From 4d62bf1634aad793631517559fe4d9e3e072a2bd Mon Sep 17 00:00:00 2001 From: bjorn3 <17426603+bjorn3@users.noreply.github.com> Date: Fri, 15 Aug 2025 09:21:18 +0000 Subject: All weak lang items have an explicit link name and vice versa --- compiler/rustc_codegen_ssa/src/codegen_attrs.rs | 15 ++++++--------- 1 file changed, 6 insertions(+), 9 deletions(-) (limited to 'compiler/rustc_codegen_ssa') diff --git a/compiler/rustc_codegen_ssa/src/codegen_attrs.rs b/compiler/rustc_codegen_ssa/src/codegen_attrs.rs index a36a772bc97..7fa37198387 100644 --- a/compiler/rustc_codegen_ssa/src/codegen_attrs.rs +++ b/compiler/rustc_codegen_ssa/src/codegen_attrs.rs @@ -6,7 +6,6 @@ use rustc_ast::{LitKind, MetaItem, MetaItemInner, attr}; use rustc_hir::attrs::{AttributeKind, InlineAttr, InstructionSetAttr, UsedBy}; use rustc_hir::def::DefKind; use rustc_hir::def_id::{DefId, LOCAL_CRATE, LocalDefId}; -use rustc_hir::weak_lang_items::WEAK_LANG_ITEMS; use rustc_hir::{self as hir, Attribute, LangItem, find_attr, lang_items}; use rustc_middle::middle::codegen_fn_attrs::{ CodegenFnAttrFlags, CodegenFnAttrs, PatchableFunctionEntry, @@ -520,14 +519,12 @@ fn handle_lang_items( // strippable by the linker. // // Additionally weak lang items have predetermined symbol names. - if let Some(lang_item) = lang_item { - if WEAK_LANG_ITEMS.contains(&lang_item) { - codegen_fn_attrs.flags |= CodegenFnAttrFlags::RUSTC_STD_INTERNAL_SYMBOL; - } - if let Some(link_name) = lang_item.link_name() { - codegen_fn_attrs.export_name = Some(link_name); - codegen_fn_attrs.link_name = Some(link_name); - } + if let Some(lang_item) = lang_item + && let Some(link_name) = lang_item.link_name() + { + codegen_fn_attrs.flags |= CodegenFnAttrFlags::RUSTC_STD_INTERNAL_SYMBOL; + codegen_fn_attrs.export_name = Some(link_name); + codegen_fn_attrs.link_name = Some(link_name); } // error when using no_mangle on a lang item item -- cgit 1.4.1-3-g733a5 From 460519a7f509756d07dcf187e671a11fde7b3fca Mon Sep 17 00:00:00 2001 From: bjorn3 <17426603+bjorn3@users.noreply.github.com> Date: Fri, 15 Aug 2025 09:37:24 +0000 Subject: Merge link_name and export_name --- compiler/rustc_codegen_llvm/src/attributes.rs | 2 +- compiler/rustc_codegen_ssa/src/base.rs | 2 +- compiler/rustc_codegen_ssa/src/codegen_attrs.rs | 17 +++++++---- compiler/rustc_lint/src/foreign_modules.rs | 2 +- compiler/rustc_metadata/src/native_libs.rs | 2 +- .../rustc_middle/src/middle/codegen_fn_attrs.rs | 17 ++++------- compiler/rustc_symbol_mangling/src/lib.rs | 33 ++++++++-------------- src/tools/miri/src/shims/foreign_items.rs | 2 +- 8 files changed, 33 insertions(+), 44 deletions(-) (limited to 'compiler/rustc_codegen_ssa') diff --git a/compiler/rustc_codegen_llvm/src/attributes.rs b/compiler/rustc_codegen_llvm/src/attributes.rs index c548f467583..35cc013b852 100644 --- a/compiler/rustc_codegen_llvm/src/attributes.rs +++ b/compiler/rustc_codegen_llvm/src/attributes.rs @@ -513,7 +513,7 @@ pub(crate) fn llfn_attrs_from_instance<'ll, 'tcx>( to_add.push(llvm::CreateAttrStringValue(cx.llcx, "wasm-import-module", module)); let name = - codegen_fn_attrs.link_name.unwrap_or_else(|| cx.tcx.item_name(instance.def_id())); + codegen_fn_attrs.symbol_name.unwrap_or_else(|| cx.tcx.item_name(instance.def_id())); let name = name.as_str(); to_add.push(llvm::CreateAttrStringValue(cx.llcx, "wasm-import-name", name)); } diff --git a/compiler/rustc_codegen_ssa/src/base.rs b/compiler/rustc_codegen_ssa/src/base.rs index b4556ced0b3..883212cd07a 100644 --- a/compiler/rustc_codegen_ssa/src/base.rs +++ b/compiler/rustc_codegen_ssa/src/base.rs @@ -857,7 +857,7 @@ pub fn is_call_from_compiler_builtins_to_upstream_monomorphization<'tcx>( instance: Instance<'tcx>, ) -> bool { fn is_llvm_intrinsic(tcx: TyCtxt<'_>, def_id: DefId) -> bool { - if let Some(name) = tcx.codegen_fn_attrs(def_id).link_name { + if let Some(name) = tcx.codegen_fn_attrs(def_id).symbol_name { name.as_str().starts_with("llvm.") } else { false diff --git a/compiler/rustc_codegen_ssa/src/codegen_attrs.rs b/compiler/rustc_codegen_ssa/src/codegen_attrs.rs index 7fa37198387..136b8591f83 100644 --- a/compiler/rustc_codegen_ssa/src/codegen_attrs.rs +++ b/compiler/rustc_codegen_ssa/src/codegen_attrs.rs @@ -189,7 +189,7 @@ fn process_builtin_attrs( match p { AttributeKind::Cold(_) => codegen_fn_attrs.flags |= CodegenFnAttrFlags::COLD, AttributeKind::ExportName { name, .. } => { - codegen_fn_attrs.export_name = Some(*name) + codegen_fn_attrs.symbol_name = Some(*name) } AttributeKind::Inline(inline, span) => { codegen_fn_attrs.inline = *inline; @@ -197,7 +197,13 @@ fn process_builtin_attrs( } AttributeKind::Naked(_) => codegen_fn_attrs.flags |= CodegenFnAttrFlags::NAKED, AttributeKind::Align { align, .. } => codegen_fn_attrs.alignment = Some(*align), - AttributeKind::LinkName { name, .. } => codegen_fn_attrs.link_name = Some(*name), + AttributeKind::LinkName { name, .. } => { + // FIXME Remove check for foreign functions once #[link_name] on non-foreign + // functions is a hard error + if tcx.is_foreign_item(did) { + codegen_fn_attrs.symbol_name = Some(*name); + } + } AttributeKind::LinkOrdinal { ordinal, span } => { codegen_fn_attrs.link_ordinal = Some(*ordinal); interesting_spans.link_ordinal = Some(*span); @@ -417,7 +423,7 @@ fn apply_overrides(tcx: TyCtxt<'_>, did: LocalDefId, codegen_fn_attrs: &mut Code // * `#[rustc_std_internal_symbol]` mangles the symbol name in a special way // both for exports and imports