply.github.com\u003e\n\n* ARM64 JIT: avoid clobbering temp register in constant blinding\n\n* ARM64: Blind all immediate operations when constant blinding enabled\n\nWhen constant blinding is enabled, now force all immediate operations\n(including simple immediates \u003c 0x1000) through the blinded path by\nconverting them to register operations. This matches x86-64 behavior\nand ensures all attacker-controlled immediates are properly blinded.\n\nCo-authored-by: Alan-Jowett \u003c20480683+Alan-Jowett@users.noreply.github.com\u003e\n\n* ARM64: Blind helper index and atomic offsets in constant blinding\n\nExtended constant blinding to cover all remaining attacker-controlled\nimmediates:\n- Helper function index in emit_dispatched_external_helper_call\n- Large atomic operation offsets in emit_atomic_operation\n\nThese values come from BPF instruction fields (inst.imm, inst.offset)\nand must be blinded when constant_blinding_enabled is true.\n\nNote: JIT-internal constants (e.g., stack sizes, shift amounts) remain\nunblinded as they provide no security benefit and hurt performance.\n\nCo-authored-by: Alan-Jowett \u003c20480683+Alan-Jowett@users.noreply.github.com\u003e\n\n* ARM64 JIT: fix large negative load/store offsets\n\n* ARM64 JIT: remove unused load/store helper\n\n* ARM64: Optimize MOV_IMM blinding to avoid extra ORR instruction\n\nExcluded MOV_IMM/MOV64_IMM from the immediate-to-register conversion\npath when constant blinding is enabled. These instructions are now\nhandled directly in their switch case, which blinds the immediate\nwithout requiring an extra ORR instruction to copy from temp_register\nto dst.\n\nBefore: MOVZ temp, #blinded → EOR temp, temp, #random → ORR dst, RZ, temp\nAfter: MOVZ dst, #blinded → EOR dst, dst, #random\n\nThis optimization reduces instruction count while maintaining full\nconstant blinding security.\n\nCo-authored-by: Alan-Jowett \u003c20480683+Alan-Jowett@users.noreply.github.com\u003e\n\n---------\n\nCo-authored-by: copilot-swe-agent[bot] \u003c198982749+Copilot@users.noreply.github.com\u003e\nCo-authored-by: Alan-Jowett \u003c20480683+Alan-Jowett@users.noreply.github.com\u003e\nCo-authored-by: Alan Jowett \u003calan.jowett@microsoft.com\u003e" }, { "commit": "d6337f304ca255cd4946d23e31014d08b13de0f1", "tree": "51defb35066c33625a43cc2f052b98e11ee5473f", "parents": [ "985164130c744eeba173c802fd40454a22f6298d" ], "author": { "name": "Copilot", "email": "198982749+Copilot@users.noreply.github.com", "time": "Wed Jan 28 14:30:55 2026 -0800" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Wed Jan 28 14:30:55 2026 -0800" }, "message": "Unify test and fuzzer configuration with shared CMake support library (#740)\n\n* Add shared test configuration and CMake presets\n\n- Created cmake/test_support.cmake with shared includes and libs\n- Updated custom_tests/CMakeLists.txt to use shared config\n- Updated libfuzzer/CMakeLists.txt to use shared config\n- Added CMakePresets.json with presets for tests, fuzzing, and all-testing\n\nCo-authored-by: Alan-Jowett \u003c20480683+Alan-Jowett@users.noreply.github.com\u003e\n\n* Update .gitignore to exclude build-* directories\n\nCo-authored-by: Alan-Jowett \u003c20480683+Alan-Jowett@users.noreply.github.com\u003e\n\n* Update CI workflows to use CMake presets and add documentation\n\n- Updated fuzzing.yml to use fuzzing and fuzzing-windows presets\n- Modified CMakePresets.json to use \u0027build\u0027 directory for compatibility\n- Added CMake presets documentation to README.md\n\nCo-authored-by: Alan-Jowett \u003c20480683+Alan-Jowett@users.noreply.github.com\u003e\n\n* Remove unused function and undefined variables from workflows\n\n- Removed unused ubpf_add_test_executable() function from test_support.cmake\n- Removed undefined ${command_prefix} and ${arch_flags} variables from fuzzing workflow\n\nCo-authored-by: Alan-Jowett \u003c20480683+Alan-Jowett@users.noreply.github.com\u003e\n\n---------\n\nCo-authored-by: copilot-swe-agent[bot] \u003c198982749+Copilot@users.noreply.github.com\u003e\nCo-authored-by: Alan-Jowett \u003c20480683+Alan-Jowett@users.noreply.github.com\u003e" }, { "commit": "985164130c744eeba173c802fd40454a22f6298d", "tree": "e3cd2c2e09c8eb693dfb87319769e4382c638cf4", "parents": [ "3f5f6ac192bc1da772a1c00acf9e303c1084519f" ], "author": { "name": "Alan Jowett", "email": "alanjo@microsoft.com", "time": "Wed Jan 28 12:41:41 2026 -0800" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Wed Jan 28 12:41:41 2026 -0800" }, "message": "Add .github/copilot-instructions.md for Copilot integration (#736)\n\n* Add .github/copilot-instructions.md for Copilot integration\n\n* docs: fix copilot instructions per review\n\n* docs: clarify style note (brace + column width)\n\n---------\n\nCo-authored-by: Alan Jowett \u003calan.jowett@microsoft.com\u003e" }, { "commit": "3f5f6ac192bc1da772a1c00acf9e303c1084519f", "tree": "317bbb26fd662a0683ec424e1d340d1675ee3cae", "parents": [ "c3a3827bee00a0eaba08f0bc7108efabfe0523ea" ], "author": { "name": "Copilot", "email": "198982749+Copilot@users.noreply.github.com", "time": "Wed Jan 28 12:24:50 2026 -0800" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Wed Jan 28 12:24:50 2026 -0800" }, "message": "Fix Windows fuzzing build: use _popen/_pclose on MSVC (#742)\n\n* Initial plan\n\n* Fix Windows fuzzing build: Use _popen/_pclose on Windows\n\nCo-authored-by: Alan-Jowett \u003c20480683+Alan-Jowett@users.noreply.github.com\u003e\n\n---------\n\nCo-authored-by: copilot-swe-agent[bot] \u003c198982749+Copilot@users.noreply.github.com\u003e\nCo-authored-by: Alan-Jowett \u003c20480683+Alan-Jowett@users.noreply.github.com\u003e" }, { "commit": "c3a3827bee00a0eaba08f0bc7108efabfe0523ea", "tree": "f43a8b313dfa09820b39dff56a1f68cb1c4e2030", "parents": [ "25f1d4f40ea5b0204204ca38df6a83410997f83f" ], "author": { "name": "Copilot", "email": "198982749+Copilot@users.noreply.github.com", "time": "Wed Jan 28 10:32:06 2026 -0800" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Wed Jan 28 10:32:06 2026 -0800" }, "message": "Add missing coverage jobs to finish.needs to fix Coveralls parallel build (#738)\n\nCo-authored-by: copilot-swe-agent[bot] \u003c198982749+Copilot@users.noreply.github.com\u003e\nCo-authored-by: Alan-Jowett \u003c20480683+Alan-Jowett@users.noreply.github.com\u003e" }, { "commit": "25f1d4f40ea5b0204204ca38df6a83410997f83f", "tree": "a585805f9c2fa296286e3eeb8f82efdaf98d4bfb", "parents": [ "459f6c8c39e213cd5bfa18eda0a5cd247b6681a3" ], "author": { "name": "Copilot", "email": "198982749+Copilot@users.noreply.github.com", "time": "Wed Jan 28 10:17:18 2026 -0800" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Wed Jan 28 10:17:18 2026 -0800" }, "message": "Add external VM comparison support to fuzzer (#732)\n\n* Add external VM comparison support to fuzzer\n\nCo-authored-by: Alan-Jowett \u003c20480683+Alan-Jowett@users.noreply.github.com\u003e\n\n* Address code review feedback - add security and portability fixes\n\nCo-authored-by: Alan-Jowett \u003c20480683+Alan-Jowett@users.noreply.github.com\u003e\n\n* Add comprehensive documentation and examples for external VM feature\n\nCo-authored-by: Alan-Jowett \u003c20480683+Alan-Jowett@users.noreply.github.com\u003e\n\n* Address final code review feedback - improve robustness and documentation\n\nCo-authored-by: Alan-Jowett \u003c20480683+Alan-Jowett@users.noreply.github.com\u003e\n\n---------\n\nCo-authored-by: copilot-swe-agent[bot] \u003c198982749+Copilot@users.noreply.github.com\u003e\nCo-authored-by: Alan-Jowett \u003c20480683+Alan-Jowett@users.noreply.github.com\u003e" }, { "commit": "459f6c8c39e213cd5bfa18eda0a5cd247b6681a3", "tree": "1f8152caa08c3de908e54544a0add29c0831f15c", "parents": [ "0b3312516b69dc0c5e75133da802c23bef6316de" ], "author": { "name": "Copilot", "email": "198982749+Copilot@users.noreply.github.com", "time": "Wed Jan 28 10:15:52 2026 -0800" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Wed Jan 28 10:15:52 2026 -0800" }, "message": "Add ARM64 JIT atomic instruction support (#727)\n\n* Add ARM64 JIT atomic instruction support with LDXR/STXR\n\nCo-authored-by: Alan-Jowett \u003c20480683+Alan-Jowett@users.noreply.github.com\u003e\n\n* Fix atomic operation logic to properly handle all ALU operations\n\nCo-authored-by: Alan-Jowett \u003c20480683+Alan-Jowett@users.noreply.github.com\u003e\n\n* Fix atomic operation bugs: register corruption, CMPXCHG logic, FETCH semantics\n\nCo-authored-by: Alan-Jowett \u003c20480683+Alan-Jowett@users.noreply.github.com\u003e\n\n* Fix register aliasing and negative offset handling in atomic operations\n\nCo-authored-by: Alan-Jowett \u003c20480683+Alan-Jowett@users.noreply.github.com\u003e\n\n* fix: ARM64 atomic operation register aliasing for FETCH operations\n\nTwo issues fixed:\n\n1. Register aliasing between op_result_reg and status_reg for FETCH:\n - For FETCH ops, op_result_reg was R25 which conflicts with status_reg\n - STXR writes status to status_reg, clobbering the computed result\n - Fix: For FETCH ops only, use R8 (caller-saved, not used elsewhere)\n - Non-FETCH retains original behavior (R25) which works correctly\n since the store happens before the status clobber\n\n2. Undefined behavior when negating INT16_MIN:\n - (int16_t)-offset is UB when offset \u003d\u003d INT16_MIN\n - Fix: Use int32_t for abs_offset and cast before negation\n\n* fix: ARM64 atomic op_result_reg aliasing with status_reg\n\nThe previous code used R25 for op_result_reg when temp_reg was R24,\nbut R25 is also used as status_reg for STXR. This caused the STXR\ninstruction to have the same register for both the value to store\nand the status output, which is undefined behavior on ARM64.\n\nFixed by always using R8 (caller-saved, unused in this context)\nfor the operation result register.\n\n* test: enable lock tests on arm64/macos\n\n---------\n\nCo-authored-by: copilot-swe-agent[bot] \u003c198982749+Copilot@users.noreply.github.com\u003e\nCo-authored-by: Alan-Jowett \u003c20480683+Alan-Jowett@users.noreply.github.com\u003e\nCo-authored-by: Alan Jowett \u003calan.jowett@microsoft.com\u003e" }, { "commit": "0b3312516b69dc0c5e75133da802c23bef6316de", "tree": "c331c2bc8b53588779a0a890581ecf7b3f061da1", "parents": [ "65430ce4a96210bc53bdb1446aaab8858d0feaf8" ], "author": { "name": "Copilot", "email": "198982749+Copilot@users.noreply.github.com", "time": "Wed Jan 28 09:26:54 2026 -0800" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Wed Jan 28 09:26:54 2026 -0800" }, "message": "Export MAX_EXT_FUNCS to public API as UBPF_MAX_EXT_FUNCS (#734)\n\n* Initial plan\n\n* Export MAX_EXT_FUNCS to public header as UBPF_MAX_EXT_FUNCS\n\nCo-authored-by: Alan-Jowett \u003c20480683+Alan-Jowett@users.noreply.github.com\u003e\n\n---------\n\nCo-authored-by: copilot-swe-agent[bot] \u003c198982749+Copilot@users.noreply.github.com\u003e\nCo-authored-by: Alan-Jowett \u003c20480683+Alan-Jowett@users.noreply.github.com\u003e" }, { "commit": "65430ce4a96210bc53bdb1446aaab8858d0feaf8", "tree": "8be99057132bbbf204e4f9088b96a320159aa973", "parents": [ "a858cc1faf091e8a159416bf0929b495c641d66f" ], "author": { "name": "Copilot", "email": "198982749+Copilot@users.noreply.github.com", "time": "Tue Jan 27 21:16:40 2026 -0800" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Tue Jan 27 21:16:40 2026 -0800" }, "message": "Document context pointer requirements for PREVAIL-verified programs (#731)\n\n* Add documentation for context pointer requirements with verified programs\n\nCo-authored-by: Alan-Jowett \u003c20480683+Alan-Jowett@users.noreply.github.com\u003e\n\n* Address code review feedback in documentation\n\nCo-authored-by: Alan-Jowett \u003c20480683+Alan-Jowett@users.noreply.github.com\u003e\n\n---------\n\nCo-authored-by: copilot-swe-agent[bot] \u003c198982749+Copilot@users.noreply.github.com\u003e\nCo-authored-by: Alan-Jowett \u003c20480683+Alan-Jowett@users.noreply.github.com\u003e" }, { "commit": "a858cc1faf091e8a159416bf0929b495c641d66f", "tree": "286431d3f1a1bc969b73130489a863a561a43c7f", "parents": [ "1f90174111573e25af5f9c79961d7bb863b4d28c" ], "author": { "name": "Copilot", "email": "198982749+Copilot@users.noreply.github.com", "time": "Tue Jan 27 20:21:30 2026 -0800" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Tue Jan 27 20:21:30 2026 -0800" }, "message": "Update R_BPF_64_32 relocation type to 10 for clang 17+ compatibility (#730)\n\n* Update R_BPF_64_32 relocation type from 2 to 10 for modern clang compatibility\n\nCo-authored-by: Alan-Jowett \u003c20480683+Alan-Jowett@users.noreply.github.com\u003e\n\n* Add backward compatibility for legacy R_BPF_64_32 type 2\n\nCo-authored-by: Alan-Jowett \u003c20480683+Alan-Jowett@users.noreply.github.com\u003e\n\n* Fix comment placement for code style consistency\n\nCo-authored-by: Alan-Jowett \u003c20480683+Alan-Jowett@users.noreply.github.com\u003e\n\n---------\n\nCo-authored-by: copilot-swe-agent[bot] \u003c198982749+Copilot@users.noreply.github.com\u003e\nCo-authored-by: Alan-Jowett \u003c20480683+Alan-Jowett@users.noreply.github.com\u003e" }, { "commit": "1f90174111573e25af5f9c79961d7bb863b4d28c", "tree": "324290a58fd83300c7631ed6da6f40ccad9f296d", "parents": [ "7ee3d3525e9a74d281811a60f8a23cbbdc9db8d7" ], "author": { "name": "Copilot", "email": "198982749+Copilot@users.noreply.github.com", "time": "Tue Jan 27 19:39:31 2026 -0800" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Tue Jan 27 19:39:31 2026 -0800" }, "message": "Add JIT constant blinding to mitigate spray attacks (#718)\n\n* Add constant blinding API and infrastructure\n\nCo-authored-by: Alan-Jowett \u003c20480683+Alan-Jowett@users.noreply.github.com\u003e\n\n* Implement x86-64 constant blinding for ALU operations\n\nCo-authored-by: Alan-Jowett \u003c20480683+Alan-Jowett@users.noreply.github.com\u003e\n\n* Fix unused parameter warnings in blinded emit functions\n\nCo-authored-by: Alan-Jowett \u003c20480683+Alan-Jowett@users.noreply.github.com\u003e\n\n* Add constant blinding test and fix random generation\n\nCo-authored-by: Alan-Jowett \u003c20480683+Alan-Jowett@users.noreply.github.com\u003e\n\n* Address code review feedback - fix random generation error handling and type safety\n\nCo-authored-by: Alan-Jowett \u003c20480683+Alan-Jowett@users.noreply.github.com\u003e\n\n* Address PR review feedback - fix thread safety, add functional test, document ARM64 limitation\n\nCo-authored-by: Alan-Jowett \u003c20480683+Alan-Jowett@users.noreply.github.com\u003e\n\n* Expand constant blinding test coverage - add randomness verification and all ALU immediate ops\n\nCo-authored-by: Alan-Jowett \u003c20480683+Alan-Jowett@users.noreply.github.com\u003e\n\n* Fix error handling in constant blinding tests - add null checks and proper cleanup\n\nCo-authored-by: Alan-Jowett \u003c20480683+Alan-Jowett@users.noreply.github.com\u003e\n\n* Skip randomness verification test on non-x86_64 platforms\n\nConstant blinding is only implemented for x86_64 JIT. On ARM64 and other\nplatforms, enabling constant blinding has no effect (as documented in API).\nThe randomness verification test expects different JIT code on each\ncompilation, which only works on x86_64.\n\nAdd platform detection and skip the randomness test on non-x86_64 platforms\nwith a clear message indicating why the test is skipped.