diff options
| author | Bastian Kersting <bkersting@google.com> | 2025-06-18 12:53:34 +0000 |
|---|---|---|
| committer | Bastian Kersting <bkersting@google.com> | 2025-08-18 08:30:00 +0000 |
| commit | 3ef065bf872ce62a18336dca0daf47b3e9f7da64 (patch) | |
| tree | b4dccd0b519642cac3b2f057995f5b378c8abc01 | |
| parent | 425a9c0a0e365c0b8c6cfd00c2ded83a73bed9a0 (diff) | |
| download | rust-3ef065bf872ce62a18336dca0daf47b3e9f7da64.tar.gz rust-3ef065bf872ce62a18336dca0daf47b3e9f7da64.zip | |
Implement the #[sanitize(..)] attribute
This change implements the #[sanitize(..)] attribute, which opts to
replace the currently unstable #[no_sanitize]. Essentially the new
attribute works similar as #[no_sanitize], just with more flexible
options regarding where it is applied. E.g. it is possible to turn
a certain sanitizer either on or off:
`#[sanitize(address = "on|off")]`
This attribute now also applies to more places, e.g. it is possible
to turn off a sanitizer for an entire module or impl block:
```rust
\#[sanitize(address = "off")]
mod foo {
fn unsanitized(..) {}
#[sanitize(address = "on")]
fn sanitized(..) {}
}
\#[sanitize(thread = "off")]
impl MyTrait for () {
...
}
```
This attribute is enabled behind the unstable `sanitize` feature.
21 files changed, 771 insertions, 7 deletions
diff --git a/compiler/rustc_codegen_ssa/messages.ftl b/compiler/rustc_codegen_ssa/messages.ftl index b6cfea88363..75cc60587b8 100644 --- a/compiler/rustc_codegen_ssa/messages.ftl +++ b/compiler/rustc_codegen_ssa/messages.ftl @@ -174,6 +174,9 @@ codegen_ssa_invalid_monomorphization_unsupported_symbol_of_size = invalid monomo codegen_ssa_invalid_no_sanitize = invalid argument for `no_sanitize` .note = expected one of: `address`, `cfi`, `hwaddress`, `kcfi`, `memory`, `memtag`, `shadow-call-stack`, or `thread` +codegen_ssa_invalid_sanitize = invalid argument for `sanitize` + .note = expected one of: `address`, `cfi`, `hwaddress`, `kcfi`, `memory`, `memtag`, `shadow-call-stack`, or `thread` + codegen_ssa_invalid_windows_subsystem = invalid windows subsystem `{$subsystem}`, only `windows` and `console` are allowed codegen_ssa_ld64_unimplemented_modifier = `as-needed` modifier not implemented yet for ld64 diff --git a/compiler/rustc_codegen_ssa/src/codegen_attrs.rs b/compiler/rustc_codegen_ssa/src/codegen_attrs.rs index af70f0deb07..068559497dd 100644 --- a/compiler/rustc_codegen_ssa/src/codegen_attrs.rs +++ b/compiler/rustc_codegen_ssa/src/codegen_attrs.rs @@ -162,6 +162,7 @@ fn parse_patchable_function_entry( struct InterestingAttributeDiagnosticSpans { link_ordinal: Option<Span>, no_sanitize: Option<Span>, + sanitize: Option<Span>, inline: Option<Span>, no_mangle: Option<Span>, } @@ -335,6 +336,7 @@ fn process_builtin_attrs( codegen_fn_attrs.no_sanitize |= parse_no_sanitize_attr(tcx, attr).unwrap_or_default(); } + sym::sanitize => interesting_spans.sanitize = Some(attr.span()), sym::instruction_set => { codegen_fn_attrs.instruction_set = parse_instruction_set_attr(tcx, attr) } @@ -358,6 +360,8 @@ fn apply_overrides(tcx: TyCtxt<'_>, did: LocalDefId, codegen_fn_attrs: &mut Code codegen_fn_attrs.alignment = Ord::max(codegen_fn_attrs.alignment, tcx.sess.opts.unstable_opts.min_function_alignment); + // Compute the disabled sanitizers. + codegen_fn_attrs.no_sanitize |= tcx.disabled_sanitizers_for(did); // On trait methods, inherit the `#[align]` of the trait's method prototype. codegen_fn_attrs.alignment = Ord::max(codegen_fn_attrs.alignment, tcx.inherited_align(did)); @@ -463,6 +467,17 @@ fn check_result( lint.span_note(inline_span, "inlining requested here"); }) } + if !codegen_fn_attrs.no_sanitize.is_empty() + && codegen_fn_attrs.inline.always() + && let (Some(sanitize_span), Some(inline_span)) = + (interesting_spans.sanitize, interesting_spans.inline) + { + let hir_id = tcx.local_def_id_to_hir_id(did); + tcx.node_span_lint(lint::builtin::INLINE_NO_SANITIZE, hir_id, sanitize_span, |lint| { + lint.primary_message("setting `sanitize` off will have no effect after inlining"); + lint.span_note(inline_span, "inlining requested here"); + }) + } // error when specifying link_name together with link_ordinal if let Some(_) = codegen_fn_attrs.link_name @@ -585,6 +600,84 @@ fn opt_trait_item(tcx: TyCtxt<'_>, def_id: DefId) -> Option<DefId> { } } +/// For an attr that has the `sanitize` attribute, read the list of +/// disabled sanitizers. +fn parse_sanitize_attr(tcx: TyCtxt<'_>, attr: &Attribute) -> SanitizerSet { + let mut result = SanitizerSet::empty(); + if let Some(list) = attr.meta_item_list() { + for item in list.iter() { + let MetaItemInner::MetaItem(set) = item else { + tcx.dcx().emit_err(errors::InvalidSanitize { span: attr.span() }); + break; + }; + let segments = set.path.segments.iter().map(|x| x.ident.name).collect::<Vec<_>>(); + match segments.as_slice() { + [sym::address] if set.value_str() == Some(sym::off) => { + result |= SanitizerSet::ADDRESS | SanitizerSet::KERNELADDRESS + } + [sym::address] if set.value_str() == Some(sym::on) => { + result &= !SanitizerSet::ADDRESS; + result &= !SanitizerSet::KERNELADDRESS; + } + [sym::cfi] if set.value_str() == Some(sym::off) => result |= SanitizerSet::CFI, + [sym::cfi] if set.value_str() == Some(sym::on) => result &= !SanitizerSet::CFI, + [sym::kcfi] if set.value_str() == Some(sym::off) => result |= SanitizerSet::KCFI, + [sym::kcfi] if set.value_str() == Some(sym::on) => result &= !SanitizerSet::KCFI, + [sym::memory] if set.value_str() == Some(sym::off) => { + result |= SanitizerSet::MEMORY + } + [sym::memory] if set.value_str() == Some(sym::on) => { + result &= !SanitizerSet::MEMORY + } + [sym::memtag] if set.value_str() == Some(sym::off) => { + result |= SanitizerSet::MEMTAG + } + [sym::memtag] if set.value_str() == Some(sym::on) => { + result &= !SanitizerSet::MEMTAG + } + [sym::shadow_call_stack] if set.value_str() == Some(sym::off) => { + result |= SanitizerSet::SHADOWCALLSTACK + } + [sym::shadow_call_stack] if set.value_str() == Some(sym::on) => { + result &= !SanitizerSet::SHADOWCALLSTACK + } + [sym::thread] if set.value_str() == Some(sym::off) => { + result |= SanitizerSet::THREAD + } + [sym::thread] if set.value_str() == Some(sym::on) => { + result &= !SanitizerSet::THREAD + } + [sym::hwaddress] if set.value_str() == Some(sym::off) => { + result |= SanitizerSet::HWADDRESS + } + [sym::hwaddress] if set.value_str() == Some(sym::on) => { + result &= !SanitizerSet::HWADDRESS + } + _ => { + tcx.dcx().emit_err(errors::InvalidSanitize { span: attr.span() }); + } + } + } + } + result +} + +fn disabled_sanitizers_for(tcx: TyCtxt<'_>, did: LocalDefId) -> SanitizerSet { + // Check for a sanitize annotation directly on this def. + if let Some(attr) = tcx.get_attr(did, sym::sanitize) { + return parse_sanitize_attr(tcx, attr); + } + + // Otherwise backtrack. + match tcx.opt_local_parent(did) { + // Check the parent (recursively). + Some(parent) => tcx.disabled_sanitizers_for(parent), + // We reached the crate root without seeing an attribute, so + // there is no sanitizers to exclude. + None => SanitizerSet::empty(), + } +} + /// Checks if the provided DefId is a method in a trait impl for a trait which has track_caller /// applied to the method prototype. fn should_inherit_track_caller(tcx: TyCtxt<'_>, def_id: DefId) -> bool { @@ -709,6 +802,11 @@ pub fn autodiff_attrs(tcx: TyCtxt<'_>, id: DefId) -> Option<AutoDiffAttrs> { } pub(crate) fn provide(providers: &mut Providers) { - *providers = - Providers { codegen_fn_attrs, should_inherit_track_caller, inherited_align, ..*providers }; + *providers = Providers { + codegen_fn_attrs, + should_inherit_track_caller, + inherited_align, + disabled_sanitizers_for, + ..*providers + }; } diff --git a/compiler/rustc_codegen_ssa/src/errors.rs b/compiler/rustc_codegen_ssa/src/errors.rs index 7ac830bcda9..913e0025f2e 100644 --- a/compiler/rustc_codegen_ssa/src/errors.rs +++ b/compiler/rustc_codegen_ssa/src/errors.rs @@ -1129,6 +1129,14 @@ pub(crate) struct InvalidNoSanitize { } #[derive(Diagnostic)] +#[diag(codegen_ssa_invalid_sanitize)] +#[note] +pub(crate) struct InvalidSanitize { + #[primary_span] + pub span: Span, +} + +#[derive(Diagnostic)] #[diag(codegen_ssa_target_feature_safe_trait)] pub(crate) struct TargetFeatureSafeTrait { #[primary_span] diff --git a/compiler/rustc_feature/src/builtin_attrs.rs b/compiler/rustc_feature/src/builtin_attrs.rs index 6fbedaf5b10..14fbf12f150 100644 --- a/compiler/rustc_feature/src/builtin_attrs.rs +++ b/compiler/rustc_feature/src/builtin_attrs.rs @@ -746,6 +746,10 @@ pub static BUILTIN_ATTRIBUTES: &[BuiltinAttribute] = &[ EncodeCrossCrate::No, experimental!(no_sanitize) ), gated!( + sanitize, Normal, template!(List: &[r#"address = "on|off""#, r#"kernel_address = "on|off""#, r#"cfi = "on|off""#, r#"hwaddress = "on|off""#, r#"kcfi = "on|off""#, r#"memory = "on|off""#, r#"memtag = "on|off""#, r#"shadow_call_stack = "on|off""#, r#"thread = "on|off""#]), ErrorPreceding, + EncodeCrossCrate::No, sanitize, experimental!