through foreign items. This is handled further, // during symbol mangling logic. - } else if codegen_fn_attrs.link_name.is_some() { + } else if codegen_fn_attrs.symbol_name.is_some() { // * This can be overridden with the `#[link_name]` attribute } else { // NOTE: there's one more exception that we cannot apply here. On wasm, @@ -472,7 +478,7 @@ fn check_result( } // error when specifying link_name together with link_ordinal - if let Some(_) = codegen_fn_attrs.link_name + if let Some(_) = codegen_fn_attrs.symbol_name && let Some(_) = codegen_fn_attrs.link_ordinal { let msg = "cannot use `#[link_name]` with `#[link_ordinal]`"; @@ -523,8 +529,7 @@ fn handle_lang_items( && let Some(link_name) = lang_item.link_name() { codegen_fn_attrs.flags |= CodegenFnAttrFlags::RUSTC_STD_INTERNAL_SYMBOL; - codegen_fn_attrs.export_name = Some(link_name); - codegen_fn_attrs.link_name = Some(link_name); + codegen_fn_attrs.symbol_name = Some(link_name); } // error when using no_mangle on a lang item item diff --git a/compiler/rustc_lint/src/foreign_modules.rs b/compiler/rustc_lint/src/foreign_modules.rs index 759e6c927b8..3267e70f1de 100644 --- a/compiler/rustc_lint/src/foreign_modules.rs +++ b/compiler/rustc_lint/src/foreign_modules.rs @@ -179,7 +179,7 @@ impl ClashingExternDeclarations { /// symbol's name. fn name_of_extern_decl(tcx: TyCtxt<'_>, fi: hir::OwnerId) -> SymbolName { if let Some((overridden_link_name, overridden_link_name_span)) = - tcx.codegen_fn_attrs(fi).link_name.map(|overridden_link_name| { + tcx.codegen_fn_attrs(fi).symbol_name.map(|overridden_link_name| { // FIXME: Instead of searching through the attributes again to get span // information, we could have codegen_fn_attrs also give span information back for // where the attribute was defined. However, until this is found to be a diff --git a/compiler/rustc_metadata/src/native_libs.rs b/compiler/rustc_metadata/src/native_libs.rs index 958e314efab..63f1b51df1c 100644 --- a/compiler/rustc_metadata/src/native_libs.rs +++ b/compiler/rustc_metadata/src/native_libs.rs @@ -701,7 +701,7 @@ impl<'tcx> Collector<'tcx> { .link_ordinal .map_or(import_name_type, |ord| Some(PeImportNameType::Ordinal(ord))); - let name = codegen_fn_attrs.link_name.unwrap_or_else(|| self.tcx.item_name(item)); + let name = codegen_fn_attrs.symbol_name.unwrap_or_else(|| self.tcx.item_name(item)); if self.tcx.sess.target.binary_format == BinaryFormat::Elf { let name = name.as_str(); diff --git a/compiler/rustc_middle/src/middle/codegen_fn_attrs.rs b/compiler/rustc_middle/src/middle/codegen_fn_attrs.rs index 2852c4cbd34..b3a26f3b8ef 100644 --- a/compiler/rustc_middle/src/middle/codegen_fn_attrs.rs +++ b/compiler/rustc_middle/src/middle/codegen_fn_attrs.rs @@ -36,14 +36,10 @@ pub struct CodegenFnAttrs { pub inline: InlineAttr, /// Parsed representation of the `#[optimize]` attribute pub optimize: OptimizeAttr, - /// The `#[export_name = "..."]` attribute, indicating a custom symbol a - /// function should be exported under - pub export_name: Option, - /// The `#[link_name = "..."]` attribute, indicating a custom symbol an - /// imported function should be imported as. Note that `export_name` - /// probably isn't set when this is set, this is for foreign items while - /// `#[export_name]` is for Rust-defined functions. - pub link_name: Option, + /// The name this function will be imported/exported under. This can be set + /// using the `#[export_name = "..."]` or `#[link_name = "..."]` attribute + /// depending on if this is a function definition or foreign function. + pub symbol_name: Option, /// The `#[link_ordinal = "..."]` attribute, indicating an ordinal an /// imported function has in the dynamic library. Note that this must not /// be set when `link_name` is set. This is for foreign items with the @@ -170,8 +166,7 @@ impl CodegenFnAttrs { flags: CodegenFnAttrFlags::empty(), inline: InlineAttr::None, optimize: OptimizeAttr::Default, - export_name: None, - link_name: None, + symbol_name: None, link_ordinal: None, target_features: vec![], safe_target_features: false, @@ -200,7 +195,7 @@ impl CodegenFnAttrs { self.flags.contains(CodegenFnAttrFlags::NO_MANGLE) || self.flags.contains(CodegenFnAttrFlags::RUSTC_STD_INTERNAL_SYMBOL) - || self.export_name.is_some() + || self.symbol_name.is_some() || match self.linkage { // These are private, so make sure we don't try to consider // them external. diff --git a/compiler/rustc_symbol_mangling/src/lib.rs b/compiler/rustc_symbol_mangling/src/lib.rs index 96a501fb0ea..d97ee956525 100644 --- a/compiler/rustc_symbol_mangling/src/lib.rs +++ b/compiler/rustc_symbol_mangling/src/lib.rs @@ -204,13 +204,9 @@ fn compute_symbol_name<'tcx>( // mangling scheme can't be used. For example both the GCC backend and // Rust-for-Linux don't support some of the characters used by the // legacy symbol mangling scheme. - let name = if tcx.is_foreign_item(def_id) { - if let Some(name) = attrs.link_name { name } else { tcx.item_name(def_id) } - } else { - if let Some(name) = attrs.export_name { name } else { tcx.item_name(def_id) } - }; + let name = if let Some(name) = attrs.symbol_name { name } else { tcx.item_name(def_id) }; - return v0::mangle_internal_symbol(tcx, name.as_str()); + return v0::mangle_internal_symbol(tcx, name.as_str()); } let wasm_import_module_exception_force_mangling = { @@ -235,23 +231,16 @@ fn compute_symbol_name<'tcx>( && tcx.wasm_import_module_map(LOCAL_CRATE).contains_key(&def_id.into()) }; - if