\n\nSigned-off-by: Alan Jowett \u003calanjo@microsoft.com\u003e\n\n* Add CI test pass with constant blinding enabled for comprehensive coverage\n\nCo-authored-by: Alan-Jowett \u003c20480683+Alan-Jowett@users.noreply.github.com\u003e\n\n* Fix CI regex to actually run JIT tests with constant blinding\n\nThe regex \u0027_TEST_JIT$\u0027 matched zero tests because test names end with\n\u0027-JIT\u0027 (hyphen), not \u0027_TEST_JIT\u0027. Changed to \u0027\\-JIT$\u0027 which correctly\nmatches all 481 JIT tests including bpf_conformance tests.\n\nSigned-off-by: Copilot \u003ccopilot@github.com\u003e\nSigned-off-by: Alan Jowett \u003calan.jowett@microsoft.com\u003e\n\n* feat: Complete constant blinding for all JIT spray-vulnerable operations\n\nThis commit extends the constant blinding implementation to cover all\noperations that could be exploited in JIT spray attacks:\n\n1. Jump comparisons (CMP_IMM):\n - Added emit_cmp_imm32_blinded() and emit_cmp32_imm32_blinded()\n - Updated JEQ_IMM, JGT_IMM, JGE_IMM, JLT_IMM, JLE_IMM, JNE_IMM,\n JSGT_IMM, JSGE_IMM, JSLT_IMM, JSLE_IMM and their 32-bit variants\n\n2. JSET operations (TEST_IMM):\n - Added emit_test_imm32_blinded() and emit_test32_imm32_blinded()\n - Updated JSET_IMM and JSET32_IMM\n\n3. Store immediates:\n - Added emit_store_imm32_blinded()\n - Updated STW, STH, STB, STDW\n\n4. LDDW (64-bit load immediate):\n - Updated to use EMIT_LOAD_IMM macro\n\n5. Added constant blinding support to ubpf_plugin for testing\n\nAll blinded operations use the pattern:\n mov temp, (imm ^ random) ; Blinded bytes\n xor temp, random ; Recover original\n op dst, temp ; Apply operation with register\n\n* Fix MUL/DIV/MOD immediate blinding gap and add comprehensive tests\n\nCo-authored-by: Alan-Jowett \u003c20480683+Alan-Jowett@users.noreply.github.com\u003e\n\n* Add CI test pass with constant blinding enabled for comprehensive coverage\n\nCo-authored-by: Alan-Jowett \u003c20480683+Alan-Jowett@users.noreply.github.com\u003e\n\n* Fix CI regex to actually run JIT tests with constant blinding\n\nThe regex \u0027_TEST_JIT$\u0027 matched zero tests because test names end with\n\u0027-JIT\u0027 (hyphen), not \u0027_TEST_JIT\u0027. Changed to \u0027\\-JIT$\u0027 which correctly\nmatches all 481 JIT tests including bpf_conformance tests.\n\nSigned-off-by: Copilot \u003ccopilot@github.com\u003e\nSigned-off-by: Alan Jowett \u003calan.jowett@microsoft.com\u003e\n\n* fix: Add constant blinding for MUL/DIV/MOD operations\n\nThis commit addresses the unresolved review comments by:\n\n1. Adding blinding to emit_muldivmod():\n - Added \u0027vm\u0027 parameter to emit_muldivmod()\n - Changed emit_load_imm() to EMIT_LOAD_IMM() macro for immediate values\n - Updated both call sites in translate()\n\n2. Updated documentation in ubpf.h:\n - Clarified that x86-64 now blinds ALL immediate values including\n ALU, comparisons, jumps, stores, loads, and MUL/DIV/MOD operations\n\n3. Added test coverage for MUL/DIV/MOD operations:\n - Added MUL_IMM, MUL64_IMM tests\n - Added DIV_IMM, DIV64_IMM tests\n - Added MOD_IMM, MOD64_IMM tests\n\nThe EMIT_LOAD_IMM macro is now defined early in the file so that\nemit_muldivmod() can use it.\n\n---------\n\nSigned-off-by: Alan Jowett \u003calanjo@microsoft.com\u003e\nSigned-off-by: Copilot \u003ccopilot@github.com\u003e\nSigned-off-by: Alan Jowett \u003calan.jowett@microsoft.com\u003e\nCo-authored-by: copilot-swe-agent[bot] \u003c198982749+Copilot@users.noreply.github.com\u003e\nCo-authored-by: Alan-Jowett \u003c20480683+Alan-Jowett@users.noreply.github.com\u003e\nCo-authored-by: Alan Jowett \u003calan.jowett@microsoft.com\u003e" }, { "commit": "7ee3d3525e9a74d281811a60f8a23cbbdc9db8d7", "tree": "a7041777558c0f2e775c74663853eadff77a5d15", "parents": [ "497da04d2f5a0d9c4ced78e7555b65206b72669a" ], "author": { "name": "StepSecurity Bot", "email": "bot@stepsecurity.io", "time": "Tue Jan 27 18:57:38 2026 -0800" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Tue Jan 27 18:57:38 2026 -0800" }, "message": "[StepSecurity] ci: Harden GitHub Actions (#729)\n\nSigned-off-by: StepSecurity Bot \u003cbot@stepsecurity.io\u003e" }, { "commit": "497da04d2f5a0d9c4ced78e7555b65206b72669a", "tree": "93279a3a7c7b7c11f016254fa532369fb1af1868", "parents": [ "8d92f8f6445ffa4c9d415f349615b436a563d087" ], "author": { "name": "Copilot", "email": "198982749+Copilot@users.noreply.github.com", "time": "Tue Jan 27 18:50:37 2026 -0800" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Tue Jan 27 18:50:37 2026 -0800" }, "message": "Fix undefined behavior from casting nullptr to uint64_t in libfuzzer harness (#728)\n\n* Initial plan\n\n* Fix potential nullptr dereference in ubpf_context_from function\n\nCo-authored-by: Alan-Jowett \u003c20480683+Alan-Jowett@users.noreply.github.com\u003e\n\n---------\n\nCo-authored-by: copilot-swe-agent[bot] \u003c198982749+Copilot@users.noreply.github.com\u003e\nCo-authored-by: Alan-Jowett \u003c20480683+Alan-Jowett@users.noreply.github.com\u003e" }, { "commit": "8d92f8f6445ffa4c9d415f349615b436a563d087", "tree": "7fe173438bec54ad7378b284e749254f844e15f7", "parents": [ "6f815f6d05cd4a17ea169d43973a889c0e6875cd" ], "author": { "name": "Copilot", "email": "198982749+Copilot@users.noreply.github.com", "time": "Tue Jan 27 18:28:34 2026 -0800" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Tue Jan 27 18:28:34 2026 -0800" }, "message": "Fix integer overflow vulnerabilities in bounds_check (#720)\n\n* Add integer overflow checks to bounds_check function\n\n- Check for negative size values\n- Check for overflow in access_start + size calculation\n- Check for overflow in stack_start + stack_len calculation\n- Check for overflow in mem_start + mem_len calculation\n- Add test case for integer overflow scenario\n\nCo-authored-by: Alan-Jowett \u003c20480683+Alan-Jowett@users.noreply.github.com\u003e\n\n* Address code review feedback - improve mem NULL handling\n\nCo-authored-by: Alan-Jowett \u003c20480683+Alan-Jowett@users.noreply.github.com\u003e\n\n* Add type cast for bounds check function call\n\nCo-authored-by: Alan-Jowett \u003c20480683+Alan-Jowett@users.noreply.github.com\u003e\n\n* Fix goto jumping over variable initializers and relax test pattern\n\n- Move all variable declarations before any goto statements to avoid -Wjump-misses-init errors\n- Use validity flags (stack_valid, mem_valid) to track which regions are safe to check\n- Relax test error pattern from specific hex format to .* for portability\n\nCo-authored-by: Alan-Jowett \u003c20480683+Alan-Jowett@users.noreply.github.com\u003e\n\n* Fix pointer arithmetic overflow at call sites\n\nAddresses comment 2733624376: The macros BOUNDS_CHECK_LOAD and BOUNDS_CHECK_STORE\nnow perform address computation safely in uint64_t space with overflow detection\nbefore casting to void* and passing to bounds_check(). This prevents overflow in\nthe expression (char*)reg[inst.src] + inst.offset from bypassing the overflow\nchecks in bounds_check().\n\nThe fix handles both positive and negative offsets correctly:\n- For positive offsets: check if base_addr + offset would overflow\n- For negative offsets: check if base_addr - abs(offset) would underflow\n\nCo-authored-by: Alan-Jowett \u003c20480683+Alan-Jowett@users.noreply.github.com\u003e\n\n* Use computed safe address in memory operations\n\nExtract address computation into helper macro and use the safely computed\naddress (_eff_addr) in all memory load/store operations instead of recomputing\nwith potentially overflowing pointer arithmetic. Wrap case blocks in braces\nto create separate scopes for variable declarations.\n\nThis ensures the overflow-checked address is actually used for memory access,\nnot just for bounds checking.\n\nCo-authored-by: Alan-Jowett \u003c20480683+Alan-Jowett@users.noreply.github.com\u003e\n\n* Fix overflow handling to check regions independently\n\nAddress comment 2733807751: Changed overflow handling in bounds_check to\nevaluate each memory region independently instead of using goto check_custom.\nWhen stack_end or mem_end would overflow, print a diagnostic error but continue\nto check the other region. This prevents incorrectly rejecting valid accesses\nwhen only one region\u0027s end calculation overflows.\n\nAlso address comment 2733807765: Add test coverage for address underflow and\naddress overflow with offset scenarios in COMPUTE_EFFECTIVE_ADDR.\n\nCo-authored-by: Alan-Jowett \u003c20480683+Alan-Jowett@users.noreply.github.com\u003e\n\n* Add \u0027-- no jit\u0027 to overflow tests since JIT lacks overflow detection\n\nThe JIT compilers (x86_64, ARM64) do not implement address/integer\noverflow detection in bounds checking. Mark these tests as interpreter-only\nto prevent false failures in CI.\n\nSigned-off-by: Alan Jowett \u003calanjo@microsoft.com\u003e\n\n* Fix region overflow diagnostics to avoid false positives\n\nAddress comment 2734224212: Changed overflow handling to only print region\nend overflow errors when they actually cause an access failure. Region overflows\nare now recorded as flags and only reported if the access would have been in\nthat region (checked by comparing access_start with region_start). This prevents\nfalse-positive error messages when an access succeeds through another valid region.\n\nAlso address comment 2734224221: Updated stale comment that referenced goto\nstatements which no longer exist in the code.\n\nCo-authored-by: Alan-Jowett \u003c20480683+Alan-Jowett@users.noreply.github.com\u003e\n\n* Use safe address in atomic store operations\n\nAddress comment 2734364715: Changed EBPF_OP_ATOMIC_STORE and\nEBPF_OP_ATOMIC32_STORE to use the safely computed _eff_addr instead of\nrecomputing with potentially overflowing pointer arithmetic\n(reg[inst.dst] + inst.offset). This ensures atomic operations use the\noverflow-checked address, preventing desync between the checked and\naccessed addresses.\n\nCo-authored-by: Alan-Jowett \u003c20480683+Alan-Jowett@users.noreply.github.com\u003e\n\n---------\n\nSigned-off-by: Alan Jowett \u003calanjo@microsoft.com\u003e\nCo-authored-by: copilot-swe-agent[bot] \u003c198982749+Copilot@users.noreply.github.com\u003e\nCo-authored-by: Alan-Jowett \u003c20480683+Alan-Jowett@users.noreply.github.com\u003e\nCo-authored-by: Alan Jowett \u003calan.jowett@microsoft.com\u003e" }, { "commit": "6f815f6d05cd4a17ea169d43973a889c0e6875cd", "tree": "19dd926ac7a3da648ea3d78a1872632190d29eb9", "parents": [ "ee102e7079ff1fc23ea70f17402c9e01f9deb42f" ], "author": { "name": "Copilot", "email": "198982749+Copilot@users.noreply.github.com", "time": "Tue Jan 27 18:26:05 2026 -0800" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Tue Jan 27 18:26:05 2026 -0800" }, "message": "Fix integer overflow in pointer arithmetic calculations (#726)\n\n* Initial plan\n\n* Fix integer overflow in multiplication operations in test.c\n\nCo-authored-by: Alan-Jowett \u003c20480683+Alan-Jowett@users.noreply.github.com\u003e\n\n---------\n\nCo-authored-by: copilot-swe-agent[bot] \u003c198982749+Copilot@users.noreply.github.com\u003e\nCo-authored-by: Alan-Jowett \u003c20480683+Alan-Jowett@users.noreply.github.com\u003e" }, { "commit": "ee102e7079ff1fc23ea70f17402c9e01f9deb42f", "tree": "3dc05703cba8b9b3b9fe9368d6a959e6a53ea817", "parents": [ "95f5a36190a6b5efe511d6af067f600813dacd6a" ], "author": { "name": "Copilot", "email": "198982749+Copilot@users.noreply.github.com", "time": "Tue Jan 27 17:46:20 2026 -0800" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Tue Jan 27 17:46:20 2026 -0800" }, "message": "Fix format specifier mismatch in call depth error message (#725)\n\n* Initial plan\n\n* Fix format string mismatch for nested function calls error\n\nCo-authored-by: Alan-Jowett \u003c20480683+Alan-Jowett@users.noreply.github.com\u003e\n\n---------\n\nCo-authored-by: copilot-swe-agent[bot] \u003c198982749+Copilot@users.noreply.github.com\u003e\nCo-authored-by: Alan-Jowett \u003c20480683+Alan-Jowett@users.noreply.github.com\u003e" }, { "commit": "95f5a36190a6b5efe511d6af067f600813dacd6a", "tree": "a4e1bd97e527e5fb92e4517017724b61ea9622d3", "parents": [ "8948f298fbff440db551afd567c2c4991ba2c6c9" ], "author": { "name": "Copilot", "email": "198982749+Copilot@users.noreply.github.com", "time": "Tue Jan 27 17:44:02 2026 -0800" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Tue Jan 27 17:44:02 2026 -0800" }, "message": "Fix Windows CI to fail on test failures (#724)\n\n* Initial plan\n\n* Fix Windows CI/CD to properly check exit codes\n\nCo-authored-by: Alan-Jowett \u003c20480683+Alan-Jowett@users.noreply.github.com\u003e\n\n---------\n\nCo-authored-by: copilot-swe-agent[bot] \u003c198982749+Copilot@users.noreply.github.com\u003e\nCo-authored-by: Alan-Jowett \u003c20480683+Alan-Jowett@users.noreply.github.com\u003e" }, { "commit": "8948f298fbff440db551afd567c2c4991ba2c6c9", "tree": "a8473fe5a4675dab18ec76d8dedc6526c82fc047", "parents": [ "0bb9564e61677f0e2063c421ffcef5dccff6e1d3" ], "author": { "name": "Copilot", "email": "198982749+Copilot@users.noreply.github.com", "time": "Tue Jan 27 17:07:19 2026 -0800" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Tue Jan 27 17:07:19 2026 -0800" }, "message": "Enable ARM64 sanitizers using native GitHub runners (#723)\n\n* Initial plan\n\n* Enable ARM64 sanitizers with native GitHub runners\n\n- Update main.yml to use ubuntu-24.04-arm for ARM64 jobs\n- Re-enable ARM64 sanitizer jobs (release and debug)\n- Update posix.yml to handle native ARM64 runners\n- Update CMake files to skip QEMU on native ARM64\n- Update wrapper scripts to detect and run natively on ARM64\n\nCo-authored-by: Alan-Jowett \u003c20480683+Alan-Jowett@users.noreply.github.com\u003e\n\n* Fix build-libbpf.sh to support ARM64 architecture\n\nAuto-detect the correct library directory for the architecture\nusing dpkg-architecture or gcc -print-multiarch instead of\nhardcoding x86_64-linux-gnu.\n\nCo-authored-by: Alan-Jowett \u003c20480683+Alan-Jowett@users.noreply.github.com\u003e\n\n* Improve architecture detection fallback in build-libbpf.sh\n\nUse uname -m to detect ARM64 vs x86_64 when dpkg-architecture\nand gcc -print-multiarch are not available.\n\nCo-authored-by: Alan-Jowett \u003c20480683+Alan-Jowett@users.noreply.github.com\u003e\n\n---------\n\nCo-authored-by: copilot-swe-agent[bot] \u003c198982749+Copilot@users.noreply.github.com\u003e\nCo-authored-by: Alan-Jowett \u003c20480683+Alan-Jowett@users.noreply.github.com\u003e" }, { "commit": "0bb9564e61677f0e2063c421ffcef5dccff6e1d3", "tree": "99524373ddd14ef5e50e976bb62d6b54240edb3a", "parents": [ "523d7bc070057c445067b8b8abae68f8ec1c3c49" ], "author": { "name": "Copilot", "email": "198982749+Copilot@users.noreply.github.com", "time": "Tue Jan 27 13:36:59 2026 -0800" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Tue Jan 27 13:36:59 2026 -0800" }, "message": "Store bytecode in read-only memory pages (#719)\n\n* Initial plan\n\n* Implement read-only bytecode storage using mmap/mprotect\n\nCo-authored-by: Alan-Jowett \u003c20480683+Alan-Jowett@users.noreply.github.com\u003e\n\n* Add test for read-only bytecode functionality\n\nCo-authored-by: Alan-Jowett \u003c20480683+Alan-Jowett@users.noreply.github.com\u003e\n\n* Address code review feedback: platform-specific page size and remove redundant check\n\nCo-authored-by: Alan-Jowett \u003c20480683+Alan-Jowett@users.noreply.github.com\u003e\n\n* Fix incomplete cleanup on mprotect failure\n\nCo-authored-by: Alan-Jowett \u003c20480683+Alan-Jowett@users.noreply.github.com\u003e\n\n* Address code review feedback: fix page_size type and memory leak\n\nCo-authored-by: Alan-Jowett \u003c20480683+Alan-Jowett@users.noreply.github.com\u003e\n\n---------\n\nCo-authored-by: copilot-swe-agent[bot] \u003c198982749+Copilot@users.noreply.github.com\u003e\nCo-authored-by: Alan-Jowett \u003c20480683+Alan-Jowett@users.noreply.github.com\u003e" }, { "commit": "523d7bc070057c445067b8b8abae68f8ec1c3c49", "tree": "d0c9a064daaa51f6dbd58c558ffdfc269822cb6c", "parents": [ "71fc460c30f01b6acba3a3d1cd9574be8a76afc0" ], "author": { "name": "Alan Jowett", "email": "alanjo@microsoft.com", "time": "Tue Jan 27 09:39:57 2026 -0800" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Tue Jan 27 09:39:57 2026 -0800" }, "message": "Implement RFC 9669 signed division (sdiv) and modulo (smod) support (#714)\n\n* Implement RFC 9669 signed division (sdiv) and modulo (smod) support\n\nPer RFC 9669, signed div/mod is indicated by setting offset\u003d1 on existing DIV/MOD opcodes.