(sanitize), + ), + gated!( coverage, Normal, template!(OneOf: &[sym::off, sym::on]), ErrorPreceding, EncodeCrossCrate::No, coverage_attribute, experimental!(coverage) diff --git a/compiler/rustc_feature/src/unstable.rs b/compiler/rustc_feature/src/unstable.rs index 07f928b8c88..4fb4b7fc8b7 100644 --- a/compiler/rustc_feature/src/unstable.rs +++ b/compiler/rustc_feature/src/unstable.rs @@ -626,6 +626,8 @@ declare_features! ( (unstable, return_type_notation, "1.70.0", Some(109417)), /// Allows `extern "rust-cold"`. (unstable, rust_cold_cc, "1.63.0", Some(97544)), + /// Allows the use of the `sanitize` attribute. + (unstable, sanitize, "CURRENT_RUSTC_VERSION", Some(39699)), /// Allows the use of SIMD types in functions declared in `extern` blocks. (unstable, simd_ffi, "1.0.0", Some(27731)), /// Allows specialization of implementations (RFC 1210). diff --git a/compiler/rustc_middle/src/query/erase.rs b/compiler/rustc_middle/src/query/erase.rs index a8b357bf105..ea62461ebeb 100644 --- a/compiler/rustc_middle/src/query/erase.rs +++ b/compiler/rustc_middle/src/query/erase.rs @@ -343,6 +343,7 @@ trivial! { rustc_span::Symbol, rustc_span::Ident, rustc_target::spec::PanicStrategy, + rustc_target::spec::SanitizerSet, rustc_type_ir::Variance, u32, usize, diff --git a/compiler/rustc_middle/src/query/mod.rs b/compiler/rustc_middle/src/query/mod.rs index f4d0120a2e7..3bb8353f49e 100644 --- a/compiler/rustc_middle/src/query/mod.rs +++ b/compiler/rustc_middle/src/query/mod.rs @@ -100,7 +100,7 @@ use rustc_session::lint::LintExpectationId; use rustc_span::def_id::LOCAL_CRATE; use rustc_span::source_map::Spanned; use rustc_span::{DUMMY_SP, Span, Symbol}; -use rustc_target::spec::PanicStrategy; +use rustc_target::spec::{PanicStrategy, SanitizerSet}; use {rustc_abi as abi, rustc_ast as ast, rustc_hir as hir}; use crate::infer::canonical::{self, Canonical}; @@ -2686,6 +2686,16 @@ rustc_queries! { desc { |tcx| "looking up anon const kind of `{}`", tcx.def_path_str(def_id) } separate_provide_extern } + + /// Checks for the nearest `#[sanitize(xyz = "off")]` or + /// `#[sanitize(xyz = "on")]` on this def and any enclosing defs, up to the + /// crate root. + /// + /// Returns the set of sanitizers that is explicitly disabled for this def. + query disabled_sanitizers_for(key: LocalDefId) -> SanitizerSet { + desc { |tcx| "checking what set of sanitizers are enabled on `{}`", tcx.def_path_str(key) } + feedable + } } rustc_with_all_queries! { define_callbacks! } diff --git a/compiler/rustc_passes/messages.ftl b/compiler/rustc_passes/messages.ftl index 7481b0ea960..0e9d556afdd 100644 --- a/compiler/rustc_passes/messages.ftl +++ b/compiler/rustc_passes/messages.ftl @@ -542,6 +542,12 @@ passes_rustc_pub_transparent = attribute should be applied to `#[repr(transparent)]` types .label = not a `#[repr(transparent)]` type +passes_sanitize_attribute_not_allowed = + sanitize attribute not allowed here + .not_fn_impl_mod = not a function, impl block, or module + .no_body = function has no body + .help = sanitize attribute can be applied to a function (with body), impl block, or module + passes_should_be_applied_to_fn = attribute should be applied to a function definition .label = {$on_crate -> diff --git a/compiler/rustc_passes/src/check_attr.rs b/compiler/rustc_passes/src/check_attr.rs index 0e28c51e981..e51f3657eaa 100644 --- a/compiler/rustc_passes/src/check_attr.rs +++ b/compiler/rustc_passes/src/check_attr.rs @@ -261,6 +261,9 @@ impl<'tcx> CheckAttrVisitor<'tcx> { [sym::no_sanitize, ..] => { self.check_no_sanitize(attr, span, target) } + [sym::sanitize, ..] => { + self.check_sanitize(attr, span, target) + } [sym::thread_local, ..] => self.check_thread_local(attr, span, target), [sym::doc, ..] => self.check_doc_attrs( attr, @@ -518,6 +521,46 @@ impl<'tcx> CheckAttrVisitor<'tcx> { } } + /// Checks that the `#[sanitize(..)]` attribute is applied to a + /// function/closure/method, or to an impl block or module. + fn check_sanitize(&self, attr: &Attribute, target_span: Span, target: Target) { + let mut not_fn_impl_mod = None; + let mut no_body = None; + + if let Some(list) = attr.meta_item_list() { + for item in list.iter() { + let MetaItemInner::MetaItem(set) = item else { + return; + }; + let segments = set.path.segments.iter().map(|x| x.ident.name).collect::<Vec<_>>(); + match target { + Target::Fn + | Target::Closure + | Target::Method(MethodKind::Trait { body: true } | MethodKind::Inherent) + | Target::Impl { .. } + | Target::Mod => return, + Target::Static if matches!