let Some(name) = attrs.link_name - && !wasm_import_module_exception_force_mangling - { - // Use provided name - return name.to_string(); - } - - if let Some(name) = attrs.export_name { - // Use provided name - return name.to_string(); - } + if !wasm_import_module_exception_force_mangling { + if let Some(name) = attrs.symbol_name { + // Use provided name + return name.to_string(); + } - if attrs.flags.contains(CodegenFnAttrFlags::NO_MANGLE) - && !wasm_import_module_exception_force_mangling - { - // Don't mangle - return tcx.item_name(def_id).to_string(); + if attrs.flags.contains(CodegenFnAttrFlags::NO_MANGLE) { + // Don't mangle + return tcx.item_name(def_id).to_string(); + } } // If we're dealing with an instance of a function that's inlined from diff --git a/src/tools/miri/src/shims/foreign_items.rs b/src/tools/miri/src/shims/foreign_items.rs index 21545b68029..23b1d0c4f6e 100644 --- a/src/tools/miri/src/shims/foreign_items.rs +++ b/src/tools/miri/src/shims/foreign_items.rs @@ -146,7 +146,7 @@ pub trait EvalContextExt<'tcx>: crate::MiriInterpCxExt<'tcx> { return interp_ok(()); } // Skip over items without an explicitly defined symbol name. - if !(attrs.export_name.is_some() + if !(attrs.symbol_name.is_some() || attrs.flags.contains(CodegenFnAttrFlags::NO_MANGLE) || attrs.flags.contains(CodegenFnAttrFlags::RUSTC_STD_INTERNAL_SYMBOL)) { -- cgit 1.4.1-3-g733a5 From c3c2c23e0d96c76f11a307cf3c4cf14a86fd158b Mon Sep 17 00:00:00 2001 From: Samuel Moelius Date: Thu, 3 Apr 2025 20:59:05 -0400 Subject: Extend `QueryStability` to handle `IntoIterator` implementations Fix adjacent code Fix duplicate warning; merge test into `tests/ui-fulldeps/internal-lints` Use `rustc_middle::ty::FnSig::inputs` Address two review comments - https://github.com/rust-lang/rust/pull/139345#discussion_r2109006991 - https://github.com/rust-lang/rust/pull/139345#discussion_r2109058588 Use `Instance::try_resolve` Import `rustc_middle::ty::Ty` as `Ty` rather than `MiddleTy` Simplify predicate handling Add more `#[allow(rustc::potential_query_instability)]` following rebase Remove two `#[allow(rustc::potential_query_instability)]` following rebase Address review comment Update compiler/rustc_lint/src/internal.rs Co-authored-by: lcnr --- compiler/rustc_codegen_ssa/src/target_features.rs | 1 + compiler/rustc_errors/src/emitter.rs | 4 +- compiler/rustc_expand/src/mbe/macro_rules.rs | 1 + compiler/rustc_interface/src/interface.rs | 4 +- compiler/rustc_lint/src/internal.rs | 132 +++++++++++++-------- src/librustdoc/formats/cache.rs | 2 +- .../ui-fulldeps/internal-lints/query_stability.rs | 12 ++ .../internal-lints/query_stability.stderr | 18 ++- 8 files changed, 122 insertions(+), 52 deletions(-) (limited to 'compiler/rustc_codegen_ssa') diff --git a/compiler/rustc_codegen_ssa/src/target_features.rs b/compiler/rustc_codegen_ssa/src/target_features.rs index 7e4341a8236..b5aa50f4851 100644 --- a/compiler/rustc_codegen_ssa/src/target_features.rs +++ b/compiler/rustc_codegen_ssa/src/target_features.rs @@ -180,6 +180,7 @@ fn parse_rust_feature_flag<'a>( while let Some(new_feature) = new_features.pop() { if features.insert(new_feature) { if let Some(implied_features) = inverse_implied_features.get(&new_feature) { + #[allow(rustc::potential_query_instability)] new_features.extend(implied_features) } } diff --git a/compiler/rustc_errors/src/emitter.rs b/compiler/rustc_errors/src/emitter.rs index 97c47fa9b9a..749bba5de12 100644 --- a/compiler/rustc_errors/src/emitter.rs +++ b/compiler/rustc_errors/src/emitter.rs @@ -17,7 +17,7 @@ use std::path::Path; use std::sync::Arc; use derive_setters::Setters; -use rustc_data_structures::fx::{FxHashMap, FxIndexMap, FxIndexSet}; +use rustc_data_structures::fx::{FxIndexMap, FxIndexSet}; use rustc_data_structures::sync::{DynSend, IntoDynSyncSend}; use rustc_error_messages::{FluentArgs, SpanLabel}; use rustc_lexer; @@ -1853,7 +1853,7 @@ impl HumanEmitter { && line_idx + 1 == annotated_file.lines.len(), ); - let mut to_add = FxHashMap::default(); + let mut to_add = FxIndexMap::default(); for (depth, style) in depths { // FIXME(#120456) - is `swap_remove` correct? diff --git a/compiler/rustc_expand/src/mbe/macro_rules.rs b/compiler/rustc_expand/src/mbe/macro_rules.rs index 334f57f9d62..6b57ced56eb 100644 --- a/compiler/rustc_expand/src/mbe/macro_rules.rs +++ b/compiler/rustc_expand/src/mbe/macro_rules.rs @@ -522,6 +522,7 @@ pub(super) fn try_match_macro_attr<'matcher, T: Tracker<'matcher>>( match result { Success(body_named_matches) => { psess.gated_spans.merge(gated_spans_snapshot); + #[allow(rustc::potential_query_instability)] named_matches.extend(body_named_matches); return Ok((i, rule, named_matches)); } diff --git a/compiler/rustc_interface/src/interface.rs b/compiler/rustc_interface/src/interface.rs index c46e879b976..8f131f45bbd 100644 --- a/compiler/rustc_interface/src/interface.rs +++ b/compiler/rustc_interface/src/interface.rs @@ -285,7 +285,9 @@ pub(crate) fn parse_check_cfg(dcx: DiagCtxtHandle<'_>, specs: Vec) -> Ch .expecteds .entry(name.name) .and_modify(|v| match v { - ExpectedValues::Some(v) if !values_any_specified => { + ExpectedValues::Some(v) if !values_any_specified => + { + #[allow(rustc::potential_query_instability)] v.extend(values.clone()) } ExpectedValues::Some(_) => *v = ExpectedValues::Any, diff --git a/compiler/rustc_lint/src/internal.rs b/compiler/rustc_lint/src/internal.rs index 016ff17f5d7..e1fbe39222b 100644 --- a/compiler/rustc_lint/src/internal.rs +++ b/compiler/rustc_lint/src/internal.rs @@ -1,10 +1,10 @@ //! Some lints that are only useful in the compiler or crates that use compiler internals, such as //! Clippy. -use rustc_hir::HirId; use rustc_hir::def::Res; use rustc_hir::def_id::DefId; -use rustc_middle::ty::{self, GenericArgsRef, Ty as MiddleTy}; +use rustc_hir::{Expr, ExprKind, HirId}; +use rustc_middle::ty::{self, ClauseKind, GenericArgsRef, PredicatePolarity, TraitPredicate, Ty}; use rustc_session::{declare_lint_pass, declare_tool_lint}; use rustc_span::hygiene::{ExpnKind, MacroKind}; use rustc_span::{Span, sym}; @@ -56,25 +56,6 @@ impl LateLintPass<'_> for DefaultHashTypes { } } -/// Helper function for lints that check for expressions with calls and use typeck results to -/// get the `DefId` and `GenericArgsRef` of the function. -fn typeck_results_of_method_fn<'tcx>( - cx: &LateContext<'tcx>, - expr: &hir::Expr<'_>, -) -> Option<(Span, DefId, ty::GenericArgsRef<'tcx>)> { - match expr.kind { - hir::ExprKind::MethodCall(segment, ..) - if let Some(def_id) = cx.typeck_results().type_dependent_def_id(expr.hir_id) => - { - Some((segment.ident.span, def_id, cx.typeck_results().node_args(expr.hir_id))) - } - _ => match cx.typeck_results().node_type(expr.hir_id).kind() { - &ty::FnDef(def_id, args) => Some((expr.span, def_id, args)), - _ => None, - }, - } -} - declare_tool_lint! { /// The `potential_query_instability` lint detects use of methods which can lead to /// potential query instability, such as iterating over a `HashMap`. @@ -101,10 +82,12 @@ declare_tool_lint! { declare_lint_pass!(QueryStability => [POTENTIAL_QUERY_INSTABILITY, UNTRACKED_QUERY_INFORMATION]); -impl LateLintPass<'_> for QueryStability { - fn check_expr(&mut self, cx: &LateContext<'_>, expr: &hir::Expr<'_>) { - let Some((span, def_id, args)) = typeck_results_of_method_fn(cx, expr) else { return }; - if let Ok(Some(instance)) = ty::Instance::try_resolve(cx.tcx, cx.typing_env(), def_id, args) +impl<'tcx> LateLintPass<'tcx> for QueryStability { + fn check_expr(&mut self, cx: &LateContext<'tcx>, expr: &'tcx Expr<'tcx>) { + if let Some((callee_def_id, span, generic_args, _recv, _args)) = + get_callee_span_generic_args_and_args(cx, expr) + && let Ok(Some(instance)) = + ty::Instance::try_resolve(cx.tcx, cx.typing_env(), callee_def_id, generic_args) { let def_id = instance.def_id(); if cx.tcx.has_attr(def_id, sym::rustc_lint_query_instability) { @@ -113,7 +96,15 @@ impl LateLintPass<'_> for QueryStability { span, QueryInstability { query: cx.tcx.item_name(def_id) }, ); + } else if has_unstable_into_iter_predicate(cx, callee_def_id, generic_args) { + let call_span = span.with_hi(expr.span.hi()); + cx.emit_span_lint( + POTENTIAL_QUERY_INSTABILITY, + call_span, + QueryInstability { query: sym::into_iter }, + ); } + if cx.tcx.has_attr(def_id, sym::rustc_lint_untracked_query_information) { cx.emit_span_lint( UNTRACKED_QUERY_INFORMATION, @@ -125,6 +116,64 @@ impl LateLintPass<'_> for QueryStability { } } +fn has_unstable_into_iter_predicate<'tcx>( + cx: &LateContext<'tcx>, + callee_def_id: DefId, + generic_args: GenericArgsRef<'tcx>, +) -> bool { + let Some(into_iterator_def_id) = cx.tcx.get_diagnostic_item(sym::IntoIterator) else { + return false; + }; + let Some(into_iter_fn_def_id) = cx.tcx.lang_items().into_iter_fn() else { + return false; + }; + let predicates = cx.tcx.predicates_of(callee_def_id).instantiate(cx.tcx, generic_args); + for (predicate, _) in predicates { + let ClauseKind::Trait(TraitPredicate { trait_ref, polarity: PredicatePolarity::Positive }) = + predicate.kind().skip_binder() + else { + continue; + }; + // Does the function or method require any of its arguments to implement `IntoIterator`? + if trait_ref.def_id != into_iterator_def_id { + continue; + } + let Ok(Some(instance)) = + ty::Instance::try_resolve(cx.tcx, cx.typing_env(), into_iter_fn_def_id, trait_ref.args) + else { + continue; + }; + // Does the input type's `IntoIterator` implementation have the + // `rustc_lint_query_instability` attribute on its `into_iter` method? + if cx.tcx.has_attr(instance.def_id(), sym::rustc_lint_query_instability) { + return true; + } + } + false +} + +/// Checks whether an expression is a function or method call and, if so, returns its `DefId`, +/// `Span`, `GenericArgs`, and arguments. This is a slight augmentation of a similarly named Clippy +/// function, `get_callee_generic_args_and_args`. +fn get_callee_span_generic_args_and_args<'tcx>( + cx: &LateContext<'tcx>, + expr: &'tcx Expr<'tcx>, +) -> Option<(DefId, Span, GenericArgsRef<'tcx>, Option<&'tcx Expr<'tcx>>, &'tcx [Expr<'tcx>])> { + if let ExprKind::Call(callee, args) = expr.kind + && let callee_ty = cx.typeck_results().expr_ty(callee) + && let ty::FnDef(callee_def_id, generic_args) = callee_ty.kind() + { + return Some((*callee_def_id, callee.span, generic_args, None, args)); + } + if let ExprKind::MethodCall(segment, recv, args, _) = expr.kind + && let Some(method_def_id) = cx.typeck_results().type_dependent_def_id(expr.hir_id) + { + let generic_args = cx.typeck_results().node_args(expr.hir_id); + return Some((method_def_id, segment.ident.span, generic_args, Some(recv), args)); + } + None +} + declare_tool_lint! { /// The `usage_of_ty_tykind` lint detects usages of `ty::TyKind::`, /// where `ty::` would suffice. @@ -461,33 +510,22 @@ declare_tool_lint! { declare_lint_pass!