\nThis change implements:\n\n- Interpreter: Check inst.offset \u003d\u003d 1 for signed operations, using proper signed casts\n- x86-64 JIT: Use CDQ/CQO to sign-extend dividend and IDIV instead of DIV for signed ops\n- ARM64 JIT: Use SDIV instruction instead of UDIV for signed operations\n- Assembler: Add sdiv, sdiv32, smod, smod32 mnemonics (emit same opcodes with offset\u003d1)\n- Disassembler: Recognize offset\u003d1 on DIV/MOD and output sdiv/smod\n- Tests: Added test files for signed operations including negative values and division by zero\n\nDivision by zero returns 0, modulo by zero returns the dividend (as per existing behavior).\n\nBased on the work started in PR #332 by @hawkinsw.\n\nSigned-off-by: Alan Jowett \u003calan.jowett@microsoft.com\u003e\n\n* Address review comments for sdiv/smod support\n\n- Add offset bounds validation (0-1) in ubpf_instruction_valid.c for all\n DIV/MOD instructions to reject invalid BPF bytecode early\n- Handle INT_MIN / -1 overflow case in interpreter per RFC 9669:\n sdiv returns INT_MIN, smod returns 0\n- Handle INT_MIN / -1 overflow case in x86-64 JIT by checking for the\n overflow condition before IDIV and skipping it if detected\n- Add test cases for INT_MIN / -1 edge cases (32-bit and 64-bit)\n\nSigned-off-by: Alan Jowett \u003calan.jowett@microsoft.com\u003e\n\n* Add missing UINT32_MAX mask to EBPF_OP_MOD_REG for consistency\n\nAdd the masking operation reg[inst.dst] \u0026\u003d UINT32_MAX after the\nEBPF_OP_MOD_REG case for consistency with other 32-bit ALU operations\n(EBPF_OP_MOD_IMM, EBPF_OP_DIV_IMM, EBPF_OP_DIV_REG).\n\nSigned-off-by: Alan Jowett \u003calan.jowett@microsoft.com\u003e\n\n* Add 64-bit signed division/modulo by zero test cases\n\nAdd sdiv64-by-zero.data and smod64-by-zero.data for complete test\ncoverage of signed division/modulo edge cases, matching the existing\n32-bit test files.\n\nSigned-off-by: Alan Jowett \u003calan.jowett@microsoft.com\u003e\n\n---------\n\nSigned-off-by: Alan Jowett \u003calan.jowett@microsoft.com\u003e\nCo-authored-by: Alan Jowett \u003calan.jowett@microsoft.com\u003e" }, { "commit": "71fc460c30f01b6acba3a3d1cd9574be8a76afc0", "tree": "7263c9b35463b7eee432077a179fe0d52a97807b", "parents": [ "0d1ad273449c94eb9d3217d92b555034944f44d2" ], "author": { "name": "Copilot", "email": "198982749+Copilot@users.noreply.github.com", "time": "Tue Jan 27 09:13:08 2026 -0800" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Tue Jan 27 09:13:08 2026 -0800" }, "message": "Add RFC 9669 JMP32-class JA (opcode 0x06) support (#702)\n\n* Add RFC 9669 JMP32-class JA (opcode 0x06) support\n\n- Added EBPF_OP_JA32 opcode definition in vm/ebpf.h\n- Added interpreter support in vm/ubpf_vm.c (pc +\u003d imm)\n- Added instruction validation in vm/ubpf_instruction_valid.c\n- Added JIT support for x86-64 in vm/ubpf_jit_x86_64.c\n- Added JIT support for ARM64 in vm/ubpf_jit_arm64.c\n- Added validation for JA32 jump bounds checking\n\nCo-authored-by: Alan-Jowett \u003c20480683+Alan-Jowett@users.noreply.github.com\u003e\n\n* Fix JA32 handling in validation and ARM64 JIT\n\n- Fixed jump target calculation for JA32 in sub-program validation\n- Added JA32 to ends_with_jump check for sub-program validation\n- Updated is_ja check in ARM64 JIT to include JA32\n\nCo-authored-by: Alan-Jowett \u003c20480683+Alan-Jowett@users.noreply.github.com\u003e\n\n* Consolidate JA32 with other jump instructions in validation\n\n- Merged JA32 into the main jump instruction validation case\n- Fixed variable declaration scope issue\n- Use conditional to select imm vs offset based on opcode\n\nCo-authored-by: Alan-Jowett \u003c20480683+Alan-Jowett@users.noreply.github.com\u003e\n\n* Final: RFC 9669 JMP32-class JA implementation complete\n\nAll checks passed:\n- Code review: Minor nitpicks only, no blocking issues\n- Security scan: No vulnerabilities detected\n- All 14 custom tests passing\n- Manual verification of JA32 interpreter and JIT\n\nCo-authored-by: Alan-Jowett \u003c20480683+Alan-Jowett@users.noreply.github.com\u003e\n\n* Remove accidentally committed _codeql_build_dir build artifacts\n\nCo-authored-by: Alan-Jowett \u003c20480683+Alan-Jowett@users.noreply.github.com\u003e\n\n* Remove _codeql_detected_source_root and add to .gitignore\n\nThis is a CodeQL-generated symlink that should not be tracked in git.\n\nCo-authored-by: Alan-Jowett \u003c20480683+Alan-Jowett@users.noreply.github.com\u003e\n\n* Fix signed overflow issues and add ja32 test\n\n- Use int64_t for jump target calculations to avoid signed overflow with large immediates\n- Fix sub-program validation to check bounds before converting signed to unsigned\n- Add bounds check before accessing insts[end_index - 2] for single-instruction sub-programs\n- Add tests/ja32.data test file for JA32 instruction\n\nCo-authored-by: Alan-Jowett \u003c20480683+Alan-Jowett@users.noreply.github.com\u003e\n\n* Fix ja32 test format and use int32_t for jump_offset\n\n- Changed tests/ja32.data from asm to raw format since assembler doesn\u0027t support ja32 mnemonic\n- Changed jump_offset from int to int32_t to properly handle 32-bit JA32 immediates on all platforms\n\nCo-authored-by: Alan-Jowett \u003c20480683+Alan-Jowett@users.noreply.github.com\u003e\n\n* Fix error message and remove trailing whitespace\n\n- Updated error message to mention both EXIT and unconditional jump options\n- Removed trailing whitespace in vm/ubpf_jit_x86_64.c\n- Removed trailing whitespace in vm/ubpf_jit_arm64.c\n\nCo-authored-by: Alan-Jowett \u003c20480683+Alan-Jowett@users.noreply.github.com\u003e\n\n* Fix JA32 classification in ARM64 JIT is_imm_op\n\n- Exclude JA32 from is_jmp32 classification to prevent it from going through immediate-to-register conversion\n- JA32 is an unconditional jump and should be treated like JA, not like conditional JMP32 instructions\n\nCo-authored-by: Alan-Jowett \u003c20480683+Alan-Jowett@users.noreply.github.com\u003e\n\n* Update err-call0.data to expect new error message\n\nThe error message for sub-programs not ending with EXIT was updated\nto also mention unconditional jumps as valid termination. Update\nthe test to match the new expected error message.\n\nSigned-off-by: Alan Jowett \u003calan.jowett@microsoft.com\u003e\n\n---------\n\nSigned-off-by: Alan Jowett \u003calan.jowett@microsoft.com\u003e\nCo-authored-by: copilot-swe-agent[bot] \u003c198982749+Copilot@users.noreply.github.com\u003e\nCo-authored-by: Alan-Jowett \u003c20480683+Alan-Jowett@users.noreply.github.com\u003e\nCo-authored-by: Alan Jowett \u003calan.jowett@microsoft.com\u003e" }, { "commit": "0d1ad273449c94eb9d3217d92b555034944f44d2", "tree": "0f9dd0ee3b43885883e3f23815a7f6af431592e9", "parents": [ "df3d5cf5ffda88fb9f29e432a325068a30dbd19e" ], "author": { "name": "Copilot", "email": "198982749+Copilot@users.noreply.github.com", "time": "Tue Jan 27 08:33:10 2026 -0800" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Tue Jan 27 08:33:10 2026 -0800" }, "message": "Add RFC 9669 ALU64 END instruction support (bswap16/32/64) (#703)\n\n* Add RFC 9669 ALU64 END (bswap16/32/64) instruction support\n\n- Added EBPF_OP_BSWAP opcode definition (0xD7)\n- Implemented interpreter support with __builtin_bswap fallbacks\n- Added x86-64 JIT support using BSWAP instruction\n- Added ARM64 JIT support using REV instructions\n- Added instruction validation for BSWAP\n- Updated assembler to support bswap16/32/64\n- Updated disassembler to recognize bswap instructions\n- Created test data files for bswap16, bswap32, bswap64\n\nCo-authored-by: Alan-Jowett \u003c20480683+Alan-Jowett@users.noreply.github.com\u003e\n\n* Fix disassembler class check for bswap vs le/be instructions\n\nCo-authored-by: Alan-Jowett \u003c20480683+Alan-Jowett@users.noreply.github.com\u003e\n\n* Improve comment clarity in disassembler for class naming\n\nCo-authored-by: Alan-Jowett \u003c20480683+Alan-Jowett@users.noreply.github.com\u003e\n\n* Add _codeql_* to .gitignore to exclude build artifacts\n\n* Add _codeql_* to .gitignore to exclude build artifacts\n\nCo-authored-by: Alan-Jowett \u003c20480683+Alan-Jowett@users.noreply.github.com\u003e\n\n* Fix .gitignore formatting and remove accidentally committed build artifacts\n\n- Add proper newline between .vscode/ and _codeql_* pattern\n- Remove all _codeql_build_dir and _codeql_detected_source_root files that were accidentally committed\n\nCo-authored-by: Alan-Jowett \u003c20480683+Alan-Jowett@users.noreply.github.com\u003e\n\n* Add raw bytecode format to bswap tests for CI compatibility\n\nThe bpf_conformance_runner tool doesn\u0027t yet recognize bswap16/32/64 mnemonics.\nAdded raw bytecode format to test files so tests can run while bpf_conformance\nis being updated with the new mnemonics.\n\nCo-authored-by: Alan-Jowett \u003c20480683+Alan-Jowett@users.noreply.github.com\u003e\n\n* Update bpf_conformance submodule to support bswap mnemonics\n\nUpdated external/bpf_conformance to commit 3d39948 which adds support for\nbswap16/32/64 mnemonics. Removed raw bytecode sections from test files since\nthe conformance runner now recognizes these mnemonics directly.\n\nCo-authored-by: Alan-Jowett \u003c20480683+Alan-Jowett@users.noreply.github.com\u003e\n\n---------\n\nCo-authored-by: copilot-swe-agent[bot] \u003c198982749+Copilot@users.noreply.github.com\u003e\nCo-authored-by: Alan-Jowett \u003c20480683+Alan-Jowett@users.noreply.github.com\u003e" }, { "commit": "df3d5cf5ffda88fb9f29e432a325068a30dbd19e", "tree": "110c31477322932c4290451f16256d984be4e702", "parents": [ "d85532f3e37aa6b04d5e831efb039ba0b1cfdf14" ], "author": { "name": "Alan Jowett", "email": "alanjo@microsoft.com", "time": "Mon Jan 26 10:07:49 2026 -0800" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Mon Jan 26 10:07:49 2026 -0800" }, "message": "Fix Conformance external project directories for FetchContent/ExternalProject usage (#713)\n\nWhen ubpf is used as a subproject via ExternalProject or FetchContent,\nCMAKE_SOURCE_DIR and CMAKE_BINARY_DIR point to the parent project\u0027s\ndirectories, not ubpf\u0027s. This causes the Conformance external project\nto fail to find the bpf_conformance source.\n\nChange to CMAKE_CURRENT_SOURCE_DIR and CMAKE_CURRENT_BINARY_DIR which\ncorrectly reference ubpf\u0027s directories regardless of how it\u0027s included.\n\nAlso fixes inconsistent indentation (tab vs spaces) on the BINARY_DIR line.\n\nSigned-off-by: Alan Jowett \u003calan.jowett@microsoft.com\u003e\nCo-authored-by: Alan Jowett \u003calan.jowett@microsoft.com\u003e\nCo-authored-by: Alexis Brodeur \u003cbrodeuralexis@gmail.com\u003e" }, { "commit": "d85532f3e37aa6b04d5e831efb039ba0b1cfdf14", "tree": "a9abd4e221bef5d2b292738b266a121214ecb072", "parents": [ "b2cc37fcdd5699b2981c906d088944003aeb902a" ], "author": { "name": "dependabot[bot]", "email": "49699333+dependabot[bot]@users.noreply.github.com", "time": "Sat Jan 24 15:11:01 2026 -0800" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Sat Jan 24 15:11:01 2026 -0800" }, "message": "build(deps): bump github/codeql-action in the actions group (#716)\n\nBumps the actions group with 1 update: [github/codeql-action](https://github.com/github/codeql-action).\n\n\nUpdates `github/codeql-action` from 4.31.10 to 4.31.11\n- [Release notes](https://github.com/github/codeql-action/releases)\n- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)\n- [Commits](https://github.com/github/codeql-action/compare/cdefb33c0f6224e58673d9004f47f7cb3e328b89...19b2f06db2b6f5108140aeb04014ef02b648f789)\n\n---\nupdated-dependencies:\n- dependency-name: github/codeql-action\n dependency-version: 4.31.11\n dependency-type: direct:production\n update-type: version-update:semver-patch\n dependency-group: actions\n...\n\nSigned-off-by: dependabot[bot] \u003csupport@github.com\u003e\nCo-authored-by: dependabot[bot] \u003c49699333+dependabot[bot]@users.noreply.github.com\u003e" }, { "commit": "b2cc37fcdd5699b2981c906d088944003aeb902a", "tree": "f61defb7c9aaa038b108f97bea2444f6bf1778e6", "parents": [ "ddabd4443279c96fd4e543e7008b6bae0a514acc" ], "author": { "name": "Copilot", "email": "198982749+Copilot@users.noreply.github.com", "time": "Fri Jan 23 20:38:15 2026 -0800" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Fri Jan 23 20:38:15 2026 -0800" }, "message": "Fix compilation on non-x86_64/non-aarch64 architectures (#708)\n\n* Initial plan\n\n* Fix compilation on non-x86_64/aarch64 architectures by correcting field name\n\nCo-authored-by: Alan-Jowett \u003c20480683+Alan-Jowett@users.noreply.github.com\u003e\n\n* Task complete - compilation fix verified\n\nCo-authored-by: Alan-Jowett \u003c20480683+Alan-Jowett@users.noreply.github.com\u003e\n\n* Remove CodeQL build artifacts and update .gitignore\n\nCo-authored-by: Alan-Jowett \u003c20480683+Alan-Jowett@users.noreply.github.com\u003e\n\n* Add missing null stub initializations for non-x86_64/non-aarch64 architectures\n\nThe #else branch was missing initialization of jit_update_dispatcher and\njit_update_helper, which would leave these function pointers as NULL.\nThis could cause crashes when ubpf_register or ubpf_set_dispatcher is\ncalled after JIT compilation on unsupported architectures.