grsecurity.net/how_autoslab_… nice article here. We're shipping, in iOS 15 and aligned releases, a protection with a very similar spirit. we call it kalloc_type(). Our impl has different characteristics, e.g. XNU has zone sequestering, so cross-zone attacks isn't a thing.

Based on the API name, I assume this isn't used for everything? It's not clear from the current blog (since the purpose was the security eval, not debugging or other aspects), but we get some nice properties out of having AUTOSLAB applied to everything:

We typically do not comment on future roadmaps so I won’t go in details. But yes unlike autoslab we rely on manual adoption and it isn’t thorough yet, and covers zones (~= sub-page) for now. We are indeed type based which gives us precise free sites (the free site pins types)