(Diagnostics => [UNTRANSLATABLE_DIAGNOSTIC, DIAGNOSTIC_OUTSIDE_OF_IMPL]); impl LateLintPass<'_> for Diagnostics { - fn check_expr(&mut self, cx: &LateContext<'_>, expr: &hir::Expr<'_>) { + fn check_expr<'tcx>(&mut self, cx: &LateContext<'tcx>, expr: &'tcx hir::Expr<'tcx>) { let collect_args_tys_and_spans = |args: &[hir::Expr<'_>], reserve_one_extra: bool| { let mut result = Vec::with_capacity(args.len() + usize::from(reserve_one_extra)); result.extend(args.iter().map(|arg| (cx.typeck_results().expr_ty(arg), arg.span))); result }; // Only check function calls and method calls. - let (span, def_id, fn_gen_args, arg_tys_and_spans) = match expr.kind { - hir::ExprKind::Call(callee, args) => { - match cx.typeck_results().node_type(callee.hir_id).kind() { - &ty::FnDef(def_id, fn_gen_args) => { - (callee.span, def_id, fn_gen_args, collect_args_tys_and_spans(args, false)) - } - _ => return, // occurs for fns passed as args - } - } - hir::ExprKind::MethodCall(_segment, _recv, args, _span) => { - let Some((span, def_id, fn_gen_args)) = typeck_results_of_method_fn(cx, expr) - else { - return; - }; - let mut args = collect_args_tys_and_spans(args, true); - args.insert(0, (cx.tcx.types.self_param, _recv.span)); // dummy inserted for `self` - (span, def_id, fn_gen_args, args) - } - _ => return, + let Some((def_id, span, fn_gen_args, recv, args)) = + get_callee_span_generic_args_and_args(cx, expr) + else { + return; }; + let mut arg_tys_and_spans = collect_args_tys_and_spans(args, recv.is_some()); + if let Some(recv) = recv { + arg_tys_and_spans.insert(0, (cx.tcx.types.self_param, recv.span)); // dummy inserted for `self` + } Self::diagnostic_outside_of_impl(cx, span, expr.hir_id, def_id, fn_gen_args); Self::untranslatable_diagnostic(cx, def_id, &arg_tys_and_spans); @@ -496,7 +534,7 @@ impl LateLintPass<'_> for Diagnostics { impl Diagnostics { // Is the type `{D,Subd}iagMessage`? - fn is_diag_message<'cx>(cx: &LateContext<'cx>, ty: MiddleTy<'cx>) -> bool { + fn is_diag_message<'cx>(cx: &LateContext<'cx>, ty: Ty<'cx>) -> bool { if let Some(adt_def) = ty.ty_adt_def() && let Some(name) = cx.tcx.get_diagnostic_name(adt_def.did()) && matches!(name, sym::DiagMessage | sym::SubdiagMessage) @@ -510,7 +548,7 @@ impl Diagnostics { fn untranslatable_diagnostic<'cx>( cx: &LateContext<'cx>, def_id: DefId, - arg_tys_and_spans: &[(MiddleTy<'cx>, Span)], + arg_tys_and_spans: &[(Ty<'cx>, Span)], ) { let fn_sig = cx.tcx.fn_sig(def_id).instantiate_identity().skip_binder(); let predicates = cx.tcx.predicates_of(def_id).instantiate_identity(cx.tcx).predicates; diff --git a/src/librustdoc/formats/cache.rs b/src/librustdoc/formats/cache.rs index 918b292466d..359a35ec7fa 100644 --- a/src/librustdoc/formats/cache.rs +++ b/src/librustdoc/formats/cache.rs @@ -48,7 +48,7 @@ pub(crate) struct Cache { /// Similar to `paths`, but only holds external paths. This is only used for /// generating explicit hyperlinks to other crates. - pub(crate) external_paths: FxHashMap, ItemType)>, + pub(crate) external_paths: FxIndexMap, ItemType)>, /// Maps local `DefId`s of exported types to fully qualified paths. /// Unlike 'paths', this mapping ignores any renames that occur diff --git a/tests/ui-fulldeps/internal-lints/query_stability.rs b/tests/ui-fulldeps/internal-lints/query_stability.rs index 7b897fabd2d..9dc65250064 100644 --- a/tests/ui-fulldeps/internal-lints/query_stability.rs +++ b/tests/ui-fulldeps/internal-lints/query_stability.rs @@ -34,4 +34,16 @@ fn main() { //~^ ERROR using `values_mut` can result in unstable query results *val = *val + 10; } + + FxHashMap::::default().extend(x); + //~^ ERROR using `into_iter` can result in unstable query results +} + +fn hide_into_iter(x: impl IntoIterator) -> impl Iterator { + x.into_iter() +} + +fn take(map: std::collections::HashMap) { + _ = hide_into_iter(map); + //~^ ERROR using `into_iter` can result in unstable query results } diff --git a/tests/ui-fulldeps/internal-lints/query_stability.stderr b/tests/ui-fulldeps/internal-lints/query_stability.stderr index 43b156dc20a..a95ffd25a47 100644 --- a/tests/ui-fulldeps/internal-lints/query_stability.stderr +++ b/tests/ui-fulldeps/internal-lints/query_stability.stderr @@ -59,5 +59,21 @@ LL | for val in x.values_mut() { | = note: if you believe this case to be fine, allow this lint and add a comment explaining your rationale -error: aborting due to 7 previous errors +error: using `into_iter` can result in unstable query results + --> $DIR/query_stability.rs:38:38 + | +LL | FxHashMap::::default().extend(x); + | ^^^^^^^^^ + | + = note: if you believe this case to be fine, allow this lint and add a comment explaining your rationale + +error: using `into_iter` can result in unstable query results + --> $DIR/query_stability.rs:47:9 + | +LL | _ = hide_into_iter(map); + | ^^^^^^^^^^^^^^^^^^^ + | + = note: if you believe this case to be fine, allow this lint and add a comment explaining your rationale + +error: aborting due to 9 previous errors -- cgit 1.4.1-3-g733a5 From 3ef065bf872ce62a18336dca0daf47b3e9f7da64 Mon Sep 17 00:00:00 2001 From: Bastian Kersting Date: Wed, 18 Jun 2025 12:53:34 +0000 Subject: Implement the #[sanitize(..)] attribute This change implements the #[sanitize(..)] attribute, which opts to replace the currently unstable #[no_sanitize]. Essentially the new attribute works similar as #[no_sanitize], just with more flexible options regarding where it is applied. E.g. it is possible to turn a certain sanitizer either on or off: `#[sanitize(address = "on|off")]` This attribute now also applies to more places, e.g. it is possible to turn off a sanitizer for an entire module or impl block: ```rust \#[sanitize(address = "off")] mod foo { fn unsanitized(..) {} #[sanitize(address = "on")] fn sanitized(..) {} } \#[sanitize(thread = "off")] impl MyTrait for () { ... } ``` This attribute is enabled behind the unstable `sanitize` feature. --- compiler/rustc_codegen_ssa/messages.ftl | 3 + compiler/rustc_codegen_ssa/src/codegen_attrs.rs | 102 ++++++++++- compiler/rustc_codegen_ssa/src/errors.rs | 8 + compiler/rustc_feature/src/builtin_attrs.rs | 4 + compiler/rustc_feature/src/unstable.rs | 2 + compiler/rustc_middle/src/query/erase.rs | 1 + compiler/rustc_middle/src/query/mod.rs | 12 +- compiler/rustc_passes/messages.ftl | 6 + compiler/rustc_passes/src/check_attr.rs | 44 ++++- compiler/rustc_passes/src/errors.rs | 17 ++ tests/codegen-llvm/sanitizer/sanitize-off.rs | 118 +++++++++++++ tests/ui/feature-gates/feature-gate-sanitize.rs | 4 + .../ui/feature-gates/feature-gate-sanitize.stderr | 13 ++ tests/ui/sanitize-attr/invalid-sanitize.rs | 22 +++ tests/ui/sanitize-attr/invalid-sanitize.stderr | 82 +++++++++ tests/ui/sanitize-attr/valid-sanitize.rs | 115 +++++++++++++ tests/ui/sanitize-attr/valid-sanitize.stderr | 190 +++++++++++++++++++++ tests/ui/sanitizer/inline-always-sanitize.rs | 15 ++ tests/ui/sanitizer/inline-always-sanitize.stderr | 15 ++ tests/ui/sanitizer/inline-always.rs | 1 - tests/ui/sanitizer/inline-always.stderr | 4 +- 21 files changed, 771 insertions(+), 7 deletions(-) create mode 100644 tests/codegen-llvm/sanitizer/sanitize-off.rs create mode 100644 tests/ui/feature-gates/feature-gate-sanitize.rs create mode 100644 tests/ui/feature-gates/feature-gate-sanitize.stderr create mode 100644 tests/ui/sanitize-attr/invalid-sanitize.rs create mode 100644 tests/ui/sanitize-attr/invalid-sanitize.stderr create mode 100644 tests/ui/sanitize-attr/valid-sanitize.rs create mode 100644 tests/ui/sanitize-attr/valid-sanitize.stderr create mode 100644 tests/ui/sanitizer/inline-always-sanitize.rs create mode 100644 tests/ui/sanitizer/inline-always-sanitize.stderr (limited to 'compiler/rustc_codegen_ssa') diff --git a/compiler/rustc_codegen_ssa/messages.ftl b/compiler/rustc_codegen_ssa/messages.ftl index b6cfea88363..75cc60587b8 100644 --- a/compiler/rustc_codegen_ssa/messages.ftl +++ b/compiler/rustc_codegen_ssa/messages.ftl @@ -174,6 +174,9 @@ codegen_ssa_invalid_monomorphization_unsupported_symbol_of_size = invalid monomo codegen_ssa_invalid_no_sanitize = invalid argument for `no_sanitize` .note = expected one of: `address`, `cfi`, `hwaddress`, `kcfi`, `memory`, `memtag`, `shadow-call-stack`, or `thread` +codegen_ssa_invalid_sanitize = invalid argument for `sanitize` + .note = expected one of: `address`, `cfi`, `hwaddress`, `kcfi`, `memory`, `memtag`, `shadow-call-stack`, or `thread` + codegen_ssa_invalid_windows_subsystem = invalid windows subsystem `{$subsystem}`, only `windows` and `console` are allowed codegen_ssa_ld64_unimplemented_modifier = `as-needed` modifier not implemented yet for ld64 diff --git a/compiler/rustc_codegen_ssa/src/codegen_attrs.rs b/compiler/rustc_codegen_ssa/src/codegen_attrs.rs index af70f0deb07..068559497dd 100644 --- a/compiler/rustc_codegen_ssa/src/codegen_attrs.rs +++ b/compiler/rustc_codegen_ssa/src/codegen_attrs.rs @@ -162,6 +162,7 @@ fn parse_patchable_function_entry( struct InterestingAttributeDiagnosticSpans { link_ordinal: Option, no_sanitize: Option, + sanitize: Option, inline: Option, no_mangle: Option, } @@ -335,6 +336,7 @@ fn process_builtin_attrs( codegen_fn_attrs.no_sanitize |= parse_no_sanitize_attr(tcx, attr).unwrap_or_default(); } + sym::sanitize => interesting_spans.sanitize = Some(attr.span()), sym::instruction_set => { codegen_fn_attrs.instruction_set = parse_instruction_set_attr(tcx, attr) } @@ -358,6 +360,8 @@ fn apply_overrides(tcx: TyCtxt<'_>, did: LocalDefId, codegen_fn_attrs: &mut Code codegen_fn_attrs.alignment = Ord::max(codegen_fn_attrs.alignment, tcx.sess.opts.unstable_opts.min_function_alignment); + // Compute the disabled sanitizers. + codegen_fn_attrs.no_sanitize |= tcx.disabled_sanitizers_for(did); // On trait methods, inherit the `#[align]` of the trait's method prototype. codegen_fn_attrs.alignment = Ord::max(codegen_fn_attrs.alignment, tcx.inherited_align(did)); @@ -463,6 +467,17 @@ fn check_result( lint.span_note(inline_span, "inlining requested here"); }) } + if !codegen_fn_attrs.no_sanitize.is_empty() + && codegen_fn_attrs.inline.always() + && let (Some(sanitize_span), Some(inline_span)) = + (interesting_spans.sanitize, interesting_spans.inline) + { + let hir_id = tcx.local_def_id_to_hir_id(did); + tcx.node_span_lint(lint::builtin::INLINE_NO_SANITIZE, hir_id, sanitize_span, |lint| { + lint.primary_message("setting `sanitize` off will have no effect after inlining"); + lint.span_note(inline_span, "inlining requested here"); + }) + } // error when specifying link_name together with link_ordinal if let Some(_) = codegen_fn_attrs.link_name @@ -585,6 +600,84 @@ fn opt_trait_item(tcx: TyCtxt<'_>, def_id: DefId) -> Option { } } +/// For an attr that has the `sanitize` attribute, read the list of +/// disabled sanitizers. +fn parse_sanitize_attr(tcx: TyCtxt<'_>, attr: &Attribute) -> SanitizerSet { + let mut result = SanitizerSet::empty(); + if let Some(list) = attr.meta_item_list() { + for item in list.iter() { + let MetaItemInner::MetaItem(set) = item