(segments.as_slice(), [sym::address]) => return, + + // These are "functions", but they aren't allowed because they don't + // have a body, so the usual explanation would be confusing. + Target::Method(MethodKind::Trait { body: false }) | Target::ForeignFn => { + no_body = Some(target_span); + } + + _ => { + not_fn_impl_mod = Some(target_span); + } + } + } + self.dcx().emit_err(errors::SanitizeAttributeNotAllowed { + attr_span: attr.span(), + not_fn_impl_mod, + no_body, + help: (), + }); + } + } + /// Checks if `#[naked]` is applied to a function definition. fn check_naked(&self, hir_id: HirId, target: Target) { match target { @@ -561,7 +604,6 @@ impl<'tcx> CheckAttrVisitor<'tcx> { } } } - /// Checks if `#[collapse_debuginfo]` is applied to a macro. fn check_collapse_debuginfo(&self, attr: &Attribute, span: Span, target: Target) { match target { diff --git a/compiler/rustc_passes/src/errors.rs b/compiler/rustc_passes/src/errors.rs index c5d5155d0e5..bd608dc2fee 100644 --- a/compiler/rustc_passes/src/errors.rs +++ b/compiler/rustc_passes/src/errors.rs @@ -1499,6 +1499,23 @@ pub(crate) struct NoSanitize<'a> { pub attr_str: &'a str, } +/// "sanitize attribute not allowed here" +#[derive(Diagnostic)] +#[diag(passes_sanitize_attribute_not_allowed)] +pub(crate) struct SanitizeAttributeNotAllowed { + #[primary_span] + pub attr_span: Span, + /// "not a function, impl block, or module" + #[label(passes_not_fn_impl_mod)] + pub not_fn_impl_mod: Option<Span>, + /// "function has no body" + #[label(passes_no_body)] + pub no_body: Option<Span>, + /// "sanitize attribute can be applied to a function (with body), impl block, or module" + #[help] + pub help: (), +} + // FIXME(jdonszelmann): move back to rustc_attr #[derive(Diagnostic)] #[diag(passes_rustc_const_stable_indirect_pairing)] diff --git a/tests/codegen-llvm/sanitizer/sanitize-off.rs b/tests/codegen-llvm/sanitizer/sanitize-off.rs new file mode 100644 index 00000000000..0b0c01ed962 --- /dev/null +++ b/tests/codegen-llvm/sanitizer/sanitize-off.rs @@ -0,0 +1,118 @@ +// Verifies that the `#[sanitize(address = "off")]` attribute can be used to +// selectively disable sanitizer instrumentation. +// +//@ needs-sanitizer-address +//@ compile-flags: -Zsanitizer=address -Ctarget-feature=-crt-static -Copt-level=0 + +#![crate_type = "lib"] +#![feature(sanitize)] + +// CHECK: @UNSANITIZED = constant{{.*}} no_sanitize_address +// CHECK-NOT: @__asan_global_SANITIZED +#[no_mangle] +#[sanitize(address = "off")] +pub static UNSANITIZED: u32 = 0; + +// CHECK: @__asan_global_SANITIZED +#[no_mangle] +pub static SANITIZED: u32 = 0; + +// CHECK-LABEL: ; sanitize_off::unsanitized +// CHECK-NEXT: ; Function Attrs: +// CHECK-NOT: sanitize_address +// CHECK: start: +// CHECK-NOT: call void @__asan_report_load +// CHECK: } +#[sanitize(address = "off")] +pub fn unsanitized(b: &mut u8) -> u8 { + *b +} + +// CHECK-LABEL: ; sanitize_off::sanitized +// CHECK-NEXT: ; Function Attrs: +// CHECK: sanitize_address +// CHECK: start: +// CHECK: call void @__asan_report_load +// CHECK: } +pub fn sanitized(b: &mut u8) -> u8 { + *b +} + +#[sanitize(address = "off")] +pub mod foo { + // CHECK-LABEL: ; sanitize_off::foo::unsanitized + // CHECK-NEXT: ; Function Attrs: + // CHECK-NOT: sanitize_address + // CHECK: start: + // CHECK-NOT: call void @__asan_report_load + // CHECK: } + pub fn unsanitized(b: &mut u8) -> u8 { + *b + } + + // CHECK-LABEL: ; sanitize_off::foo::sanitized + // CHECK-NEXT: ; Function Attrs: + // CHECK: sanitize_address + // CHECK: start: + // CHECK: call void @__asan_report_load + // CHECK: } + #[sanitize(address = "on")] + pub fn sanitized(b: &mut u8) -> u8 { + *b + } +} + +pub trait MyTrait { + fn unsanitized(&self, b: &mut u8) -> u8; + fn sanitized(&self, b: &mut u8) -> u8; + + // CHECK-LABEL: ; sanitize_off::MyTrait::unsanitized_default + // CHECK-NEXT: ; Function Attrs: + // CHECK-NOT: sanitize_address + // CHECK: start: + // CHECK-NOT: call void @__asan_report_load + // CHECK: } + #[sanitize(address = "off")] + fn unsanitized_default(&self, b: &mut u8) -> u8 { + *b + } + + // CHECK-LABEL: ; sanitize_off::MyTrait::sanitized_default + // CHECK-NEXT: ; Function Attrs: + // CHECK: sanitize_address + // CHECK: start: + // CHECK: call void @__asan_report_load + // CHECK: } + fn sanitized_default(&self, b: &mut u8) -> u8 { + *b + } +} + +#[sanitize(address = "off")] +impl MyTrait for () { + // CHECK-LABEL: ; <() as