diff options
| author | Ramon de C Valle <rcvalle@users.noreply.github.com> | 2024-02-01 13:16:30 -0800 |
|---|---|---|
| committer | Ramon de C Valle <rcvalle@users.noreply.github.com> | 2024-03-01 18:50:40 -0800 |
| commit | dee4e02102197adc29be9bf98083297dd3f5e2ed (patch) | |
| tree | 510d1bc6652086782ea25e69a0a0b2a985f623aa /src | |
| parent | eaee1e9453bfb4e1fb3753aa37450bb47cd7629d (diff) | |
| download | rust-dee4e02102197adc29be9bf98083297dd3f5e2ed.tar.gz rust-dee4e02102197adc29be9bf98083297dd3f5e2ed.zip | |
Add initial support for DataFlowSanitizer
Adds initial support for DataFlowSanitizer to the Rust compiler. It currently supports `-Zsanitizer-dataflow-abilist`. Additional options for it can be passed to LLVM command line argument processor via LLVM arguments using `llvm-args` codegen option (e.g., `-Cllvm-args=-dfsan-combine-pointer-labels-on-load=false`).
Diffstat (limited to 'src')
| -rwxr-xr-x | src/bootstrap/configure.py | 2 | ||||
| -rw-r--r-- | src/bootstrap/download-ci-llvm-stamp | 2 | ||||
| -rw-r--r-- | src/bootstrap/src/core/build_steps/llvm.rs | 2 | ||||
| -rw-r--r-- | src/doc/unstable-book/src/compiler-flags/sanitizer.md | 34 | ||||
| -rw-r--r-- | src/tools/compiletest/src/common.rs | 1 | ||||
| -rw-r--r-- | src/tools/compiletest/src/header/needs.rs | 7 | ||||
| -rw-r--r-- | src/tools/tidy/src/ui_tests.rs | 1 |
7 files changed, 42 insertions, 7 deletions
diff --git a/src/bootstrap/configure.py b/src/bootstrap/configure.py index d34c19a47e3..8b65e8ff9c3 100755 --- a/src/bootstrap/configure.py +++ b/src/bootstrap/configure.py @@ -48,7 +48,7 @@ o("codegen-tests", "rust.codegen-tests", "run the tests/codegen tests") o("ninja", "llvm.ninja", "build LLVM using the Ninja generator (for MSVC, requires building in the correct environment)") o("locked-deps", "build.locked-deps", "force Cargo.lock to be up to date") o("vendor", "build.vendor", "enable usage of vendored Rust crates") -o("sanitizers", "build.sanitizers", "build the sanitizer runtimes (asan, lsan, msan, tsan, hwasan)") +o("sanitizers", "build.sanitizers", "build the sanitizer runtimes (asan, dfsan, lsan, msan, tsan, hwasan)") o("dist-src", "rust.dist-src", "when building tarballs enables building a source tarball") o("cargo-native-static", "build.cargo-native-static", "static native libraries in cargo") o("profiler", "build.profiler", "build the profiler runtime") diff --git a/src/bootstrap/download-ci-llvm-stamp b/src/bootstrap/download-ci-llvm-stamp index 9998fe2f5db..bd1f9699c3c 100644 --- a/src/bootstrap/download-ci-llvm-stamp +++ b/src/bootstrap/download-ci-llvm-stamp @@ -1,4 +1,4 @@ Change this file to make users of the `download-ci-llvm` configuration download a new version of LLVM from CI, even if the LLVM submodule hasn’t changed. -Last change is for: https://github.com/rust-lang/rust/pull/116881 +Last change is for: https://github.com/rust-lang/rust/pull/120761 diff --git a/src/bootstrap/src/core/build_steps/llvm.rs b/src/bootstrap/src/core/build_steps/llvm.rs index 0681289a94f..701bd585eee 100644 --- a/src/bootstrap/src/core/build_steps/llvm.rs +++ b/src/bootstrap/src/core/build_steps/llvm.rs @@ -1088,7 +1088,7 @@ fn