\n\nSigned-off-by: Alan Jowett \u003calan.jowett@microsoft.com\u003e\n\n---------\n\nSigned-off-by: Alan Jowett \u003calan.jowett@microsoft.com\u003e\nCo-authored-by: copilot-swe-agent[bot] \u003c198982749+Copilot@users.noreply.github.com\u003e\nCo-authored-by: Alan-Jowett \u003c20480683+Alan-Jowett@users.noreply.github.com\u003e\nCo-authored-by: Alan Jowett \u003calan.jowett@microsoft.com\u003e" }, { "commit": "ddabd4443279c96fd4e543e7008b6bae0a514acc", "tree": "17ece27edbc0ab1176e0a64dd920967efe4bbc3c", "parents": [ "21907f34e29289484574234c3eef105125ae79ee" ], "author": { "name": "Copilot", "email": "198982749+Copilot@users.noreply.github.com", "time": "Fri Jan 23 20:37:48 2026 -0800" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Fri Jan 23 20:37:48 2026 -0800" }, "message": "Add GitHub Copilot project configuration (#712)\n\n* Add GitHub Copilot project configuration\n\nCo-authored-by: Alan-Jowett \u003c20480683+Alan-Jowett@users.noreply.github.com\u003e\n\n* Fix Windows setup step to include command for consistency\n\nCo-authored-by: Alan-Jowett \u003c20480683+Alan-Jowett@users.noreply.github.com\u003e\n\n* Improve configuration with better examples and fix escaping\n\nCo-authored-by: Alan-Jowett \u003c20480683+Alan-Jowett@users.noreply.github.com\u003e\n\n* Fix test command and coveralls path portability\n\nCo-authored-by: Alan-Jowett \u003c20480683+Alan-Jowett@users.noreply.github.com\u003e\n\n* Polish configuration with accurate test names and clearer target descriptions\n\nCo-authored-by: Alan-Jowett \u003c20480683+Alan-Jowett@users.noreply.github.com\u003e\n\n* Fix verifier function name to ubpf_is_valid_instruction\n\nCo-authored-by: Alan-Jowett \u003c20480683+Alan-Jowett@users.noreply.github.com\u003e\n\n* Fix build artifact paths and script names to match actual locations\n\nCo-authored-by: Alan-Jowett \u003c20480683+Alan-Jowett@users.noreply.github.com\u003e\n\n---------\n\nCo-authored-by: copilot-swe-agent[bot] \u003c198982749+Copilot@users.noreply.github.com\u003e\nCo-authored-by: Alan-Jowett \u003c20480683+Alan-Jowett@users.noreply.github.com\u003e" }, { "commit": "21907f34e29289484574234c3eef105125ae79ee", "tree": "1e88336e26195be88d332cadc071305f823fd1dd", "parents": [ "ebd09b66dbffc8f49c589fceef1006a9692aec0d" ], "author": { "name": "Copilot", "email": "198982749+Copilot@users.noreply.github.com", "time": "Fri Jan 23 20:33:18 2026 -0800" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Fri Jan 23 20:33:18 2026 -0800" }, "message": "Update bpf_conformance to RFC 9669 and fix bugs revealed by new tests (#710)\n\n* Initial plan\n\n* Update bpf_conformance submodule and fix atomic cmpxchg implementation\n\nCo-authored-by: Alan-Jowett \u003c20480683+Alan-Jowett@users.noreply.github.com\u003e\n\n* Code review and security checks passed\n\nCo-authored-by: Alan-Jowett \u003c20480683+Alan-Jowett@users.noreply.github.com\u003e\n\n* Add _codeql_build_dir to gitignore\n\nCo-authored-by: Alan-Jowett \u003c20480683+Alan-Jowett@users.noreply.github.com\u003e\n\n* Co-authored-by: Alan-Jowett \u003c20480683+Alan-Jowett@users.noreply.github.com\u003e\n\n* Fix ARM64 JIT NEG instruction to use dst register instead of src\n\nCo-authored-by: Alan-Jowett \u003c20480683+Alan-Jowett@users.noreply.github.com\u003e\n\n* Remove accidentally committed build_arm64_check directory\n\nCo-authored-by: Alan-Jowett \u003c20480683+Alan-Jowett@users.noreply.github.com\u003e\n\n* Update bpf_conformance submodule to e208f52 (latest)\n\n---------\n\nCo-authored-by: copilot-swe-agent[bot] \u003c198982749+Copilot@users.noreply.github.com\u003e\nCo-authored-by: Alan-Jowett \u003c20480683+Alan-Jowett@users.noreply.github.com\u003e" }, { "commit": "ebd09b66dbffc8f49c589fceef1006a9692aec0d", "tree": "6468717a6e27736e4a1e8fa37df91af42225d3b1", "parents": [ "e27211dadd88683fa9d87b65b8105ba86dcbfd3b" ], "author": { "name": "Copilot", "email": "198982749+Copilot@users.noreply.github.com", "time": "Thu Jan 22 19:52:32 2026 -0800" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Thu Jan 22 19:52:32 2026 -0800" }, "message": "Implement RFC 9669 MEMSX sign-extension load instructions (#701)\n\n* Initial plan\n\n* Implement RFC 9669 MEMSX sign-extension load instructions\n\n- Added EBPF_MODE_MEMSX (0x80) constant\n- Added LDXBSX, LDXHSX, LDXWSX opcodes for sign-extension loads\n- Implemented ubpf_mem_load_sx() for VM interpreter\n- Added JIT support for x86-64 with emit_load_sx()\n- Added JIT support for ARM64 using existing LS_LDRSB/H/W opcodes\n- Added instruction validation filters\n\nCo-authored-by: Alan-Jowett \u003c20480683+Alan-Jowett@users.noreply.github.com\u003e\n\n* Add assembler/disassembler support and comprehensive tests for MEMSX\n\n- Added MEM_LOAD_SX_OPS to assembler.py for ldx{b,h,w}sx instructions\n- Updated disassembler.py to recognize MEMSX mode (mode 4)\n- Fixed x86-64 JIT emit_load_sx for proper 32-bit sign extension\n- Added comprehensive test program validating VM and JIT for all MEMSX variants\n- All tests pass for byte, halfword, and word sign extensions\n\nCo-authored-by: Alan-Jowett \u003c20480683+Alan-Jowett@users.noreply.github.com\u003e\n\n* Remove test binary from repository\n\n* Fix pointer dereference spacing in ubpf_mem_load_sx\n\n- Fixed spacing in pointer dereferences to avoid precedence issues\n- All tests still pass after the fix\n\nCo-authored-by: Alan-Jowett \u003c20480683+Alan-Jowett@users.noreply.github.com\u003e\n\n* Update .gitignore to exclude test binaries and CodeQL artifacts\n\n* Update .gitignore to exclude test binaries and CodeQL artifacts\n\nCo-authored-by: Alan-Jowett \u003c20480683+Alan-Jowett@users.noreply.github.com\u003e\n\n* Fix .gitignore: preserve .vs/ line and add test artifacts separately\n\n- Keep original .vs/ line unchanged\n- Add test_memsx and _codeql_detected_source_root on separate lines\n- Add explanatory comment for test artifacts\n\nCo-authored-by: Alan-Jowett \u003c20480683+Alan-Jowett@users.noreply.github.com\u003e\n\n* Remove test_memsx.c development artifact\n\n- test_memsx.c was a temporary test file used during development\n- Proper tests are in tests/*.data files (ldxbsx.data, ldxhsx.data, ldxwsx.data)\n- Not needed in the final PR\n\nCo-authored-by: Alan-Jowett \u003c20480683+Alan-Jowett@users.noreply.github.com\u003e\n\n* Add patch and documentation for bpf_conformance MEMSX support\n\n- Created bpf_conformance_memsx.patch with changes needed for the assembler\n- Added MEMSX_BPF_CONFORMANCE.md explaining the CI test failures\n- The bpf_conformance submodule needs these changes to recognize MEMSX mnemonics\n- Python assembler (ubpf/assembler.py) already has MEMSX support\n\nCo-authored-by: Alan-Jowett \u003c20480683+Alan-Jowett@users.noreply.github.com\u003e\n\n* Fix MEMSX mnemonic naming to match RFC 9669 standard\n\n- Changed mnemonics from ldxbsx/ldxhsx/ldxwsx to ldxsb/ldxsh/ldxsw\n- Updated test files to use correct naming (ldxsb.data, ldxsh.data, ldxsw.data)\n- Updated Python assembler to generate ldxsb/ldxsh/ldxsw mnemonics\n- Updated disassembler to show ldxsb/ldxsh/ldxsw (not ldxbsx/etc)\n- Removed obsolete documentation files (now compatible with bpf_conformance PR #435)\n- Naming now matches Linux kernel and RFC 9669 conventions\n\nCo-authored-by: Alan-Jowett \u003c20480683+Alan-Jowett@users.noreply.github.com\u003e\n\n---------\n\nSigned-off-by: Alan Jowett \u003calanjo@microsoft.com\u003e\nCo-authored-by: copilot-swe-agent[bot] \u003c198982749+Copilot@users.noreply.github.com\u003e\nCo-authored-by: Alan-Jowett \u003c20480683+Alan-Jowett@users.noreply.github.com\u003e\nCo-authored-by: Alan Jowett \u003calanjo@microsoft.com\u003e" }, { "commit": "e27211dadd88683fa9d87b65b8105ba86dcbfd3b", "tree": "3181a539823f99650f58bc9d49e705a2e9977f4f", "parents": [ "82e773385a12f87b9785b2b79ab8c1469c1e768b" ], "author": { "name": "dependabot[bot]", "email": "49699333+dependabot[bot]@users.noreply.github.com", "time": "Thu Jan 22 16:20:25 2026 -0800" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Thu Jan 22 16:20:25 2026 -0800" }, "message": "build(deps): bump actions/checkout in the actions group (#706)\n\nBumps the actions group with 1 update: [actions/checkout](https://github.com/actions/checkout).\n\n\nUpdates `actions/checkout` from 6.0.1 to 6.0.2\n- [Release notes](https://github.com/actions/checkout/releases)\n- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)\n- [Commits](https://github.com/actions/checkout/compare/8e8c483db84b4bee98b60c0593521ed34d9990e8...de0fac2e4500dabe0009e67214ff5f5447ce83dd)\n\n---\nupdated-dependencies:\n- dependency-name: actions/checkout\n dependency-version: 6.0.2\n dependency-type: direct:production\n update-type: version-update:semver-patch\n dependency-group: actions\n...\n\nSigned-off-by: dependabot[bot] \u003csupport@github.com\u003e\nCo-authored-by: dependabot[bot] \u003c49699333+dependabot[bot]@users.noreply.github.com\u003e" }, { "commit": "82e773385a12f87b9785b2b79ab8c1469c1e768b", "tree": "79f60467760c015f24cbcd6a49cc499475dcbbe2", "parents": [ "d79a6122aa498583d58c814fa63f736428a08484" ], "author": { "name": "Alan Jowett", "email": "alanjo@microsoft.com", "time": "Thu Jan 22 15:57:30 2026 -0800" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Thu Jan 22 15:57:30 2026 -0800" }, "message": "Pickup new bpf_conformance with new mnenomic support (#705)\n\n* Pickup new bpf_conformance with new mnenomic support\n\nSigned-off-by: Alan Jowett \u003calan.jowett@microsoft.com\u003e\n\n* Pickup fix\n\nSigned-off-by: Alan Jowett \u003calan.jowett@microsoft.com\u003e\n\n---------\n\nSigned-off-by: Alan Jowett \u003calan.jowett@microsoft.com\u003e\nCo-authored-by: Alan Jowett \u003calan.jowett@microsoft.com\u003e" }, { "commit": "d79a6122aa498583d58c814fa63f736428a08484", "tree": "fdb8308349d2e25cd9ec35495d71c39998fd70c0", "parents": [ "86458a0f451bcf8964b8134d94d691e784e4e680" ], "author": { "name": "Copilot", "email": "198982749+Copilot@users.noreply.github.com", "time": "Thu Jan 22 15:02:00 2026 -0800" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Thu Jan 22 15:02:00 2026 -0800" }, "message": "Update documentation to reference RFC 9669 as primary BPF ISA specification (#667)\n\n* Initial analysis: Update documentation to reference RFC 9669 for BPF ISA\n\nCo-authored-by: Alan-Jowett \u003c20480683+Alan-Jowett@users.noreply.github.com\u003e\n\n* Update documentation to reference RFC 9669 as primary BPF ISA specification\n\nCo-authored-by: Alan-Jowett \u003c20480683+Alan-Jowett@users.noreply.github.com\u003e\n\n---------\n\nCo-authored-by: copilot-swe-agent[bot] \u003c198982749+Copilot@users.noreply.github.com\u003e\nCo-authored-by: Alan-Jowett \u003c20480683+Alan-Jowett@users.noreply.github.com\u003e" }, { "commit": "86458a0f451bcf8964b8134d94d691e784e4e680", "tree": "b6311f9a39e6eef547b3ed23480ced3442736dc2", "parents": [ "e43ad684c27a8f84aca65de0fe86ea3331edfc49" ], "author": { "name": "dependabot[bot]", "email": "49699333+dependabot[bot]@users.noreply.github.com", "time": "Tue Jan 20 15:57:06 2026 -0800" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Tue Jan 20 15:57:06 2026 -0800" }, "message": "build(deps): bump the actions group across 1 directory with 2 updates (#695)\n\nBumps the actions group with 2 updates in the / directory: [actions/cache](https://github.com/actions/cache) and [github/codeql-action](https://github.com/github/codeql-action).\n\n\nUpdates `actions/cache` from 5.0.1 to 5.0.2\n- [Release notes](https://github.com/actions/cache/releases)\n- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)\n- [Commits](https://github.com/actions/cache/compare/9255dc7a253b0ccc959486e2bca901246202afeb...8b402f58fbc84540c8b491a91e594a4576fec3d7)\n\nUpdates `github/codeql-action` from 4.31.8 to 4.31.10\n- [Release notes](https://github.com/github/codeql-action/releases)\n- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)\n- [Commits](https://github.com/github/codeql-action/compare/1b168cd39490f61582a9beae412bb7057a6b2c4e...cdefb33c0f6224e58673d9004f47f7cb3e328b89)\n\n---\nupdated-dependencies:\n- dependency-name: actions/cache\n dependency-version: 5.0.2\n dependency-type: direct:production\n update-type: version-update:semver-patch\n dependency-group: actions\n- dependency-name: github/codeql-action\n dependency-version: 4.31.10\n dependency-type: direct:production\n update-type: version-update:semver-patch\n dependency-group: actions\n...\n\nSigned-off-by: dependabot[bot] \u003csupport@github.com\u003e\nCo-authored-by: dependabot[bot] \u003c49699333+dependabot[bot]@users.noreply.github.com\u003e" }, { "commit": "e43ad684c27a8f84aca65de0fe86ea3331edfc49", "tree": "59c5591471349bdfbeec73f995e3279f8b174e67", "parents": [ "dc4c78b06f032ddd16abfc6b8db36a9fc007f2e4" ], "author": { "name": "dependabot[bot]", "email": "49699333+dependabot[bot]@users.noreply.github.com", "time": "Wed Jan 07 08:50:25 2026 -0800" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Wed Jan 07 08:50:25 2026 -0800" }, "message": "build(deps): bump the actions group across 1 directory with 7 updates (#693)\n\nBumps the actions group with 7 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [step-security/harden-runner](https://github.com/step-security/harden-runner) | `2.13.2` | `2.14.0` |\n| [actions/checkout](https://github.com/actions/checkout) | `5.0.0` | `6.0.1` |\n| [actions/dependency-review-action](https://github.com/actions/dependency-review-action) | `4.8.1` | `4.8.2` |\n| [actions/cache](https://github.com/actions/cache) | `4.3.0` | `5.0.1` |\n| [actions/upload-artifact](https://github.com/actions/upload-artifact) | `5.0.0` | `6.0.0` |\n| [actions/download-artifact](https://github.com/actions/download-artifact) | `6.0.0` | `7.0.0` |\n| [github/codeql-action](https://github.com/github/codeql-action) | `4.31.2` | `4.31.8` |\n\n\n\nUpdates `step-security/harden-runner` from 2.13.2 to 2.14.0\n- [Release notes](https://github.com/step-security/harden-runner/releases)\n- [Commits](https://github.com/step-security/harden-runner/compare/95d9a5deda9de15063e7595e9719c11c38c90ae2...20cf305ff2072d973412fa9b1e3a4f227bda3c76)\n\nUpdates `actions/checkout` from 5.0.0 to 6.0.1\n- [Release notes](https://github.com/actions/checkout/releases)\n- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)\n- [Commits](https://github.com/actions/checkout/compare/08c6903cd8c0fde910a37f88322edcfb5dd907a8...8e8c483db84b4bee98b60c0593521ed34d9990e8)\n\nUpdates `actions/dependency-review-action` from 4.8.1 to 4.8.2\n- [Release notes](https://github.com/actions/dependency-review-action/releases)\n- [Commits](https://github.com/actions/dependency-review-action/compare/40c09b7dc99638e5ddb0bfd91c1673effc064d8a...3c4e3dcb1aa7874d2c16be7d79418e9b7efd6261)\n\nUpdates `actions/cache` from 4.3.0 to 5.0.1\n- [Release notes](https://github.com/actions/cache/releases)\n- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)\n- [Commits](https://github.com/actions/cache/compare/0057852bfaa89a56745cba8c7296529d2fc39830...9255dc7a253b0ccc959486e2bca901246202afeb)\n\nUpdates `actions/upload-artifact` from 5.0.0 to 6.0.0\n- [Release notes](https://github.com/actions/upload-artifact/releases)\n- [Commits](https://github.com/actions/upload-artifact/compare/330a01c490aca151604b8cf639adc76d48f6c5d4...b7c566a772e6b6bfb58ed0dc250532a479d7789f)\n\nUpdates `actions/download-artifact` from 6.0.0 to 7.0.0\n- [Release notes](https://github.com/actions/download-artifact/releases)\n- [Commits](https://github.com/actions/download-artifact/compare/018cc2cf5baa6db3ef3c5f8a56943fffe632ef53...37930b1c2abaa49bbe596cd826c3c89aef350131)\n\nUpdates `github/codeql-action` from 4.31.2 to 4.31.8\n- [Release notes](https://github.com/github/codeql-action/releases)\n- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)\n- [Commits](https://github.com/github/codeql-action/compare/0499de31b99561a6d14a36a5f662c2a54f91beee...1b168cd39490f61582a9beae412bb7057a6b2c4e)\n\n---\nupdated-dependencies:\n- dependency-name: step-security/harden-runner\n dependency-version: 2.14.0\n dependency-type: direct:production\n update-type: version-update:semver-minor\n dependency-group: actions\n- dependency-name: actions/checkout\n dependency-version: 6.0.1\n dependency-type: direct:production\n update-type: version-update:semver-major\n dependency-group: actions\n- dependency-name: actions/dependency-review-action\n dependency-version: 4.8.2\n dependency-type: direct:production\n update-type: version-update:semver-patch\n dependency-group: actions\n- dependency-name: actions/cache\n dependency-version: 5.0.1\n dependency-type: direct:production\n update-type: version-update:semver-major\n dependency-group: actions\n- dependency-name: actions/upload-artifact\n dependency-version: 6.0.0\n dependency-type: direct:production\n update-type: version-update:semver-major\n dependency-group: actions\n- dependency-name: actions/download-artifact\n dependency-version: 7.0.0\n dependency-type: direct:production\n update-type: version-update:semver-major\n dependency-group: actions\n- dependency-name: github/codeql-action\n dependency-version: 4.31.8\n dependency-type: direct:production\n update-type: version-update:semver-patch\n dependency-group: actions\n...