sanitize_off::MyTrait>::unsanitized + // CHECK-NEXT: ; Function Attrs: + // CHECK-NOT: sanitize_address + // CHECK: start: + // CHECK-NOT: call void @__asan_report_load + // CHECK: } + fn unsanitized(&self, b: &mut u8) -> u8 { + *b + } + + // CHECK-LABEL: ; <() as sanitize_off::MyTrait>::sanitized + // CHECK-NEXT: ; Function Attrs: + // CHECK: sanitize_address + // CHECK: start: + // CHECK: call void @__asan_report_load + // CHECK: } + #[sanitize(address = "on")] + fn sanitized(&self, b: &mut u8) -> u8 { + *b + } +} + +pub fn expose_trait(b: &mut u8) -> u8 { + <() as MyTrait>::unsanitized_default(&(), b); + <() as MyTrait>::sanitized_default(&(), b) +} diff --git a/tests/ui/feature-gates/feature-gate-sanitize.rs b/tests/ui/feature-gates/feature-gate-sanitize.rs new file mode 100644 index 00000000000..19656544da0 --- /dev/null +++ b/tests/ui/feature-gates/feature-gate-sanitize.rs @@ -0,0 +1,4 @@ +#[sanitize(address = "on")] +//~^ ERROR the `#[sanitize]` attribute is an experimental feature +fn main() { +} diff --git a/tests/ui/feature-gates/feature-gate-sanitize.stderr b/tests/ui/feature-gates/feature-gate-sanitize.stderr new file mode 100644 index 00000000000..a8e9b4608ac --- /dev/null +++ b/tests/ui/feature-gates/feature-gate-sanitize.stderr @@ -0,0 +1,13 @@ +error[E0658]: the `#[sanitize]` attribute is an experimental feature + --> $DIR/feature-gate-sanitize.rs:1:1 + | +LL | #[sanitize(address = "on")] + | ^^^^^^^^^^^^^^^^^^^^^^^^^^^ + | + = note: see issue #39699 <https://github.com/rust-lang/rust/issues/39699> for more information + = help: add `#![feature(sanitize)]` to the crate attributes to enable + = note: this compiler was built on YYYY-MM-DD; consider upgrading it if it is out of date + +error: aborting due to 1 previous error + +For more information about this error, try `rustc --explain E0658`. diff --git a/tests/ui/sanitize-attr/invalid-sanitize.rs b/tests/ui/sanitize-attr/invalid-sanitize.rs new file mode 100644 index 00000000000..49dc01c8daa --- /dev/null +++ b/tests/ui/sanitize-attr/invalid-sanitize.rs @@ -0,0 +1,22 @@ +#![feature(sanitize)] + +#[sanitize(brontosaurus = "off")] //~ ERROR invalid argument +fn main() { +} + +#[sanitize(address = "off")] //~ ERROR multiple `sanitize` attributes +#[sanitize(address = "off")] +fn multiple_consistent() {} + +#[sanitize(address = "on")] //~ ERROR multiple `sanitize` attributes +#[sanitize(address = "off")] +fn multiple_inconsistent() {} + +#[sanitize(address = "bogus")] //~ ERROR invalid argument for `sanitize` +fn wrong_value() {} + +#[sanitize = "off"] //~ ERROR malformed `sanitize` attribute input +fn name_value () {} + +#[sanitize] //~ ERROR malformed `sanitize` attribute input +fn just_word() {} diff --git a/tests/ui/sanitize-attr/invalid-sanitize.stderr b/tests/ui/sanitize-attr/invalid-sanitize.stderr new file mode 100644 index 00000000000..bd36ce67b96 --- /dev/null +++ b/tests/ui/sanitize-attr/invalid-sanitize.stderr @@ -0,0 +1,82 @@ +error: malformed `sanitize` attribute input + --> $DIR/invalid-sanitize.rs:18:1 + | +LL | #[sanitize = "off"] + | ^^^^^^^^^^^^^^^^^^^ + | +help: the following are the possible correct uses + | +LL - #[sanitize = "off"] +LL + #[sanitize(address = "on|off")] + | +LL - #[sanitize = "off"] +LL + #[sanitize(cfi = "on|off")] + | +LL - #[sanitize = "off"] +LL + #[sanitize(hwaddress = "on|off")] + | +LL - #[sanitize = "off"] +LL + #[sanitize(kcfi = "on|off")] + | + = and 5 other candidates + +error: malformed `sanitize` attribute input + --> $DIR/invalid-sanitize.rs:21:1 + | +LL | #[sanitize] + | ^^^^^^^^^^^ + | +help: the following are the possible correct uses + | +LL | #[sanitize(address = "on|off")] + | ++++++++++++++++++++ +LL | #[sanitize(cfi = "on|off")] + | ++++++++++++++++ +LL | #[sanitize(hwaddress = "on|off")] + | ++++++++++++++++++++++ +LL | #[sanitize(kcfi = "on|off")] + | +++++++++++++++++ + = and 5 other candidates + +error: multiple `sanitize` attributes + --> $DIR/invalid-sanitize.rs:7:1 + | +LL | #[sanitize(address = "off")] + | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ help: remove this attribute + | +note: attribute also specified here + --> $DIR/invalid-sanitize.rs:8:1 + | +LL | #[sanitize(address = "off")] + | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +error: multiple `sanitize` attributes + --> $DIR/invalid-sanitize.rs:11:1 + | +LL | #[sanitize(address = "on")] + | ^^^^^^^^^^^^^^^^^^^^^^^^^^^ help: remove this attribute + | +note: attribute also specified here + --> $DIR/invalid-sanitize.rs:12:1 + | +LL | #[sanitize(address = "off")] + | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +error: invalid argument for `sanitize` + --> $DIR/invalid-sanitize.rs:3:1 + | +LL | #[sanitize(brontosaurus = "off")] + | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + | + = note: expected one of: `address`, `cfi`, `hwaddress`, `kcfi`, `memory`, `memtag`, `shadow-call-stack`, or `thread` + +error: invalid argument for `sanitize` + --> $DIR/invalid-sanitize.rs:15:1 + | +LL | #[sanitize(address = "bogus")] + | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + | + = note: expected one of: `address`, `cfi`, `hwaddress`, `kcfi`, `memory`, `memtag`, `shadow-call-stack`, or `thread` + +error: aborting due to 6 previous errors + diff --git a/tests/ui/sanitize-attr/valid-sanitize.rs b/tests/ui/sanitize-attr/valid-sanitize.rs new file mode 100644 index 00000000000..ebe76fcba04 --- /dev/null +++ b/tests/ui/sanitize-attr/valid-sanitize.rs @@ -0,0 +1,115 @@ +//! Tests where the `#[sanitize(..)]` attribute can and cannot be used. + +#![feature(sanitize)] +#![feature(extern_types)] +#![feature(impl_trait_in_assoc_type)] +#![warn(unused_attributes)] +#![sanitize(address = "off", thread = "on")] + +#[sanitize(address = "off", thread = "on")] +mod submod {} + +#[sanitize(address = "off")] +static FOO: u32 = 0; + +#[sanitize(thread = "off")] //~ ERROR sanitize attribute not allowed here +static BAR: u32 = 0; + +#[sanitize(address = "off")] //~ ERROR sanitize attribute not allowed here +type MyTypeAlias = (); + +#[sanitize(address = "off")] //~ ERROR sanitize attribute not allowed here +trait MyTrait { + #[sanitize(address = "off")] //~ ERROR sanitize attribute not allowed here + const TRAIT_ASSOC_CONST: u32; + + #[sanitize(address = "off")] //~ ERROR sanitize attribute not allowed here + type TraitAssocType; + + #[sanitize(address = "off")] //~ ERROR sanitize attribute not allowed here + fn trait_method(&self); + + #[sanitize(address = "off", thread = "on")] + fn trait_method_with_default(&self) {} + + #[sanitize(address = "off")] //~ ERROR sanitize attribute not allowed here + fn trait_assoc_fn(); +} + +#[sanitize(address = "off")] +impl MyTrait for () { + const TRAIT_ASSOC_CONST: u32 = 0; + + #[sanitize(address = "off")] //~ ERROR sanitize attribute not allowed here + type TraitAssocType = Self; + + #[sanitize(address = "off", thread = "on")] + fn trait_method(&self) {} + #[sanitize(address = "off", thread = "on")] + fn trait_method_with_default(&self) {} + #[sanitize(address = "off", thread = "on")] + fn trait_assoc_fn() {} +} + +trait HasAssocType { + type T; + fn constrain_assoc_type() -> Self::T; +} + +impl HasAssocType for () { + #[sanitize(address = "off")] //~ ERROR sanitize attribute not allowed here + type T = impl Copy; + fn constrain_assoc_type() -> Self::T {} +} + +#[sanitize(address = "off")] //~ ERROR sanitize attribute not allowed here +struct MyStruct { + #[sanitize(address = "off")] //~ ERROR sanitize attribute not allowed here + field: u32, +} + +#[sanitize(address = "off", thread = "on")] +impl MyStruct { + #[sanitize(address = "off", thread = "on")] + fn method(&self) {} + #[sanitize(address = "off", thread = "on")] + fn assoc_fn() {} +} + +extern "C" { + #[sanitize(address = "off", thread = "on")] //~ ERROR sanitize attribute not allowed here + static X: u32; + + #[sanitize(address = "off", thread = "on")] //~ ERROR sanitize attribute not allowed here + type T; + + #[sanitize(address = "off", thread = "on")] //~ ERROR sanitize attribute not allowed here + fn foreign_fn(); +} + +#[sanitize(address = "off", thread = "on")] +fn main() { + #[sanitize(address = "off", thread = "on")] //~ ERROR sanitize attribute not allowed here + let _ = (); + + // Currently not allowed on let statements, even if they bind to a closure. + // It might be nice to support this as a special case someday, but trying + // to define the precise boundaries of that special case might be tricky. + #[sanitize(address = "off")] //~ ERROR sanitize attribute not allowed here + let _let_closure = || (); + + // In situations where attributes can already be applied to expressions, + // the sanitize attribute is allowed on closure expressions. + let _closure_tail_expr = { + #[sanitize(address = "off", thread = "on")] + || () + }; + + match () { + #[sanitize(address = "off")] //~ ERROR sanitize attribute not allowed here + () => (), + } + + #[sanitize(address = "off")] //~ ERROR sanitize attribute not allowed