supported_sanitizers( "x86_64-unknown-illumos" => common_libs("illumos", "x86_64", &["asan"]), "x86_64-pc-solaris" => common_libs("solaris", "x86_64", &["asan"]), "x86_64-unknown-linux-gnu" => { - common_libs("linux", "x86_64", &["asan", "lsan", "msan", "safestack", "tsan"]) + common_libs("linux", "x86_64", &["asan", "dfsan", "lsan", "msan", "safestack", "tsan"]) } "x86_64-unknown-linux-musl" => { common_libs("linux", "x86_64", &["asan", "lsan", "msan", "tsan"]) diff --git a/src/doc/unstable-book/src/compiler-flags/sanitizer.md b/src/doc/unstable-book/src/compiler-flags/sanitizer.md index 523617eb3e1..c8fd154a00e 100644 --- a/src/doc/unstable-book/src/compiler-flags/sanitizer.md +++ b/src/doc/unstable-book/src/compiler-flags/sanitizer.md @@ -29,6 +29,8 @@ This feature allows for use of one of following sanitizers: * Those that apart from testing, may be used in production: * [ControlFlowIntegrity](#controlflowintegrity) LLVM Control Flow Integrity (CFI) provides forward-edge control flow protection. + * [DataFlowSanitizer](#dataflowsanitizer) a generic dynamic data flow analysis + framework. * [KernelControlFlowIntegrity](#kernelcontrolflowintegrity) LLVM Kernel Control Flow Integrity (KCFI) provides forward-edge control flow protection for operating systems kernels. @@ -39,14 +41,21 @@ This feature allows for use of one of following sanitizers: * [ShadowCallStack](#shadowcallstack) provides backward-edge control flow protection (aarch64 only). -To enable a sanitizer compile with `-Zsanitizer=address`,`-Zsanitizer=cfi`, -`-Zsanitizer=hwaddress`, `-Zsanitizer=leak`, `-Zsanitizer=memory`, -`-Zsanitizer=memtag`, `-Zsanitizer=shadow-call-stack`, or `-Zsanitizer=thread`. -You might also need the `--target` and `build-std` flags. Example: +To enable a sanitizer compile with `-Zsanitizer=address`, `-Zsanitizer=cfi`, +`-Zsanitizer=dataflow`,`-Zsanitizer=hwaddress`, `-Zsanitizer=leak`, +`-Zsanitizer=memory`, `-Zsanitizer=memtag`, `-Zsanitizer=shadow-call-stack`, or +`-Zsanitizer=thread`. You might also need the `--target` and `build-std` flags. + +Example: ```shell $ RUSTFLAGS=-Zsanitizer=address cargo build -Zbuild-std --target x86_64-unknown-linux-gnu ``` +Additional options for sanitizers can be passed to LLVM command line argument +processor via LLVM arguments using `llvm-args` codegen option (e.g., +`-Cllvm-args=-dfsan-combine-pointer-labels-on-load=false`). See the sanitizer +documentation for more information about additional options. + # AddressSanitizer AddressSanitizer is a memory error detector. It can detect the following types @@ -639,6 +648,21 @@ LLVM KCFI is supported on the following targets: See the [Clang KernelControlFlowIntegrity documentation][clang-kcfi] for more details. +# DataFlowSanitizer + +DataFlowSanitizer is a generalised dynamic data flow analysis. + +Unlike other Sanitizer tools, this tool is not designed to detect a specific +class of bugs on its own. Instead, it provides a generic dynamic data flow +analysis framework to be used by clients to help detect application-specific +issues within their own code. + +DataFlowSanitizer is supported on the following targets: + +* `x86_64-unknown-linux-gnu` + +See the [Clang DataFlowSanitizer documentation][clang-dataflow] for more details. + # KernelAddressSanitizer KernelAddressSanitizer (KASAN) is a freestanding version of AddressSanitizer @@ -849,6 +873,7 @@ Sanitizers produce symbolized stacktraces when llvm-symbolizer binary is in `PAT * [Sanitizers project