\n\nSigned-off-by: dependabot[bot] \u003csupport@github.com\u003e\nCo-authored-by: dependabot[bot] \u003c49699333+dependabot[bot]@users.noreply.github.com\u003e" }, { "commit": "dc4c78b06f032ddd16abfc6b8db36a9fc007f2e4", "tree": "bf1174e6a5643ffc1101cd87b3f692ccd9116729", "parents": [ "8c0dc65ddb7dd2eff53aed958b1a2f9424855cdb" ], "author": { "name": "dependabot[bot]", "email": "49699333+dependabot[bot]@users.noreply.github.com", "time": "Wed Nov 12 11:56:11 2025 -0800" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Wed Nov 12 11:56:11 2025 -0800" }, "message": "build(deps): bump the actions group across 1 directory with 5 updates (#689)\n\nBumps the actions group with 5 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [step-security/harden-runner](https://github.com/step-security/harden-runner) | `2.13.1` | `2.13.2` |\n| [actions/dependency-review-action](https://github.com/actions/dependency-review-action) | `4.8.0` | `4.8.1` |\n| [actions/upload-artifact](https://github.com/actions/upload-artifact) | `4.6.2` | `5.0.0` |\n| [actions/download-artifact](https://github.com/actions/download-artifact) | `5.0.0` | `6.0.0` |\n| [github/codeql-action](https://github.com/github/codeql-action) | `3.30.6` | `4.31.2` |\n\n\n\nUpdates `step-security/harden-runner` from 2.13.1 to 2.13.2\n- [Release notes](https://github.com/step-security/harden-runner/releases)\n- [Commits](https://github.com/step-security/harden-runner/compare/f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a...95d9a5deda9de15063e7595e9719c11c38c90ae2)\n\nUpdates `actions/dependency-review-action` from 4.8.0 to 4.8.1\n- [Release notes](https://github.com/actions/dependency-review-action/releases)\n- [Commits](https://github.com/actions/dependency-review-action/compare/56339e523c0409420f6c2c9a2f4292bbb3c07dd3...40c09b7dc99638e5ddb0bfd91c1673effc064d8a)\n\nUpdates `actions/upload-artifact` from 4.6.2 to 5.0.0\n- [Release notes](https://github.com/actions/upload-artifact/releases)\n- [Commits](https://github.com/actions/upload-artifact/compare/ea165f8d65b6e75b540449e92b4886f43607fa02...330a01c490aca151604b8cf639adc76d48f6c5d4)\n\nUpdates `actions/download-artifact` from 5.0.0 to 6.0.0\n- [Release notes](https://github.com/actions/download-artifact/releases)\n- [Commits](https://github.com/actions/download-artifact/compare/634f93cb2916e3fdff6788551b99b062d0335ce0...018cc2cf5baa6db3ef3c5f8a56943fffe632ef53)\n\nUpdates `github/codeql-action` from 3.30.6 to 4.31.2\n- [Release notes](https://github.com/github/codeql-action/releases)\n- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)\n- [Commits](https://github.com/github/codeql-action/compare/64d10c13136e1c5bce3e5fbde8d4906eeaafc885...0499de31b99561a6d14a36a5f662c2a54f91beee)\n\n---\nupdated-dependencies:\n- dependency-name: step-security/harden-runner\n dependency-version: 2.13.2\n dependency-type: direct:production\n update-type: version-update:semver-patch\n dependency-group: actions\n- dependency-name: actions/dependency-review-action\n dependency-version: 4.8.1\n dependency-type: direct:production\n update-type: version-update:semver-patch\n dependency-group: actions\n- dependency-name: actions/upload-artifact\n dependency-version: 5.0.0\n dependency-type: direct:production\n update-type: version-update:semver-major\n dependency-group: actions\n- dependency-name: actions/download-artifact\n dependency-version: 6.0.0\n dependency-type: direct:production\n update-type: version-update:semver-major\n dependency-group: actions\n- dependency-name: github/codeql-action\n dependency-version: 4.31.2\n dependency-type: direct:production\n update-type: version-update:semver-major\n dependency-group: actions\n...\n\nSigned-off-by: dependabot[bot] \u003csupport@github.com\u003e\nCo-authored-by: dependabot[bot] \u003c49699333+dependabot[bot]@users.noreply.github.com\u003e" }, { "commit": "8c0dc65ddb7dd2eff53aed958b1a2f9424855cdb", "tree": "6e974f7114061e56db512c3aab6be0ef94c357f3", "parents": [ "1ad22f374df28cd37052620fdb602e93c5a9a604" ], "author": { "name": "dependabot[bot]", "email": "49699333+dependabot[bot]@users.noreply.github.com", "time": "Thu Oct 09 08:08:56 2025 -0700" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Thu Oct 09 08:08:56 2025 -0700" }, "message": "build(deps): bump the actions group across 1 directory with 5 updates (#686)\n\nBumps the actions group with 5 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [step-security/harden-runner](https://github.com/step-security/harden-runner) | `2.13.0` | `2.13.1` |\n| [actions/dependency-review-action](https://github.com/actions/dependency-review-action) | `4.7.2` | `4.8.0` |\n| [actions/cache](https://github.com/actions/cache) | `4.2.4` | `4.3.0` |\n| [github/codeql-action](https://github.com/github/codeql-action) | `3.29.11` | `3.30.6` |\n| [ossf/scorecard-action](https://github.com/ossf/scorecard-action) | `2.4.2` | `2.4.3` |\n\n\n\nUpdates `step-security/harden-runner` from 2.13.0 to 2.13.1\n- [Release notes](https://github.com/step-security/harden-runner/releases)\n- [Commits](https://github.com/step-security/harden-runner/compare/ec9f2d5744a09debf3a187a3f4f675c53b671911...f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a)\n\nUpdates `actions/dependency-review-action` from 4.7.2 to 4.8.0\n- [Release notes](https://github.com/actions/dependency-review-action/releases)\n- [Commits](https://github.com/actions/dependency-review-action/compare/bc41886e18ea39df68b1b1245f4184881938e050...56339e523c0409420f6c2c9a2f4292bbb3c07dd3)\n\nUpdates `actions/cache` from 4.2.4 to 4.3.0\n- [Release notes](https://github.com/actions/cache/releases)\n- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)\n- [Commits](https://github.com/actions/cache/compare/0400d5f644dc74513175e3cd8d07132dd4860809...0057852bfaa89a56745cba8c7296529d2fc39830)\n\nUpdates `github/codeql-action` from 3.29.11 to 3.30.6\n- [Release notes](https://github.com/github/codeql-action/releases)\n- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)\n- [Commits](https://github.com/github/codeql-action/compare/3c3833e0f8c1c83d449a7478aa59c036a9165498...64d10c13136e1c5bce3e5fbde8d4906eeaafc885)\n\nUpdates `ossf/scorecard-action` from 2.4.2 to 2.4.3\n- [Release notes](https://github.com/ossf/scorecard-action/releases)\n- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md)\n- [Commits](https://github.com/ossf/scorecard-action/compare/05b42c624433fc40578a4040d5cf5e36ddca8cde...4eaacf0543bb3f2c246792bd56e8cdeffafb205a)\n\n---\nupdated-dependencies:\n- dependency-name: step-security/harden-runner\n dependency-version: 2.13.1\n dependency-type: direct:production\n update-type: version-update:semver-patch\n dependency-group: actions\n- dependency-name: actions/dependency-review-action\n dependency-version: 4.8.0\n dependency-type: direct:production\n update-type: version-update:semver-minor\n dependency-group: actions\n- dependency-name: actions/cache\n dependency-version: 4.3.0\n dependency-type: direct:production\n update-type: version-update:semver-minor\n dependency-group: actions\n- dependency-name: github/codeql-action\n dependency-version: 3.30.6\n dependency-type: direct:production\n update-type: version-update:semver-minor\n dependency-group: actions\n- dependency-name: ossf/scorecard-action\n dependency-version: 2.4.3\n dependency-type: direct:production\n update-type: version-update:semver-patch\n dependency-group: actions\n...\n\nSigned-off-by: dependabot[bot] \u003csupport@github.com\u003e\nCo-authored-by: dependabot[bot] \u003c49699333+dependabot[bot]@users.noreply.github.com\u003e" }, { "commit": "1ad22f374df28cd37052620fdb602e93c5a9a604", "tree": "ec1aacdb8e7324de53bc5a153a5563f9e5e98392", "parents": [ "a591452b45669c44ae10f40bd2588ad5a4477eff" ], "author": { "name": "Alan Jowett", "email": "alanjo@microsoft.com", "time": "Thu Sep 04 09:02:18 2025 -0700" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Thu Sep 04 09:02:18 2025 -0700" }, "message": "MacOS build fails to install cmake (#682)\n\nSigned-off-by: Alan Jowett \u003calanjo@microsoft.com\u003e" }, { "commit": "a591452b45669c44ae10f40bd2588ad5a4477eff", "tree": "4267e40d3fe2bf7a276cc26b8127c1ee8f57315c", "parents": [ "3ceb93a2ff1a94953002b44327b2fface55a3ef0" ], "author": { "name": "dependabot[bot]", "email": "49699333+dependabot[bot]@users.noreply.github.com", "time": "Mon Aug 25 10:45:15 2025 -0700" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Mon Aug 25 10:45:15 2025 -0700" }, "message": "build(deps): bump the actions group across 1 directory with 5 updates (#679)\n\nBumps the actions group with 5 updates in the / directory:\n\n| Package | From | To |\n| --- | --- | --- |\n| [actions/checkout](https://github.com/actions/checkout) | `4.2.2` | `5.0.0` |\n| [actions/dependency-review-action](https://github.com/actions/dependency-review-action) | `4.7.1` | `4.7.2` |\n| [actions/cache](https://github.com/actions/cache) | `4.2.3` | `4.2.4` |\n| [actions/download-artifact](https://github.com/actions/download-artifact) | `4.3.0` | `5.0.0` |\n| [github/codeql-action](https://github.com/github/codeql-action) | `3.29.7` | `3.29.11` |\n\n\n\nUpdates `actions/checkout` from 4.2.2 to 5.0.0\n- [Release notes](https://github.com/actions/checkout/releases)\n- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)\n- [Commits](https://github.com/actions/checkout/compare/11bd71901bbe5b1630ceea73d27597364c9af683...08c6903cd8c0fde910a37f88322edcfb5dd907a8)\n\nUpdates `actions/dependency-review-action` from 4.7.1 to 4.7.2\n- [Release notes](https://github.com/actions/dependency-review-action/releases)\n- [Commits](https://github.com/actions/dependency-review-action/compare/da24556b548a50705dd671f47852072ea4c105d9...bc41886e18ea39df68b1b1245f4184881938e050)\n\nUpdates `actions/cache` from 4.2.3 to 4.2.4\n- [Release notes](https://github.com/actions/cache/releases)\n- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)\n- [Commits](https://github.com/actions/cache/compare/5a3ec84eff668545956fd18022155c47e93e2684...0400d5f644dc74513175e3cd8d07132dd4860809)\n\nUpdates `actions/download-artifact` from 4.3.0 to 5.0.0\n- [Release notes](https://github.com/actions/download-artifact/releases)\n- [Commits](https://github.com/actions/download-artifact/compare/d3f86a106a0bac45b974a628896c90dbdf5c8093...634f93cb2916e3fdff6788551b99b062d0335ce0)\n\nUpdates `github/codeql-action` from 3.29.7 to 3.29.11\n- [Release notes](https://github.com/github/codeql-action/releases)\n- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)\n- [Commits](https://github.com/github/codeql-action/compare/51f77329afa6477de8c49fc9c7046c15b9a4e79d...3c3833e0f8c1c83d449a7478aa59c036a9165498)\n\n---\nupdated-dependencies:\n- dependency-name: actions/checkout\n dependency-version: 5.0.0\n dependency-type: direct:production\n update-type: version-update:semver-major\n dependency-group: actions\n- dependency-name: actions/dependency-review-action\n dependency-version: 4.7.2\n dependency-type: direct:production\n update-type: version-update:semver-patch\n dependency-group: actions\n- dependency-name: actions/cache\n dependency-version: 4.2.4\n dependency-type: direct:production\n update-type: version-update:semver-patch\n dependency-group: actions\n- dependency-name: actions/download-artifact\n dependency-version: 5.0.0\n dependency-type: direct:production\n update-type: version-update:semver-major\n dependency-group: actions\n- dependency-name: github/codeql-action\n dependency-version: 3.29.11\n dependency-type: direct:production\n update-type: version-update:semver-patch\n dependency-group: actions\n...\n\nSigned-off-by: dependabot[bot] \u003csupport@github.com\u003e\nCo-authored-by: dependabot[bot] \u003c49699333+dependabot[bot]@users.noreply.github.com\u003e" }, { "commit": "3ceb93a2ff1a94953002b44327b2fface55a3ef0", "tree": "2cff9e767391e3a0eb894e0844bfa932c3819ef1", "parents": [ "deefd84b8b62534da2e49d697e009b0a876063ad" ], "author": { "name": "dependabot[bot]", "email": "49699333+dependabot[bot]@users.noreply.github.com", "time": "Mon Aug 04 14:44:56 2025 -0700" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Mon Aug 04 14:44:56 2025 -0700" }, "message": "build(deps): bump the actions group with 2 updates (#675)\n\nBumps the actions group with 2 updates: [step-security/harden-runner](https://github.com/step-security/harden-runner) and [github/codeql-action](https://github.com/github/codeql-action).\n\n\nUpdates `step-security/harden-runner` from 2.12.2 to 2.13.0\n- [Release notes](https://github.com/step-security/harden-runner/releases)\n- [Commits](https://github.com/step-security/harden-runner/compare/6c439dc8bdf85cadbbce9ed30d1c7b959517bc49...ec9f2d5744a09debf3a187a3f4f675c53b671911)\n\nUpdates `github/codeql-action` from 3.29.2 to 3.29.5\n- [Release notes](https://github.com/github/codeql-action/releases)\n- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)\n- [Commits](https://github.com/github/codeql-action/compare/181d5eefc20863364f96762470ba6f862bdef56b...51f77329afa6477de8c49fc9c7046c15b9a4e79d)\n\n---\nupdated-dependencies:\n- dependency-name: step-security/harden-runner\n dependency-version: 2.13.0\n dependency-type: direct:production\n update-type: version-update:semver-minor\n dependency-group: actions\n- dependency-name: github/codeql-action\n dependency-version: 3.29.5\n dependency-type: direct:production\n update-type: version-update:semver-patch\n dependency-group: actions\n...\n\nSigned-off-by: dependabot[bot] \u003csupport@github.com\u003e\nCo-authored-by: dependabot[bot] \u003c49699333+dependabot[bot]@users.noreply.github.com\u003e" }, { "commit": "deefd84b8b62534da2e49d697e009b0a876063ad", "tree": "2ef73360d021d8105cd7c16faf1632546a92d838", "parents": [ "c97b2ef6452438b4749ae778f809a49ad4c7b43e" ], "author": { "name": "dependabot[bot]", "email": "49699333+dependabot[bot]@users.noreply.github.com", "time": "Mon Jul 28 12:05:34 2025 -0700" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Mon Jul 28 12:05:34 2025 -0700" }, "message": "build(deps): bump the actions group across 1 directory with 2 updates (#673)\n\nBumps the actions group with 2 updates in the / directory: [step-security/harden-runner](https://github.com/step-security/harden-runner) and [github/codeql-action](https://github.com/github/codeql-action).