here + return (); +} diff --git a/tests/ui/sanitize-attr/valid-sanitize.stderr b/tests/ui/sanitize-attr/valid-sanitize.stderr new file mode 100644 index 00000000000..ff9fe63eaf5 --- /dev/null +++ b/tests/ui/sanitize-attr/valid-sanitize.stderr @@ -0,0 +1,190 @@ +error: sanitize attribute not allowed here + --> $DIR/valid-sanitize.rs:15:1 + | +LL | #[sanitize(thread = "off")] + | ^^^^^^^^^^^^^^^^^^^^^^^^^^^ +LL | static BAR: u32 = 0; + | -------------------- not a function, impl block, or module + | + = help: sanitize attribute can be applied to a function (with body), impl block, or module + +error: sanitize attribute not allowed here + --> $DIR/valid-sanitize.rs:18:1 + | +LL | #[sanitize(address = "off")] + | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +LL | type MyTypeAlias = (); + | ---------------------- not a function, impl block, or module + | + = help: sanitize attribute can be applied to a function (with body), impl block, or module + +error: sanitize attribute not allowed here + --> $DIR/valid-sanitize.rs:21:1 + | +LL | #[sanitize(address = "off")] + | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +LL | / trait MyTrait { +LL | | #[sanitize(address = "off")] +LL | | const TRAIT_ASSOC_CONST: u32; +... | +LL | | fn trait_assoc_fn(); +LL | | } + | |_- not a function, impl block, or module + | + = help: sanitize attribute can be applied to a function (with body), impl block, or module + +error: sanitize attribute not allowed here + --> $DIR/valid-sanitize.rs:65:1 + | +LL | #[sanitize(address = "off")] + | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +LL | / struct MyStruct { +LL | | #[sanitize(address = "off")] +LL | | field: u32, +LL | | } + | |_- not a function, impl block, or module + | + = help: sanitize attribute can be applied to a function (with body), impl block, or module + +error: sanitize attribute not allowed here + --> $DIR/valid-sanitize.rs:67:5 + | +LL | #[sanitize(address = "off")] + | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +LL | field: u32, + | ---------- not a function, impl block, or module + | + = help: sanitize attribute can be applied to a function (with body), impl block, or module + +error: sanitize attribute not allowed here + --> $DIR/valid-sanitize.rs:92:5 + | +LL | #[sanitize(address = "off", thread = "on")] + | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +LL | let _ = (); + | ----------- not a function, impl block, or module + | + = help: sanitize attribute can be applied to a function (with body), impl block, or module + +error: sanitize attribute not allowed here + --> $DIR/valid-sanitize.rs:98:5 + | +LL | #[sanitize(address = "off")] + | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +LL | let _let_closure = || (); + | ------------------------- not a function, impl block, or module + | + = help: sanitize attribute can be applied to a function (with body), impl block, or module + +error: sanitize attribute not allowed here + --> $DIR/valid-sanitize.rs:109:9 + | +LL | #[sanitize(address = "off")] + | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +LL | () => (), + | -------- not a function, impl block, or module + | + = help: sanitize attribute can be applied to a function (with body), impl block, or module + +error: sanitize attribute not allowed here + --> $DIR/valid-sanitize.rs:113:5 + | +LL | #[sanitize(address = "off")] + | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +LL | return (); + | --------- not a function, impl block, or module + | + = help: sanitize attribute can be applied to a function (with body), impl block, or module + +error: sanitize attribute not allowed here + --> $DIR/valid-sanitize.rs:23:5 + | +LL | #[sanitize(address = "off")] + | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +LL | const TRAIT_ASSOC_CONST: u32; + | ----------------------------- not a function, impl block, or module + | + = help: sanitize attribute can be applied to a function (with body), impl block, or module + +error: sanitize attribute not allowed here + --> $DIR/valid-sanitize.rs:26:5 + | +LL | #[sanitize(address = "off")] + | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +LL | type TraitAssocType; + | -------------------- not a function, impl block, or module + | + = help: sanitize attribute can be applied to a function (with body), impl block, or module + +error: sanitize attribute not allowed here + --> $DIR/valid-sanitize.rs:29:5 + | +LL | #[sanitize(address = "off")] + | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +LL | fn trait_method(&self); + | ----------------------- function has no body + | + = help: sanitize attribute can be applied to a function (with body), impl block, or module + +error: sanitize attribute not allowed here + --> $DIR/valid-sanitize.rs:35:5 + | +LL | #[sanitize(address = "off")] + | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +LL | fn trait_assoc_fn(); + | -------------------- function has no body + | + = help: sanitize attribute can be applied to a function (with body), impl block, or module + +error: sanitize attribute not allowed here + --> $DIR/valid-sanitize.rs:43:5 + | +LL | #[sanitize(address = "off")] + | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +LL | type TraitAssocType = Self; + | --------------------------- not a function, impl block, or module + | + = help: sanitize attribute can be applied to a function (with body), impl block, or module + +error: sanitize attribute not allowed here + --> $DIR/valid-sanitize.rs:60:5 + | +LL | #[sanitize(address = "off")] + | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +LL | type T = impl Copy; + | ------------------- not a function, impl block, or module + | + = help: sanitize attribute can be applied to a function (with body), impl block, or module + +error: sanitize attribute not allowed here + --> $DIR/valid-sanitize.rs:80:5 + | +LL | #[sanitize(address = "off", thread = "on")] + | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +LL | static X: u32; + | -------------- not a function, impl block, or module + | + = help: sanitize attribute can be applied to a function (with body), impl block, or module + +error: sanitize attribute not allowed here + --> $DIR/valid-sanitize.rs:83:5 + | +LL | #[sanitize(address = "off", thread = "on")] + | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +LL | type T; + | ------- not a function, impl block, or module + | + = help: sanitize attribute can be applied to a function (with body), impl block, or module + +error: sanitize attribute not allowed here + --> $DIR/valid-sanitize.rs:86:5 + | +LL | #[sanitize(address = "off", thread = "on")] + | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +LL | fn foreign_fn(); + | ---------------- function has no body + | + = help: sanitize attribute can be applied to a function (with body), impl block, or module + +error: aborting due to 18 previous errors + diff --git a/tests/ui/sanitizer/inline-always-sanitize.rs b/tests/ui/sanitizer/inline-always-sanitize.rs new file mode 100644 index 00000000000..2f1c8bb9c5b --- /dev/null +++ b/tests/ui/sanitizer/inline-always-sanitize.rs @@ -0,0 +1,15 @@ +//@ check-pass + +#![feature(sanitize)] + +#[inline(always)] +//~^ NOTE inlining requested here +#[sanitize(address = "off")] +//~^ WARN setting `sanitize` off will have no effect after inlining +//~| NOTE on by default +fn x() { +} + +fn main() { + x() +} diff --git a/tests/ui/sanitizer/inline-always-sanitize.stderr b/tests/ui/sanitizer/inline-always-sanitize.stderr new file mode 100644 index 00000000000..ed479472169 --- /dev/null +++ b/tests/ui/sanitizer/inline-always-sanitize.stderr @@ -0,0 +1,15 @@ +warning: setting `sanitize` off will have no effect after inlining + --> $DIR/inline-always-sanitize.rs:7:1 + | +LL | #[sanitize(address = "off")] + | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + | +note: inlining requested here + --> $DIR/inline-always-sanitize.rs:5:1 + | +LL | #[inline(always)] + | ^^^^^^^^^^^^^^^^^ + = note: `#[warn(inline_no_sanitize)]` on by default + +warning: 1 warning emitted + diff --git a/tests/ui/sanitizer/inline-always.rs b/tests/ui/sanitizer/inline-always.rs index d92daee3026..a868cd761db 100644 --- a/tests/ui/sanitizer/inline-always.rs +++ b/tests/ui/sanitizer/inline-always.rs @@ -1,7 +1,6 @@ //@ check-pass #![feature(no_sanitize)] - #[inline(always)] //~^ NOTE inlining requested here #[no_sanitize(address)] diff --git a/tests/ui/sanitizer/inline-always.stderr b/tests/ui/sanitizer/inline-always.stderr index 74fba3c0e0e..2ce48b0101d 100644 --- a/tests/ui/sanitizer/inline-always.stderr +++ b/tests/ui/sanitizer/inline-always.stderr @@ -1,11 +1,11 @@ warning: `no_sanitize` will have no effect after inlining - --> $DIR/inline-always.rs:7:1 + --> $DIR/inline-always.rs:6:1 | LL | #[no_sanitize(address)] | ^^^^^^^^^^^^^^^^^^^^^^^ | note: inlining requested here - --> $DIR/inline-always.rs:5:1 + --> $DIR/inline-always.rs:4:1 | LL | #[inline(always)] | ^^^^^^^^^^^^^^^^^ |