page](https://github.com/google/sanitizers/wiki/) * [AddressSanitizer in Clang][clang-asan] * [ControlFlowIntegrity in Clang][clang-cfi] +* [DataFlowSanitizer in Clang][clang-dataflow] * [HWAddressSanitizer in Clang][clang-hwasan] * [Linux Kernel's KernelAddressSanitizer documentation][linux-kasan] * [LeakSanitizer in Clang][clang-lsan] @@ -858,6 +883,7 @@ Sanitizers produce symbolized stacktraces when llvm-symbolizer binary is in `PAT [clang-asan]: https://clang.llvm.org/docs/AddressSanitizer.html [clang-cfi]: https://clang.llvm.org/docs/ControlFlowIntegrity.html +[clang-dataflow]: https://clang.llvm.org/docs/DataFlowSanitizer.html [clang-hwasan]: https://clang.llvm.org/docs/HardwareAssistedAddressSanitizerDesign.html [clang-kcfi]: https://clang.llvm.org/docs/ControlFlowIntegrity.html#fsanitize-kcfi [clang-lsan]: https://clang.llvm.org/docs/LeakSanitizer.html diff --git a/src/tools/compiletest/src/common.rs b/src/tools/compiletest/src/common.rs index 49f1226e2cc..bfe6c959e7c 100644 --- a/src/tools/compiletest/src/common.rs +++ b/src/tools/compiletest/src/common.rs @@ -156,6 +156,7 @@ impl PanicStrategy { pub enum Sanitizer { Address, Cfi, + Dataflow, Kcfi, KernelAddress, Leak, diff --git a/src/tools/compiletest/src/header/needs.rs b/src/tools/compiletest/src/header/needs.rs index 9b22b2112a8..39786588150 100644 --- a/src/tools/compiletest/src/header/needs.rs +++ b/src/tools/compiletest/src/header/needs.rs @@ -30,6 +30,11 @@ pub(super) fn handle_needs( ignore_reason: "ignored on targets without CFI sanitizer", }, Need { + name: "needs-sanitizer-dataflow", + condition: cache.sanitizer_dataflow, + ignore_reason: "ignored on targets without dataflow sanitizer", + }, + Need { name: "needs-sanitizer-kcfi", condition: cache.sanitizer_kcfi, ignore_reason: "ignored on targets without kernel CFI sanitizer", @@ -190,6 +195,7 @@ pub(super) struct CachedNeedsConditions { sanitizer_support: bool, sanitizer_address: bool, sanitizer_cfi: bool, + sanitizer_dataflow: bool, sanitizer_kcfi: bool, sanitizer_kasan: bool, sanitizer_leak: bool, @@ -229,6 +235,7 @@ impl CachedNeedsConditions { sanitizer_support: std::env::var_os("RUSTC_SANITIZER_SUPPORT").is_some(), sanitizer_address: sanitizers.contains(&Sanitizer::Address), sanitizer_cfi: sanitizers.contains(&Sanitizer::Cfi), + sanitizer_dataflow: sanitizers.contains(&Sanitizer::Dataflow), sanitizer_kcfi: sanitizers.contains(&Sanitizer::Kcfi), sanitizer_kasan: sanitizers.contains(&Sanitizer::KernelAddress), sanitizer_leak: sanitizers.contains(&Sanitizer::Leak), diff --git a/src/tools/tidy/src/ui_tests.rs b/src/tools/tidy/src/ui_tests.rs index 920fe16a9fc..8899a55b2df 100644 --- a/src/tools/tidy/src/ui_tests.rs +++ b/src/tools/tidy/src/ui_tests.rs @@ -43,6 +43,7 @@ const EXTENSION_EXCEPTION_PATHS: &[&str] = &[ "tests/ui/macros/syntax-extension-source-utils-files/includeme.fragment", // more include "tests/ui/proc-macro/auxiliary/included-file.txt", // more include "tests/ui/invalid/foo.natvis.xml", // sample debugger visualizer + "tests/ui/sanitizer/dataflow-abilist.txt", // dataflow sanitizer ABI list file "tests/ui/shell-argfiles/shell-argfiles.args", // passing args via a file "tests/ui/shell-argfiles/shell-argfiles-badquotes.args", // passing args via a file "tests/ui/shell-argfiles/shell-argfiles-via-argfile-shell.args", // passing args via a file |