\n\n\nUpdates `step-security/harden-runner` from 2.12.1 to 2.12.2\n- [Release notes](https://github.com/step-security/harden-runner/releases)\n- [Commits](https://github.com/step-security/harden-runner/compare/002fdce3c6a235733a90a27c80493a3241e56863...6c439dc8bdf85cadbbce9ed30d1c7b959517bc49)\n\nUpdates `github/codeql-action` from 3.29.0 to 3.29.2\n- [Release notes](https://github.com/github/codeql-action/releases)\n- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)\n- [Commits](https://github.com/github/codeql-action/compare/ce28f5bb42b7a9f2c824e633a3f6ee835bab6858...181d5eefc20863364f96762470ba6f862bdef56b)\n\n---\nupdated-dependencies:\n- dependency-name: step-security/harden-runner\n dependency-version: 2.12.2\n dependency-type: direct:production\n update-type: version-update:semver-patch\n dependency-group: actions\n- dependency-name: github/codeql-action\n dependency-version: 3.29.2\n dependency-type: direct:production\n update-type: version-update:semver-patch\n dependency-group: actions\n...\n\nSigned-off-by: dependabot[bot] \u003csupport@github.com\u003e\nCo-authored-by: dependabot[bot] \u003c49699333+dependabot[bot]@users.noreply.github.com\u003e" }, { "commit": "c97b2ef6452438b4749ae778f809a49ad4c7b43e", "tree": "9a469938f450aee7b5d656f7c312f8b361cd4425", "parents": [ "2c7a276cf69cdb5ea849fb6d938462e1e9d7b694" ], "author": { "name": "Copilot", "email": "198982749+Copilot@users.noreply.github.com", "time": "Thu Jul 10 14:56:02 2025 -0700" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Thu Jul 10 14:56:02 2025 -0700" }, "message": "Switch Windows runners from windows-2019 to windows-2022 (#672)\n\n* Initial plan\n\n* Switch Windows runner from windows-2019 to windows-2022\n\nCo-authored-by: Alan-Jowett \u003c20480683+Alan-Jowett@users.noreply.github.com\u003e\n\n---------\n\nCo-authored-by: copilot-swe-agent[bot] \u003c198982749+Copilot@users.noreply.github.com\u003e\nCo-authored-by: Alan-Jowett \u003c20480683+Alan-Jowett@users.noreply.github.com\u003e" }, { "commit": "2c7a276cf69cdb5ea849fb6d938462e1e9d7b694", "tree": "5b31303270d3be8d5f247c8a65832f0325aeeaa7", "parents": [ "ef4e9e71baa59ae23f7cae466c4d1e99d599906d" ], "author": { "name": "Alex Forster", "email": "alex@alexforster.com", "time": "Tue Jun 24 05:32:09 2025 +0800" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Mon Jun 23 21:32:09 2025 +0000" }, "message": "Fix UBPF_SKIP_EXTERNAL CMake option (#662)\n\nSigned-off-by: Alex Forster \u003caforster@cloudflare.com\u003e" }, { "commit": "ef4e9e71baa59ae23f7cae466c4d1e99d599906d", "tree": "962bd8961415f6fc002992b619202118cd2792f7", "parents": [ "a568817976ba29a31a13c0d5642c91d38c33a4b0" ], "author": { "name": "dependabot[bot]", "email": "49699333+dependabot[bot]@users.noreply.github.com", "time": "Mon Jun 23 09:41:25 2025 -0700" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Mon Jun 23 09:41:25 2025 -0700" }, "message": "build(deps): bump the actions group across 1 directory with 3 updates (#665)\n\nBumps the actions group with 3 updates in the / directory: [step-security/harden-runner](https://github.com/step-security/harden-runner), [github/codeql-action](https://github.com/github/codeql-action) and [ossf/scorecard-action](https://github.com/ossf/scorecard-action).\n\n\nUpdates `step-security/harden-runner` from 2.12.0 to 2.12.1\n- [Release notes](https://github.com/step-security/harden-runner/releases)\n- [Commits](https://github.com/step-security/harden-runner/compare/0634a2670c59f64b4a01f0f96f84700a4088b9f0...002fdce3c6a235733a90a27c80493a3241e56863)\n\nUpdates `github/codeql-action` from 3.28.18 to 3.29.0\n- [Release notes](https://github.com/github/codeql-action/releases)\n- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)\n- [Commits](https://github.com/github/codeql-action/compare/ff0a06e83cb2de871e5a09832bc6a81e7276941f...ce28f5bb42b7a9f2c824e633a3f6ee835bab6858)\n\nUpdates `ossf/scorecard-action` from 2.4.1 to 2.4.2\n- [Release notes](https://github.com/ossf/scorecard-action/releases)\n- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md)\n- [Commits](https://github.com/ossf/scorecard-action/compare/f49aabe0b5af0936a0987cfb85d86b75731b0186...05b42c624433fc40578a4040d5cf5e36ddca8cde)\n\n---\nupdated-dependencies:\n- dependency-name: step-security/harden-runner\n dependency-version: 2.12.1\n dependency-type: direct:production\n update-type: version-update:semver-patch\n dependency-group: actions\n- dependency-name: github/codeql-action\n dependency-version: 3.29.0\n dependency-type: direct:production\n update-type: version-update:semver-minor\n dependency-group: actions\n- dependency-name: ossf/scorecard-action\n dependency-version: 2.4.2\n dependency-type: direct:production\n update-type: version-update:semver-patch\n dependency-group: actions\n...\n\nSigned-off-by: dependabot[bot] \u003csupport@github.com\u003e\nCo-authored-by: dependabot[bot] \u003c49699333+dependabot[bot]@users.noreply.github.com\u003e" }, { "commit": "a568817976ba29a31a13c0d5642c91d38c33a4b0", "tree": "fdb73bf5326cf5bca6c96b95c85ebe5673adf800", "parents": [ "94a40b20d4c997f31ae9d4459dc85198085a750e" ], "author": { "name": "dependabot[bot]", "email": "49699333+dependabot[bot]@users.noreply.github.com", "time": "Thu May 22 10:30:45 2025 -0700" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Thu May 22 10:30:45 2025 -0700" }, "message": "build(deps): bump the actions group across 1 directory with 4 updates (#656)\n\nBumps the actions group with 4 updates in the / directory: [step-security/harden-runner](https://github.com/step-security/harden-runner), [actions/dependency-review-action](https://github.com/actions/dependency-review-action), [actions/download-artifact](https://github.com/actions/download-artifact) and [github/codeql-action](https://github.com/github/codeql-action).\n\n\nUpdates `step-security/harden-runner` from 2.11.1 to 2.12.0\n- [Release notes](https://github.com/step-security/harden-runner/releases)\n- [Commits](https://github.com/step-security/harden-runner/compare/c6295a65d1254861815972266d5933fd6e532bdf...0634a2670c59f64b4a01f0f96f84700a4088b9f0)\n\nUpdates `actions/dependency-review-action` from 4.6.0 to 4.7.0\n- [Release notes](https://github.com/actions/dependency-review-action/releases)\n- [Commits](https://github.com/actions/dependency-review-action/compare/ce3cf9537a52e8119d91fd484ab5b8a807627bf8...38ecb5b593bf0eb19e335c03f97670f792489a8b)\n\nUpdates `actions/download-artifact` from 4.2.1 to 4.3.0\n- [Release notes](https://github.com/actions/download-artifact/releases)\n- [Commits](https://github.com/actions/download-artifact/compare/95815c38cf2ff2164869cbab79da8d1f422bc89e...d3f86a106a0bac45b974a628896c90dbdf5c8093)\n\nUpdates `github/codeql-action` from 3.28.13 to 3.28.17\n- [Release notes](https://github.com/github/codeql-action/releases)\n- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)\n- [Commits](https://github.com/github/codeql-action/compare/1b549b9259bda1cb5ddde3b41741a82a2d15a841...60168efe1c415ce0f5521ea06d5c2062adbeed1b)\n\n---\nupdated-dependencies:\n- dependency-name: step-security/harden-runner\n dependency-version: 2.12.0\n dependency-type: direct:production\n update-type: version-update:semver-minor\n dependency-group: actions\n- dependency-name: actions/dependency-review-action\n dependency-version: 4.7.0\n dependency-type: direct:production\n update-type: version-update:semver-minor\n dependency-group: actions\n- dependency-name: actions/download-artifact\n dependency-version: 4.3.0\n dependency-type: direct:production\n update-type: version-update:semver-minor\n dependency-group: actions\n- dependency-name: github/codeql-action\n dependency-version: 3.28.17\n dependency-type: direct:production\n update-type: version-update:semver-patch\n dependency-group: actions\n...\n\nSigned-off-by: dependabot[bot] \u003csupport@github.com\u003e\nCo-authored-by: dependabot[bot] \u003c49699333+dependabot[bot]@users.noreply.github.com\u003e" }, { "commit": "94a40b20d4c997f31ae9d4459dc85198085a750e", "tree": "e507dc8ba1d8d17d7a8f86f6a890312c29ce5f9c", "parents": [ "188b6651706f24deb2561431074409d75dd999a4" ], "author": { "name": "Alan Jowett", "email": "alanjo@microsoft.com", "time": "Thu May 22 10:01:08 2025 -0700" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Thu May 22 10:01:08 2025 -0700" }, "message": "Pickup latest bpf_conformance (#659)\n\nSigned-off-by: Alan Jowett \u003calanjo@microsoft.com\u003e" }, { "commit": "188b6651706f24deb2561431074409d75dd999a4", "tree": "59ce3508c77c025c9f01bdee6aa83c0f8dedd331", "parents": [ "8e5b6127405b7383667976c3dd1c09e82dfa86a1" ], "author": { "name": "Jon Arney", "email": "jarneyg@gmail.com", "time": "Wed May 14 13:28:42 2025 -0700" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Wed May 14 13:28:42 2025 -0700" }, "message": "Issue 510: Wrong conditional for offset check in ELF relocation for symbols. (#657)\n\n" }, { "commit": "8e5b6127405b7383667976c3dd1c09e82dfa86a1", "tree": "9f48a30aed06a67fea8b4b6d90db3ba8c68dbbcc", "parents": [ "288fc432fa8345f0d226b0a3948a50462776f198" ], "author": { "name": "dependabot[bot]", "email": "49699333+dependabot[bot]@users.noreply.github.com", "time": "Tue Apr 08 08:40:19 2025 -0700" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Tue Apr 08 08:40:19 2025 -0700" }, "message": "build(deps): bump the actions group with 2 updates (#652)\n\nBumps the actions group with 2 updates: [step-security/harden-runner](https://github.com/step-security/harden-runner) and [actions/dependency-review-action](https://github.com/actions/dependency-review-action).\n\n\nUpdates `step-security/harden-runner` from 2.11.0 to 2.11.1\n- [Release notes](https://github.com/step-security/harden-runner/releases)\n- [Commits](https://github.com/step-security/harden-runner/compare/4d991eb9b905ef189e4c376166672c3f2f230481...c6295a65d1254861815972266d5933fd6e532bdf)\n\nUpdates `actions/dependency-review-action` from 4.5.0 to 4.6.0\n- [Release notes](https://github.com/actions/dependency-review-action/releases)\n- [Commits](https://github.com/actions/dependency-review-action/compare/3b139cfc5fae8b618d3eae3675e383bb1769c019...ce3cf9537a52e8119d91fd484ab5b8a807627bf8)\n\n---\nupdated-dependencies:\n- dependency-name: step-security/harden-runner\n dependency-version: 2.11.1\n dependency-type: direct:production\n update-type: version-update:semver-patch\n dependency-group: actions\n- dependency-name: actions/dependency-review-action\n dependency-version: 4.6.0\n dependency-type: direct:production\n update-type: version-update:semver-minor\n dependency-group: actions\n...\n\nSigned-off-by: dependabot[bot] \u003csupport@github.com\u003e\nCo-authored-by: dependabot[bot] \u003c49699333+dependabot[bot]@users.noreply.github.com\u003e" }, { "commit": "288fc432fa8345f0d226b0a3948a50462776f198", "tree": "c77cda7c14aaa3650f5875dc6410514696a20d6b", "parents": [ "e0823b24a0833815e17cce632ad98e29d09ddcb8" ], "author": { "name": "dependabot[bot]", "email": "49699333+dependabot[bot]@users.noreply.github.com", "time": "Wed Apr 02 07:59:05 2025 -0700" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Wed Apr 02 07:59:05 2025 -0700" }, "message": "build(deps): bump github/codeql-action in the actions group (#651)\n\nBumps the actions group with 1 update: [github/codeql-action](https://github.com/github/codeql-action).\n\n\nUpdates `github/codeql-action` from 3.28.12 to 3.28.13\n- [Release notes](https://github.com/github/codeql-action/releases)\n- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)\n- [Commits](https://github.com/github/codeql-action/compare/5f8171a638ada777af81d42b55959a643bb29017...1b549b9259bda1cb5ddde3b41741a82a2d15a841)\n\n---\nupdated-dependencies:\n- dependency-name: github/codeql-action\n dependency-type: direct:production\n update-type: version-update:semver-patch\n dependency-group: actions\n...\n\nSigned-off-by: dependabot[bot] \u003csupport@github.com\u003e\nCo-authored-by: dependabot[bot] \u003c49699333+dependabot[bot]@users.noreply.github.com\u003e" }, { "commit": "e0823b24a0833815e17cce632ad98e29d09ddcb8", "tree": "70fe6f16d41065ca1746f2cf3cc46c313b08df13", "parents": [ "5585c83def35054a0776ac2aa848ea9281b4ed1e" ], "author": { "name": "Kristófer Fannar Björnsson", "email": "68929760+kristoferfannar@users.noreply.github.com", "time": "Tue Mar 25 18:12:43 2025 -0400" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Tue Mar 25 22:12:43 2025 +0000" }, "message": "Prune git submodules in format script (#649)\n\n* prune formatting within submodules\n\n* add comment" }, { "commit": "5585c83def35054a0776ac2aa848ea9281b4ed1e", "tree": "54f979d82f263531210bc41f13b8d8faffc883f2", "parents": [ "8782fd394a9138fdd5ecd482ee036eb0f1cec499" ], "author": { "name": "dependabot[bot]", "email": "49699333+dependabot[bot]@users.noreply.github.com", "time": "Mon Mar 24 17:03:31 2025 -0700" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Mon Mar 24 17:03:31 2025 -0700" }, "message": "build(deps): bump the actions group across 1 directory with 4 updates (#650)\n\nBumps the actions group with 4 updates in the / directory: [actions/cache](https://github.com/actions/cache), [actions/upload-artifact](https://github.com/actions/upload-artifact), [actions/download-artifact](https://github.com/actions/download-artifact) and [github/codeql-action](https://github.com/github/codeql-action).\n\n\nUpdates `actions/cache` from 4.2.1 to 4.2.3\n- [Release notes](https://github.com/actions/cache/releases)\n- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)\n- [Commits](https://github.com/actions/cache/compare/0c907a75c2c80ebcb7f088228285e798b750cf8f...5a3ec84eff668545956fd18022155c47e93e2684)\n\nUpdates `actions/upload-artifact` from 4.6.1 to 4.6.2\n- [Release notes](https://github.com/actions/upload-artifact/releases)\n- [Commits](https://github.com/actions/upload-artifact/compare/4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1...ea165f8d65b6e75b540449e92b4886f43607fa02)\n\nUpdates `actions/download-artifact` from 4.1.8 to 4.2.1\n- [Release notes](https://github.com/actions/download-artifact/releases)\n- [Commits](https://github.com/actions/download-artifact/compare/fa0a91b85d4f404e444e00e005971372dc801d16...95815c38cf2ff2164869cbab79da8d1f422bc89e)\n\nUpdates `github/codeql-action` from 3.28.10 to 3.28.12\n- [Release notes](https://github.com/github/codeql-action/releases)\n- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)\n- [Commits](https://github.com/github/codeql-action/compare/b56ba49b26e50535fa1e7f7db0f4f7b4bf65d80d...5f8171a638ada777af81d42b55959a643bb29017)\n\n---\nupdated-dependencies:\n- dependency-name: actions/cache\n dependency-type: direct:production\n update-type: version-update:semver-patch\n dependency-group: actions\n- dependency-name: actions/upload-artifact\n dependency-type: direct:production\n update-type: version-update:semver-patch\n dependency-group: actions\n- dependency-name: actions/download-artifact\n dependency-type: direct:production\n update-type: version-update:semver-minor\n dependency-group: actions\n- dependency-name: github/codeql-action\n dependency-type: direct:production\n update-type: version-update:semver-patch\n dependency-group: actions\n...\n\nSigned-off-by: dependabot[bot] \u003csupport@github.com\u003e\nCo-authored-by: dependabot[bot] \u003c49699333+dependabot[bot]@users.noreply.github.com\u003e" }, { "commit": "8782fd394a9138fdd5ecd482ee036eb0f1cec499", "tree": "6a0380baf2059298efb0bb2bfb0ca9a722e49fb0", "parents": [ "e563b97fa2374e96a143fd925645cb44f6b613e3" ], "author": { "name": "dependabot[bot]", "email": "49699333+dependabot[bot]@users.noreply.github.com", "time": "Mon Feb 24 16:26:58 2025 +0000" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Mon Feb 24 16:26:58 2025 +0000" }, "message": "build(deps): bump the actions group with 5 updates (#643)\n\nBumps the actions group with 5 updates:\n\n| Package | From | To |\n| --- | --- | --- |\n| [step-security/harden-runner](https://github.com/step-security/harden-runner) | `2.10.4` | `2.11.0` |\n| [actions/cache](https://github.com/actions/cache) | `4.2.0` | `4.2.1` |\n| [actions/upload-artifact](https://github.com/actions/upload-artifact) | `4.6.0` | `4.6.1` |\n| [github/codeql-action](https://github.com/github/codeql-action) | `3.28.9` | `3.28.10` |\n| [ossf/scorecard-action](https://github.com/ossf/scorecard-action) | `2.4.0` | `2.4.1` |\n\n\nUpdates `step-security/harden-runner` from 2.10.4 to 2.11.0\n- [Release notes](https://github.com/step-security/harden-runner/releases)\n- [Commits](https://github.com/step-security/harden-runner/compare/cb605e52c26070c328afc4562f0b4ada7618a84e...4d991eb9b905ef189e4c376166672c3f2f230481)\n\nUpdates `actions/cache` from 4.2.0 to 4.2.1\n- [Release notes](https://github.com/actions/cache/releases)\n- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)\n- [Commits](https://github.com/actions/cache/compare/1bd1e32a3bdc45362d1e726936510720a7c30a57...0c907a75c2c80ebcb7f088228285e798b750cf8f)\n\nUpdates `actions/upload-artifact` from 4.6.0 to 4.6.1\n- [Release notes](https://github.com/actions/upload-artifact/releases)\n- [Commits](https://github.com/actions/upload-artifact/compare/65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08...4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1)\n\nUpdates `github/codeql-action` from 3.28.9 to 3.28.10\n- [Release notes](https://github.com/github/codeql-action/releases)\n- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)\n- [Commits](https://github.com/github/codeql-action/compare/9e8d0789d4a0fa9ceb6b1738f7e269594bdd67f0...b56ba49b26e50535fa1e7f7db0f4f7b4bf65d80d)\n\nUpdates `ossf/scorecard-action` from 2.4.0 to 2.4.1\n- [Release notes](https://github.com/ossf/scorecard-action/releases)\n- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md)\n- [Commits](https://github.com/ossf/scorecard-action/compare/62b2cac7ed8198b15735ed49ab1e5cf35480ba46...f49aabe0b5af0936a0987cfb85d86b75731b0186)\n\n---\nupdated-dependencies:\n- dependency-name: step-security/harden-runner\n dependency-type: direct:production\n update-type: version-update:semver-minor\n dependency-group: actions\n- dependency-name: actions/cache\n dependency-type: direct:production\n update-type: version-update:semver-patch\n dependency-group: actions\n- dependency-name: actions/upload-artifact\n dependency-type: direct:production\n update-type: version-update:semver-patch\n dependency-group: actions\n- dependency-name: github/codeql-action\n dependency-type: direct:production\n update-type: version-update:semver-patch\n dependency-group: actions\n- dependency-name: ossf/scorecard-action\n dependency-type: direct:production\n update-type: version-update:semver-patch\n dependency-group: actions\n...\n\nSigned-off-by: dependabot[bot] \u003csupport@github.com\u003e\nCo-authored-by: dependabot[bot] \u003c49699333+dependabot[bot]@users.noreply.github.com\u003e" }, { "commit": "e563b97fa2374e96a143fd925645cb44f6b613e3", "tree": "c77c853d7cf20b6601351b28702ceadff11e4e64", "parents": [ "2ad882f0a2132c61c41781a26eb1b437f75ec67e" ], "author": { "name": "dependabot[bot]", "email": "49699333+dependabot[bot]@users.noreply.github.com", "time": "Mon Feb 24 08:13:14 2025 -0800" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Mon Feb 24 08:13:14 2025 -0800" }, "message": "build(deps): update pyelftools requirement in the actions group (#642)\n\nUpdates the requirements on [pyelftools](https://github.com/eliben/pyelftools) to permit the latest version.\n\nUpdates `pyelftools` to 0.32\n- [Changelog](https://github.com/eliben/pyelftools/blob/main/CHANGES)\n- [Commits](https://github.com/eliben/pyelftools/compare/v0.31...v0.32)\n\n---\nupdated-dependencies:\n- dependency-name: pyelftools\n dependency-type: direct:production\n dependency-group: actions\n...\n\nSigned-off-by: dependabot[bot] \u003csupport@github.com\u003e\nCo-authored-by: dependabot[bot] \u003c49699333+dependabot[bot]@users.noreply.github.com\u003e" }, { "commit": "2ad882f0a2132c61c41781a26eb1b437f75ec67e", "tree": "26538c32f9a20406954437dd7e48263a357b0957", "parents": [ "8efaff77cea1d7026565a64d02c769cc6a0b6822" ], "author": { "name": "dependabot[bot]", "email": "49699333+dependabot[bot]@users.noreply.github.com", "time": "Wed Feb 19 13:47:02 2025 -0800" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Wed Feb 19 13:47:02 2025 -0800" }, "message": "build(deps): bump github/codeql-action in the actions group (#639)\n\nBumps the actions group with 1 update: [github/codeql-action](https://github.com/github/codeql-action).\r\n\r\n\r\nUpdates `github/codeql-action` from 3.28.8 to 3.28.9\r\n- [Release notes](https://github.com/github/codeql-action/releases)\r\n- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)\r\n- [Commits](https://github.com/github/codeql-action/compare/dd746615b3b9d728a6a37ca2045b68ca76d4841a...9e8d0789d4a0fa9ceb6b1738f7e269594bdd67f0)\r\n\r\n---\r\nupdated-dependencies:\r\n- dependency-name: github/codeql-action\r\n dependency-type: direct:production\r\n update-type: version-update:semver-patch\r\n dependency-group: actions\r\n...\r\n\r\nSigned-off-by: dependabot[bot] \u003csupport@github.com\u003e\r\nCo-authored-by: dependabot[bot] \u003c49699333+dependabot[bot]@users.noreply.github.com\u003e" }, { "commit": "8efaff77cea1d7026565a64d02c769cc6a0b6822", "tree": "986197dd59c070ee8d7b965f711c1c4ed481081d", "parents": [ "50cfeed0140daedad94bccf49043f4e349178fbf" ], "author": { "name": "dependabot[bot]", "email": "49699333+dependabot[bot]@users.noreply.github.com", "time": "Mon Feb 03 16:23:37 2025 +0000" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Mon Feb 03 16:23:37 2025 +0000" }, "message": "build(deps): bump the actions group with 2 updates (#635)\n\nBumps the actions group with 2 updates: [coverallsapp/github-action](https://github.com/coverallsapp/github-action) and [github/codeql-action](https://github.com/github/codeql-action).\r\n\r\n\r\nUpdates `coverallsapp/github-action` from 2.3.5 to 2.3.6\r\n- [Release notes](https://github.com/coverallsapp/github-action/releases)\r\n- [Commits](https://github.com/coverallsapp/github-action/compare/773b6d8e80fa7862da56a7664bd747c91255b2e2...648a8eb78e6d50909eff900e4ec85cab4524a45b)\r\n\r\nUpdates `github/codeql-action` from 3.28.5 to 3.28.8\r\n- [Release notes](https://github.com/github/codeql-action/releases)\r\n- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)\r\n- [Commits](https://github.com/github/codeql-action/compare/f6091c0113d1dcf9b98e269ee48e8a7e51b7bdd4...dd746615b3b9d728a6a37ca2045b68ca76d4841a)\r\n\r\n---\r\nupdated-dependencies:\r\n- dependency-name: coverallsapp/github-action\r\n dependency-type: direct:production\r\n update-type: version-update:semver-patch\r\n dependency-group: actions\r\n- dependency-name: github/codeql-action\r\n dependency-type: direct:production\r\n update-type: version-update:semver-patch\r\n dependency-group: actions\r\n...\r\n\r\nSigned-off-by: dependabot[bot] \u003csupport@github.com\u003e\r\nCo-authored-by: dependabot[bot] \u003c49699333+dependabot[bot]@users.noreply.github.com\u003e" }, { "commit": "50cfeed0140daedad94bccf49043f4e349178fbf", "tree": "026181e578def1423d2b6d149d8ceaea3404cd07", "parents": [ "d6823777bb581f8868dc6980311d0a540bb9fe1d" ], "author": { "name": "dependabot[bot]", "email": "49699333+dependabot[bot]@users.noreply.github.com", "time": "Mon Feb 03 08:09:21 2025 -0800" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Mon Feb 03 08:09:21 2025 -0800" }, "message": "build(deps): bump external/bpf_conformance in the actions group (#636)\n\nBumps the actions group with 1 update: [external/bpf_conformance](https://github.com/Alan-Jowett/bpf_conformance).\r\n\r\n\r\nUpdates `external/bpf_conformance` from `514fa97` to `318cc3b`\r\n- [Release notes](https://github.com/Alan-Jowett/bpf_conformance/releases)\r\n- [Commits](https://github.com/Alan-Jowett/bpf_conformance/compare/514fa974bdf0274a1365a2c4e738b5fe5b23cb75...318cc3b3403a958b0ea78137d360007eec2e06f4)\r\n\r\n---\r\nupdated-dependencies:\r\n- dependency-name: external/bpf_conformance\r\n dependency-type: direct:production\r\n dependency-group: actions\r\n...\r\n\r\nSigned-off-by: dependabot[bot] \u003csupport@github.com\u003e\r\nCo-authored-by: dependabot[bot] \u003c49699333+dependabot[bot]@users.noreply.github.com\u003e" }, { "commit": "d6823777bb581f8868dc6980311d0a540bb9fe1d", "tree": "061dddc81beb2b49accd682cff25239d537df60d", "parents": [ "16d52a46ff0d067af1bbd630ac4dfbc1b61ced16" ], "author": { "name": "Alan Jowett", "email": "alanjo@microsoft.com", "time": "Thu Jan 30 13:39:29 2025 -0800" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Thu Jan 30 13:39:29 2025 -0800" }, "message": "Update version of ebpf-verifier being fuzzed (#632)\n\nSigned-off-by: Alan Jowett \u003calanjo@microsoft.com\u003e" }, { "commit": "16d52a46ff0d067af1bbd630ac4dfbc1b61ced16", "tree": "553781cf3070c494dbf89278058254dbe62e4c6e", "parents": [ "0620a1d9ddb1f30157eadd77c53b8c9361c56926" ], "author": { "name": "dependabot[bot]", "email": "49699333+dependabot[bot]@users.noreply.github.com", "time": "Wed Jan 29 09:27:07 2025 -0800" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Wed Jan 29 09:27:07 2025 -0800" }, "message": "build(deps): bump the actions group with 3 updates (#633)\n\nBumps the actions group with 3 updates: [step-security/harden-runner](https://github.com/step-security/harden-runner), [coverallsapp/github-action](https://github.com/coverallsapp/github-action) and [github/codeql-action](https://github.com/github/codeql-action).\r\n\r\n\r\nUpdates `step-security/harden-runner` from 2.10.3 to 2.10.4\r\n- [Release notes](https://github.com/step-security/harden-runner/releases)\r\n- [Commits](https://github.com/step-security/harden-runner/compare/c95a14d0e5bab51a9f56296a4eb0e416910cd350...cb605e52c26070c328afc4562f0b4ada7618a84e)\r\n\r\nUpdates `coverallsapp/github-action` from 2.3.4 to 2.3.5\r\n- [Release notes](https://github.com/coverallsapp/github-action/releases)\r\n- [Commits](https://github.com/coverallsapp/github-action/compare/cfd0633edbd2411b532b808ba7a8b5e04f76d2c8...773b6d8e80fa7862da56a7664bd747c91255b2e2)\r\n\r\nUpdates `github/codeql-action` from 3.28.1 to 3.28.5\r\n- [Release notes](https://github.com/github/codeql-action/releases)\r\n- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)\r\n- [Commits](https://github.com/github/codeql-action/compare/b6a472f63d85b9c78a3ac5e89422239fc15e9b3c...f6091c0113d1dcf9b98e269ee48e8a7e51b7bdd4)\r\n\r\n---\r\nupdated-dependencies:\r\n- dependency-name: step-security/harden-runner\r\n dependency-type: direct:production\r\n update-type: version-update:semver-patch\r\n dependency-group: actions\r\n- dependency-name: coverallsapp/github-action\r\n dependency-type: direct:production\r\n update-type: version-update:semver-patch\r\n dependency-group: actions\r\n- dependency-name: github/codeql-action\r\n dependency-type: direct:production\r\n update-type: version-update:semver-patch\r\n dependency-group: actions\r\n...\r\n\r\nSigned-off-by: dependabot[bot] \u003csupport@github.com\u003e\r\nCo-authored-by: dependabot[bot] \u003c49699333+dependabot[bot]@users.noreply.github.com\u003e" }, { "commit": "0620a1d9ddb1f30157eadd77c53b8c9361c56926", "tree": "cc487405612291b075aae022d623a836edd8a43e", "parents": [ "0e4b3c7fe6f01533001814be37676e3b810978c0" ], "author": { "name": "Alan Jowett", "email": "alanjo@microsoft.com", "time": "Tue Jan 21 11:02:35 2025 -0800" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Tue Jan 21 11:02:35 2025 -0800" }, "message": "Handle changes to lcov (#631)\n\nSigned-off-by: Alan Jowett \u003calanjo@microsoft.com\u003e" }, { "commit": "0e4b3c7fe6f01533001814be37676e3b810978c0", "tree": "bfa297eb5fcaae800b03abfb6f6508e259ff8c80", "parents": [ "6628f4a179478d2464cb6d849d1b0cf1b29e4d38" ], "author": { "name": "Will Hawkins", "email": "whh8b@obs.cr", "time": "Fri Jan 17 17:59:27 2025 -0500" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Fri Jan 17 22:59:27 2025 +0000" }, "message": "Cleanup Handling of Targets During JITing. (#626)\n\nUntil now, special targets during JITing were handled using constant\r\nvaludes that _could_ be valid addresses on certain architectures. To\r\ndisambiguate, this patch adds more precise metadata for each target.\r\n\r\nSigned-off-by: Will Hawkins \u003chawkinsw@obs.cr\u003e" }, { "commit": "6628f4a179478d2464cb6d849d1b0cf1b29e4d38", "tree": "961d1df60c3cc30f76020461e1e0083842b5a33d", "parents": [ "caa00818177f373cfe944c8d41fd769d7a2a5be0" ], "author": { "name": "dependabot[bot]", "email": "49699333+dependabot[bot]@users.noreply.github.com", "time": "Wed Jan 15 11:45:51 2025 -0800" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Wed Jan 15 11:45:51 2025 -0800" }, "message": "build(deps): bump the actions group with 3 updates (#628)\n\nBumps the actions group with 3 updates: [step-security/harden-runner](https://github.com/step-security/harden-runner), [actions/upload-artifact](https://github.com/actions/upload-artifact) and [github/codeql-action](https://github.com/github/codeql-action).\r\n\r\n\r\nUpdates `step-security/harden-runner` from 2.10.2 to 2.10.3\r\n- [Release notes](https://github.com/step-security/harden-runner/releases)\r\n- [Commits](https://github.com/step-security/harden-runner/compare/0080882f6c36860b6ba35c610c98ce87d4e2f26f...c95a14d0e5bab51a9f56296a4eb0e416910cd350)\r\n\r\nUpdates `actions/upload-artifact` from 4.5.0 to 4.6.0\r\n- [Release notes](https://github.com/actions/upload-artifact/releases)\r\n- [Commits](https://github.com/actions/upload-artifact/compare/6f51ac03b9356f520e9adb1b1b7802705f340c2b...65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08)\r\n\r\nUpdates `github/codeql-action` from 3.28.0 to 3.28.1\r\n- [Release notes](https://github.com/github/codeql-action/releases)\r\n- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)\r\n- [Commits](https://github.com/github/codeql-action/compare/48ab28a6f5dbc2a99bf1e0131198dd8f1df78169...b6a472f63d85b9c78a3ac5e89422239fc15e9b3c)\r\n\r\n---\r\nupdated-dependencies:\r\n- dependency-name: step-security/harden-runner\r\n dependency-type: direct:production\r\n update-type: version-update:semver-patch\r\n dependency-group: actions\r\n- dependency-name: actions/upload-artifact\r\n dependency-type: direct:production\r\n update-type: version-update:semver-minor\r\n dependency-group: actions\r\n- dependency-name: github/codeql-action\r\n dependency-type: direct:production\r\n update-type: version-update:semver-patch\r\n dependency-group: actions\r\n...\r\n\r\nSigned-off-by: dependabot[bot] \u003csupport@github.com\u003e\r\nCo-authored-by: dependabot[bot] \u003c49699333+dependabot[bot]@users.noreply.github.com\u003e" }, { "commit": "caa00818177f373cfe944c8d41fd769d7a2a5be0", "tree": "ba0656d9ee2192a6de8b5988671270fb6f1cb1ec", "parents": [ "0aa26cdd165cebdb678f3138e29162fa172afb81" ], "author": { "name": "dependabot[bot]", "email": "49699333+dependabot[bot]@users.noreply.github.com", "time": "Fri Jan 10 09:37:09 2025 -0800" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Fri Jan 10 09:37:09 2025 -0800" }, "message": "build(deps): bump the actions group with 2 updates (#624)\n\nBumps the actions group with 2 updates: [actions/upload-artifact](https://github.com/actions/upload-artifact) and [github/codeql-action](https://github.com/github/codeql-action).\r\n\r\n\r\nUpdates `actions/upload-artifact` from 4.4.3 to 4.5.0\r\n- [Release notes](https://github.com/actions/upload-artifact/releases)\r\n- [Commits](https://github.com/actions/upload-artifact/compare/b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882...6f51ac03b9356f520e9adb1b1b7802705f340c2b)\r\n\r\nUpdates `github/codeql-action` from 3.27.9 to 3.28.0\r\n- [Release notes](https://github.com/github/codeql-action/releases)\r\n- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)\r\n- [Commits](https://github.com/github/codeql-action/compare/df409f7d9260372bd5f19e5b04e83cb3c43714ae...48ab28a6f5dbc2a99bf1e0131198dd8f1df78169)\r\n\r\n---\r\nupdated-dependencies:\r\n- dependency-name: actions/upload-artifact\r\n dependency-type: direct:production\r\n update-type: version-update:semver-minor\r\n dependency-group: actions\r\n- dependency-name: github/codeql-action\r\n dependency-type: direct:production\r\n update-type: version-update:semver-minor\r\n dependency-group: actions\r\n...\r\n\r\nSigned-off-by: dependabot[bot] \u003csupport@github.com\u003e\r\nCo-authored-by: dependabot[bot] \u003c49699333+dependabot[bot]@users.noreply.github.com\u003e" }, { "commit": "0aa26cdd165cebdb678f3138e29162fa172afb81", "tree": "98ce1584992c8f36ac30ad787328fca03e43a8bc", "parents": [ "f5e6778dd031584c40d59cba0df7293331b56339" ], "author": { "name": "dependabot[bot]", "email": "49699333+dependabot[bot]@users.noreply.github.com", "time": "Sun Dec 15 11:45:19 2024 -0800" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Sun Dec 15 11:45:19 2024 -0800" }, "message": "build(deps): bump github/codeql-action in the actions group (#621)\n\nBumps the actions group with 1 update: [github/codeql-action](https://github.com/github/codeql-action).\n\n\nUpdates `github/codeql-action` from 3.27.6 to 3.27.9\n- [Release notes](https://github.com/github/codeql-action/releases)\n- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)\n- [Commits](https://github.com/github/codeql-action/compare/aa578102511db1f4524ed59b8cc2bae4f6e88195...df409f7d9260372bd5f19e5b04e83cb3c43714ae)\n\n---\nupdated-dependencies:\n- dependency-name: github/codeql-action\n dependency-type: direct:production\n update-type: version-update:semver-patch\n dependency-group: actions\n...\n\nSigned-off-by: dependabot[bot] \u003csupport@github.com\u003e\nCo-authored-by: dependabot[bot] \u003c49699333+dependabot[bot]@users.noreply.github.com\u003e" }, { "commit": "f5e6778dd031584c40d59cba0df7293331b56339", "tree": "107222b9dc7b18976a0884bccbe4d2e37dde09b6", "parents": [ "1da1d8e529bb1b889b9f771c051900a2fd93aa94" ], "author": { "name": "Alan Jowett", "email": "alanjo@microsoft.com", "time": "Tue Dec 10 09:20:25 2024 -0800" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Tue Dec 10 09:20:25 2024 -0800" }, "message": "Ignore build fuzzer (#620)\n\nSigned-off-by: Alan Jowett \u003calanjo@microsoft.com\u003e" }, { "commit": "1da1d8e529bb1b889b9f771c051900a2fd93aa94", "tree": "4cbe72c80f142d67eab37cba68cda80616cab491", "parents": [ "c4949926bd756507d5bc8bb7eaa5c4a3166522c7" ], "author": { "name": "dependabot[bot]", "email": "49699333+dependabot[bot]@users.noreply.github.com", "time": "Mon Dec 09 14:58:50 2024 -0800" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Mon Dec 09 14:58:50 2024 -0800" }, "message": "build(deps): bump the actions group with 2 updates (#619)\n\nBumps the actions group with 2 updates: [actions/cache](https://github.com/actions/cache) and [github/codeql-action](https://github.com/github/codeql-action).\n\n\nUpdates `actions/cache` from 4.1.2 to 4.2.0\n- [Release notes](https://github.com/actions/cache/releases)\n- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)\n- [Commits](https://github.com/actions/cache/compare/6849a6489940f00c2f30c0fb92c6274307ccb58a...1bd1e32a3bdc45362d1e726936510720a7c30a57)\n\nUpdates `github/codeql-action` from 3.27.5 to 3.27.6\n- [Release notes](https://github.com/github/codeql-action/releases)\n- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)\n- [Commits](https://github.com/github/codeql-action/compare/f09c1c0a94de965c15400f5634aa42fac8fb8f88...aa578102511db1f4524ed59b8cc2bae4f6e88195)\n\n---\nupdated-dependencies:\n- dependency-name: actions/cache\n dependency-type: direct:production\n update-type: version-update:semver-minor\n dependency-group: actions\n- dependency-name: github/codeql-action\n dependency-type: direct:production\n update-type: version-update:semver-patch\n dependency-group: actions\n...\n\nSigned-off-by: dependabot[bot] \u003csupport@github.com\u003e\nCo-authored-by: dependabot[bot] \u003c49699333+dependabot[bot]@users.noreply.github.com\u003e" }, { "commit": "c4949926bd756507d5bc8bb7eaa5c4a3166522c7", "tree": "23371094b5172c082abdab8540443363bf2ba287", "parents": [ "1b96cfa2f181cbfe76627fab51b039690110a811" ], "author": { "name": "Alan Jowett", "email": "alanjo@microsoft.com", "time": "Wed Dec 04 08:32:52 2024 -0800" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Wed Dec 04 08:32:52 2024 -0800" }, "message": "Update bpf_conformance (#617)\n\nSigned-off-by: Alan Jowett \u003calan.jowett@microsoft.com\u003e\r\nCo-authored-by: Alan Jowett \u003calan.jowett@microsoft.com\u003e" }, { "commit": "1b96cfa2f181cbfe76627fab51b039690110a811", "tree": "62990f1adfed36fa7d8e177027504c05999e6490", "parents": [ "d82c4f81d33e2dc40a440610d020ef41ef68118d" ], "author": { "name": "dependabot[bot]", "email": "49699333+dependabot[bot]@users.noreply.github.com", "time": "Mon Dec 02 18:01:28 2024 +0000" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Mon Dec 02 18:01:28 2024 +0000" }, "message": "build(deps): bump the actions group with 3 updates (#616)\n\nBumps the actions group with 3 updates: [step-security/harden-runner](https://github.com/step-security/harden-runner), [actions/dependency-review-action](https://github.com/actions/dependency-review-action) and [github/codeql-action](https://github.com/github/codeql-action).\r\n\r\n\r\nUpdates `step-security/harden-runner` from 2.10.1 to 2.10.2\r\n- [Release notes](https://github.com/step-security/harden-runner/releases)\r\n- [Commits](https://github.com/step-security/harden-runner/compare/91182cccc01eb5e619899d80e4e971d6181294a7...0080882f6c36860b6ba35c610c98ce87d4e2f26f)\r\n\r\nUpdates `actions/dependency-review-action` from 4.4.0 to 4.5.0\r\n- [Release notes](https://github.com/actions/dependency-review-action/releases)\r\n- [Commits](https://github.com/actions/dependency-review-action/compare/4081bf99e2866ebe428fc0477b69eb4fcda7220a...3b139cfc5fae8b618d3eae3675e383bb1769c019)\r\n\r\nUpdates `github/codeql-action` from 3.27.4 to 3.27.5\r\n- [Release notes](https://github.com/github/codeql-action/releases)\r\n- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)\r\n- [Commits](https://github.com/github/codeql-action/compare/ea9e4e37992a54ee68a9622e985e60c8e8f12d9f...f09c1c0a94de965c15400f5634aa42fac8fb8f88)\r\n\r\n---\r\nupdated-dependencies:\r\n- dependency-name: step-security/harden-runner\r\n dependency-type: direct:production\r\n update-type: version-update:semver-patch\r\n dependency-group: actions\r\n- dependency-name: actions/dependency-review-action\r\n dependency-type: direct:production\r\n update-type: version-update:semver-minor\r\n dependency-group: actions\r\n- dependency-name: github/codeql-action\r\n dependency-type: direct:production\r\n update-type: version-update:semver-patch\r\n dependency-group: actions\r\n...\r\n\r\nSigned-off-by: dependabot[bot] \u003csupport@github.com\u003e\r\nCo-authored-by: dependabot[bot] \u003c49699333+dependabot[bot]@users.noreply.github.com\u003e" }, { "commit": "d82c4f81d33e2dc40a440610d020ef41ef68118d", "tree": "a3b516df55f250136632f5bde9e9ec53a83b3002", "parents": [ "859e35c92f3b8179a530e168ae610f35f14e19da" ], "author": { "name": "Will Hawkins", "email": "whh8b@obs.cr", "time": "Mon Dec 02 12:49:22 2024 -0500" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Mon Dec 02 09:49:22 2024 -0800" }, "message": "Validate specific atomic operation opcodes (#614)\n\nThe eBPF RFC specifies an enumerated list of valid \"sub\" opcodes for\r\natomic operations. These subopcodes are stored in the imm field of the\r\ninstruction. This patch adds support for validating that an atomic\r\noperation contains exactly one of the enumerated values in the RFC.\r\n\r\nSigned-off-by: Will Hawkins \u003chawkinsw@obs.cr\u003e" }, { "commit": "859e35c92f3b8179a530e168ae610f35f14e19da", "tree": "6918b56657e4eb1812793fb2efa661c7d92cfe60", "parents": [ "7ab98e52195305db621c60464d32b3fc8e413336" ], "author": { "name": "dependabot[bot]", "email": "49699333+dependabot[bot]@users.noreply.github.com", "time": "Mon Nov 18 08:07:54 2024 -0800" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Mon Nov 18 08:07:54 2024 -0800" }, "message": "build(deps): bump github/codeql-action in the actions group (#611)\n\nBumps the actions group with 1 update: [github/codeql-action](https://github.com/github/codeql-action).\r\n\r\n\r\nUpdates `github/codeql-action` from 3.27.1 to 3.27.4\r\n- [Release notes](https://github.com/github/codeql-action/releases)\r\n- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)\r\n- [Commits](https://github.com/github/codeql-action/compare/4f3212b61783c3c68e8309a0f18a699764811cda...ea9e4e37992a54ee68a9622e985e60c8e8f12d9f)\r\n\r\n---\r\nupdated-dependencies:\r\n- dependency-name: github/codeql-action\r\n dependency-type: direct:production\r\n update-type: version-update:semver-patch\r\n dependency-group: actions\r\n...\r\n\r\nSigned-off-by: dependabot[bot] \u003csupport@github.com\u003e\r\nCo-authored-by: dependabot[bot] \u003c49699333+dependabot[bot]@users.noreply.github.com\u003e" }, { "commit": "7ab98e52195305db621c60464d32b3fc8e413336", "tree": "8427df29ad43a9e401619fd2f1fe7fbc4a4f5aef", "parents": [ "94f7a4351b200a2e89b7eafa751c5e29efd22dd7" ], "author": { "name": "Alan Jowett", "email": "alanjo@microsoft.com", "time": "Wed Nov 13 13:27:58 2024 -0800" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Wed Nov 13 13:27:58 2024 -0800" }, "message": "Set stack as function of max call depth (#608)\n\nSigned-off-by: Alan Jowett \u003calan.jowett@microsoft.com\u003e\r\nCo-authored-by: Alan Jowett \u003calan.jowett@microsoft.com\u003e" }, { "commit": "94f7a4351b200a2e89b7eafa751c5e29efd22dd7", "tree": "4fb821f2ca36e2662f8ff628db6bd63967d99743", "parents": [ "24087eb5c00c0e581b61bacb10514de1a50bae1e" ], "author": { "name": "Alan Jowett", "email": "alanjo@microsoft.com", "time": "Mon Nov 11 07:38:57 2024 -0800" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Mon Nov 11 07:38:57 2024 -0800" }, "message": "Update submodules (#607)\n\nSigned-off-by: Alan Jowett \u003calan.jowett@microsoft.com\u003e\r\nCo-authored-by: Alan Jowett \u003calan.jowett@microsoft.com\u003e" }, { "commit": "24087eb5c00c0e581b61bacb10514de1a50bae1e", "tree": "3644aff48af1d6429ecfad5f80704adc37361513", "parents": [ "8f776217e1ffd1321fb77dbb08516f18cc955e40" ], "author": { "name": "dependabot[bot]", "email": "49699333+dependabot[bot]@users.noreply.github.com", "time": "Sun Nov 10 17:17:37 2024 -0800" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Sun Nov 10 17:17:37 2024 -0800" }, "message": "build(deps): bump github/codeql-action in the actions group (#604)\n\nBumps the actions group with 1 update: [github/codeql-action](https://github.com/github/codeql-action).\r\n\r\n\r\nUpdates `github/codeql-action` from 3.27.0 to 3.27.1\r\n- [Release notes](https://github.com/github/codeql-action/releases)\r\n- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)\r\n- [Commits](https://github.com/github/codeql-action/compare/662472033e021d55d94146f66f6058822b0b39fd...4f3212b61783c3c68e8309a0f18a699764811cda)\r\n\r\n---\r\nupdated-dependencies:\r\n- dependency-name: github/codeql-action\r\n dependency-type: direct:production\r\n update-type: version-update:semver-patch\r\n dependency-group: actions\r\n...\r\n\r\nSigned-off-by: dependabot[bot] \u003csupport@github.com\u003e\r\nCo-authored-by: dependabot[bot] \u003c49699333+dependabot[bot]@users.noreply.github.com\u003e" }, { "commit": "8f776217e1ffd1321fb77dbb08516f18cc955e40", "tree": "28ea651916c827c9542b2712a6711a44ac9f19ad", "parents": [ "5798dc6689dfe889af5f42899754bd90c86b833c" ], "author": { "name": "Alan Jowett", "email": "alanjo@microsoft.com", "time": "Sat Nov 09 09:02:45 2024 -0800" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Sat Nov 09 09:02:45 2024 -0800" }, "message": "Set timeout on fuzzing (#605)\n\nSigned-off-by: Alan Jowett \u003calan.jowett@microsoft.com\u003e\r\nCo-authored-by: Alan Jowett \u003calan.jowett@microsoft.com\u003e" }, { "commit": "5798dc6689dfe889af5f42899754bd90c86b833c", "tree": "6a1f1b7c833f7517e611521d8a87dcd1de2757f8", "parents": [ "80cc29520f87430063189c013650c46275ad967d" ], "author": { "name": "Alan Jowett", "email": "alanjo@microsoft.com", "time": "Thu Nov 07 16:37:23 2024 -0800" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Thu Nov 07 16:37:23 2024 -0800" }, "message": "Fix labelling for local calls (#602)\n\nSigned-off-by: Alan Jowett \u003calan.jowett@microsoft.com\u003e\r\nCo-authored-by: Alan Jowett \u003calan.jowett@microsoft.com\u003e" }, { "commit": "80cc29520f87430063189c013650c46275ad967d", "tree": "fbd98d66bfa3529f2d2428fd66db199e4dc8286e", "parents": [ "d24bc130da26fe9ed5bd58db17e99a6268234d89" ], "author": { "name": "Alan Jowett", "email": "alanjo@microsoft.com", "time": "Mon Nov 04 07:59:53 2024 -0800" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Mon Nov 04 07:59:53 2024 -0800" }, "message": "Switch back to fuzzing branch (#600)\n\nSigned-off-by: Alan Jowett \u003calan.jowett@microsoft.com\u003e\r\nCo-authored-by: Alan Jowett \u003calan.jowett@microsoft.com\u003e" }, { "commit": "d24bc130da26fe9ed5bd58db17e99a6268234d89", "tree": "c8d55b46fab914cf89d4f09f13e32a5fe45ec0a4", "parents": [ "5740e693bfcff0a2fc3a25807ad6fc9aff2d0eee" ], "author": { "name": "Alan Jowett", "email": "alanjo@microsoft.com", "time": "Sun Nov 03 20:35:19 2024 -0800" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Sun Nov 03 20:35:19 2024 -0800" }, "message": "Set timeout correctly (#599)\n\nSigned-off-by: Alan Jowett \u003calan.jowett@microsoft.com\u003e\r\nCo-authored-by: Alan Jowett \u003calan.jowett@microsoft.com\u003e" }, { "commit": "5740e693bfcff0a2fc3a25807ad6fc9aff2d0eee", "tree": "dce4bea2db89e0ad5126c68b4d3e3ad3549428d6", "parents": [ "f0e089725de2c71f0737fe7d4cd83dec4d4268a7" ], "author": { "name": "dependabot[bot]", "email": "49699333+dependabot[bot]@users.noreply.github.com", "time": "Mon Nov 04 04:34:34 2024 +0000" }, "committer": { "name": "GitHub", "email": "noreply@github.com", "time": "Mon Nov 04 04:34:34 2024 +0000" }, "message": "build(deps): bump actions/dependency-review-action in the actions group (#598)\n\n" } ], "next": "f0e089725de2c71f0737fe7d4cd83dec4d4268a7" }