else { + tcx.dcx().emit_err(errors::InvalidSanitize { span: attr.span() }); + break; + }; + let segments = set.path.segments.iter().map(|x| x.ident.name).collect::>(); + match segments.as_slice() { + [sym::address] if set.value_str() == Some(sym::off) => { + result |= SanitizerSet::ADDRESS | SanitizerSet::KERNELADDRESS + } + [sym::address] if set.value_str() == Some(sym::on) => { + result &= !SanitizerSet::ADDRESS; + result &= !SanitizerSet::KERNELADDRESS; + } + [sym::cfi] if set.value_str() == Some(sym::off) => result |= SanitizerSet::CFI, + [sym::cfi] if set.value_str() == Some(sym::on) => result &= !SanitizerSet::CFI, + [sym::kcfi] if set.value_str() == Some(sym::off) => result |= SanitizerSet::KCFI, + [sym::kcfi] if set.value_str() == Some(sym::on) => result &= !SanitizerSet::KCFI, + [sym::memory] if set.value_str() == Some(sym::off) => { + result |= SanitizerSet::MEMORY + } + [sym::memory] if set.value_str() == Some(sym::on) => { + result &= !SanitizerSet::MEMORY + } + [sym::memtag] if set.value_str() == Some(sym::off) => { + result |= SanitizerSet::MEMTAG + } + [sym::memtag] if set.value_str() == Some(sym::on) => { + result &= !SanitizerSet::MEMTAG + } + [sym::shadow_call_stack] if set.value_str() == Some(sym::off) => { + result |= SanitizerSet::SHADOWCALLSTACK + } + [sym::shadow_call_stack] if set.value_str() == Some(sym::on) => { + result &= !SanitizerSet::SHADOWCALLSTACK + } + [sym::thread] if set.value_str() == Some(sym::off) => { + result |= SanitizerSet::THREAD + } + [sym::thread] if set.value_str() == Some(sym::on) => { + result &= !SanitizerSet::THREAD + } + [sym::hwaddress] if set.value_str() == Some(sym::off) => { + result |= SanitizerSet::HWADDRESS + } + [sym::hwaddress] if set.value_str() == Some(sym::on) => { + result &= !SanitizerSet::HWADDRESS + } + _ => { + tcx.dcx().emit_err(errors::InvalidSanitize { span: attr.span() }); + } + } + } + } + result +} + +fn disabled_sanitizers_for(tcx: TyCtxt<'_>, did: LocalDefId) -> SanitizerSet { + // Check for a sanitize annotation directly on this def. + if let Some(attr) = tcx.get_attr(did, sym::sanitize) { + return parse_sanitize_attr(tcx, attr); + } + + // Otherwise backtrack. + match tcx.opt_local_parent(did) { + // Check the parent (recursively). + Some(parent) => tcx.disabled_sanitizers_for(parent), + // We reached the crate root without seeing an attribute, so + // there is no sanitizers to exclude. + None => SanitizerSet::empty(), + } +} + /// Checks if the provided DefId is a method in a trait impl for a trait which has track_caller /// applied to the method prototype. fn should_inherit_track_caller(tcx: TyCtxt<'_>, def_id: DefId) -> bool { @@ -709,6 +802,11 @@ pub fn autodiff_attrs(tcx: TyCtxt<'_>, id: DefId) -> Option { } pub(crate) fn provide(providers: &mut Providers) { - *providers = - Providers { codegen_fn_attrs, should_inherit_track_caller, inherited_align, ..*providers }; + *providers = Providers { + codegen_fn_attrs, + should_inherit_track_caller, + inherited_align, + disabled_sanitizers_for, + ..*providers + }; } diff --git a/compiler/rustc_codegen_ssa/src/errors.rs b/compiler/rustc_codegen_ssa/src/errors.rs index 7ac830bcda9..913e0025f2e 100644 --- a/compiler/rustc_codegen_ssa/src/errors.rs +++ b/compiler/rustc_codegen_ssa/src/errors.rs @@ -1128,6 +1128,14 @@ pub(crate) struct InvalidNoSanitize { pub span: Span, } +#[derive(Diagnostic)] +#[diag(codegen_ssa_invalid_sanitize)] +#[note] +pub(crate) struct InvalidSanitize { + #[primary_span] + pub span: Span, +} + #[derive(Diagnostic)] #[diag(codegen_ssa_target_feature_safe_trait)] pub(crate) struct TargetFeatureSafeTrait { diff --git a/compiler/rustc_feature/src/builtin_attrs.rs b/compiler/rustc_feature/src/builtin_attrs.rs index 6fbedaf5b10..14fbf12f150 100644 --- a/compiler/rustc_feature/src/builtin_attrs.rs +++ b/compiler/rustc_feature/src/builtin_attrs.rs @@ -745,6 +745,10 @@ pub static BUILTIN_ATTRIBUTES: &[BuiltinAttribute] = &[ template!(List: &["address, kcfi, memory, thread"]), DuplicatesOk, EncodeCrossCrate::No, experimental!(no_sanitize) ), + gated!( + sanitize, Normal, template!(List: &[r#"address = "on|off""#, r#"kernel_address = "on|off""#, r#"cfi = "on|off""#, r#"hwaddress = "on|off""#, r#"kcfi = "on|off""#, r#"memory = "on|off""#, r#"memtag = "on|off""#, r#"shadow_call_stack = "on|off""#, r#"thread = "on|off""#]), ErrorPreceding, + EncodeCrossCrate::No, sanitize, experimental!(sanitize), + ), gated!( coverage, Normal, template!(OneOf: &[sym::off, sym::on]), ErrorPreceding, EncodeCrossCrate::No, diff --git a/compiler/rustc_feature/src/unstable.rs b/compiler/rustc_feature/src/unstable.rs index 07f928b8c88..4fb4b7fc8b7 100644 --- a/compiler/rustc_feature/src/unstable.rs +++ b/compiler/rustc_feature/src/unstable.rs @@ -626,6 +626,8 @@ declare_features! ( (unstable, return_type_notation, "1.70.0", Some(109417)), /// Allows `extern "rust-cold"`. (unstable, rust_cold_cc, "1.63.0", Some(97544)), + /// Allows the use of the `sanitize` attribute. + (unstable, sanitize, "CURRENT_RUSTC_VERSION", Some(39699)), /// Allows the use of SIMD types in functions declared in `extern` blocks. (unstable, simd_ffi, "1.0.0", Some(27731)), /// Allows specialization of implementations (RFC 1210). diff --git a/compiler/rustc_middle/src/query/erase.rs b/compiler/rustc_middle/src/query/erase.rs index a8b357bf105..ea62461ebeb 100644 --- a/compiler/rustc_middle/src/query/erase.rs +++ b/compiler/rustc_middle/src/query/erase.rs @@ -343,6 +343,7 @@ trivial! { rustc_span::Symbol, rustc_span::Ident, rustc_target::spec::PanicStrategy, + rustc_target::spec::SanitizerSet, rustc_type_ir::Variance, u32, usize, diff --git a/compiler/rustc_middle/src/query/mod.rs b/compiler/rustc_middle/src/query/mod.rs index f4d0120a2e7..3bb8353f49e 100644 --- a/compiler/rustc_middle/src/query/mod.rs +++ b/compiler/rustc_middle/src/query/mod.rs @@ -100,7 +100,7 @@ use rustc_session::lint::LintExpectationId; use rustc_span::def_id::LOCAL_CRATE; use rustc_span::source_map::Spanned; use rustc_span::{DUMMY_SP, Span, Symbol}; -use rustc_target::spec::PanicStrategy; +use rustc_target::spec::{PanicStrategy, SanitizerSet}; use {rustc_abi as abi, rustc_ast as ast, rustc_hir as hir}; use crate::infer::canonical::{self, Canonical}; @@ -2686,6 +2686,16 @@ rustc_queries! { desc { |tcx| "looking up anon const kind of `{}`", tcx.def_path_str(def_id) } separate_provide_extern } + + /// Checks for the nearest `#[sanitize(xyz = "off")]` or + /// `#[sanitize(xyz = "on")]` on this def and any enclosing defs, up to the + /// crate root. + /// + /// Returns the set of sanitizers that is explicitly disabled for this def. + query disabled_sanitizers_for(key: LocalDefId) -> SanitizerSet { + desc { |tcx| "checking what set of sanitizers are enabled on `{}`", tcx.def_path_str(key) } + feedable + } } rustc_with_all_queries! { define_callbacks! } diff --git a/compiler/rustc_passes/messages.ftl b/compiler/rustc_passes/messages.ftl index 7481b0ea960..0e9d556afdd 100644 --- a/compiler/rustc_passes/messages.ftl +++ b/compiler/rustc_passes/messages.ftl @@ -542,6 +542,12 @@ passes_rustc_pub_transparent = attribute should be applied to `#[repr(transparent)]` types .label = not a `#[repr(transparent)]` type +passes_sanitize_attribute_not_allowed = + sanitize attribute not allowed here + .not_fn_impl_mod = not a function, impl block, or module + .no_body = function has no body + .help = sanitize attribute can be applied to a function (with body), impl block, or module + passes_should_be_applied_to_fn = attribute should be applied to a function definition .label = {$on_crate -> diff --git a/compiler/rustc_passes/src/check_attr.rs b/compiler/rustc_passes/src/check_attr.rs index 0e28c51e981..e51f3657eaa 100644 --- a/compiler/rustc_passes/src/check_attr.rs +++ b/compiler/rustc_passes/src/check_attr.rs @@ -261,6 +261,9 @@ impl<'tcx> CheckAttrVisitor<'tcx> { [sym::no_sanitize, ..] => { self.check_no_sanitize(attr, span, target) } + [sym::sanitize, ..] => { + self.check_sanitize(attr, span, target) + } [sym::thread_local, ..] => self.check_thread_local(attr, span, target), [sym::doc, ..] => self.check_doc_attrs( attr, @@ -518,6 +521,46 @@ impl<'tcx> CheckAttrVisitor<'tcx> { } } + /// Checks that the `#[sanitize(..)]` attribute is applied to a + /// function/closure/method, or to an impl block or module. + fn check_sanitize(&self, attr: &Attribute, target_span: Span, target: Target) { + let mut not_fn_impl_mod = None; + let mut no_body = None; + + if let Some(list) = attr.meta_item_list() { + for item in list.iter() { + let MetaItemInner::MetaItem(set) = item else { + return; + }; + let segments = set.path.segments.iter().map(|x| x.ident.name).collect::>(); + match target { + Target::Fn + | Target::Closure + | Target::Method(MethodKind::Trait { body: true } | MethodKind::Inherent) + | Target::Impl { .. } + | Target::Mod => return, + Target::Static if matches!(segments.as_slice(), [sym::address]) => return, + + // These are "functions", but they aren't allowed because they don't + // have a body, so the usual explanation would be confusing. + Target::Method(MethodKind::Trait { body: false }) | Target::ForeignFn => { + no_body = Some(target_span); + } + + _ => { + not_fn_impl_mod = Some(target_span); + } + } + } + self.dcx().emit_err(errors::SanitizeAttributeNotAllowed { + attr_span: attr.span(), + not_fn_impl_mod, + no_body, + help: (), + }); + } + } + /// Checks if `#[naked]` is applied to a function definition. fn check_naked(&self, hir_id: HirId, target: Target) { match target { @@ -561,7 +604,6 @@ impl<'tcx> CheckAttrVisitor<'tcx> { } } } - /// Checks if `#[collapse_debuginfo]` is applied to a macro. fn check_collapse_debuginfo(&self, attr: &Attribute, span: Span, target: Target) { match target { diff --git a/compiler/rustc_passes/src/errors.rs b/compiler/rustc_passes/src/errors.rs index c5d5155d0e5..bd608dc2fee 100644 --- a/compiler/rustc_passes/src/errors.rs +++ b/compiler/rustc_passes/src/errors.rs @@ -1499,6 +1499,23 @@ pub(crate) struct NoSanitize<'a> { pub attr_str: &'a str, } +/// "sanitize attribute not allowed here" +#[derive(Diagnostic)] +#[diag(passes_sanitize_attribute_not_allowed)] +pub(crate) struct SanitizeAttributeNotAllowed { + #[primary_span] + pub attr_span: Span, + /// "not a function, impl block, or module" + #[label(passes_not_fn_impl_mod)] + pub not_fn_impl_mod: Option, + /// "function has no body" + #[label(passes_no_body)] + pub no_body: Option, + /// "sanitize attribute can be applied to a function (with body), impl block, or module" + #[help] + pub help: (), +} + // FIXME(jdonszelmann): move back to rustc_attr #[derive(Diagnostic)] #[diag(passes_rustc_const_stable_indirect_pairing)] diff --git a/tests/codegen-llvm/sanitizer/sanitize-off.rs b/tests/codegen-llvm/sanitizer/sanitize-off.rs new file mode 100644 index 00000000000..0b0c01ed962 --- /dev/null +++ b/tests/codegen-llvm/sanitizer/sanitize-off.rs @@ -0,0 +1,118 @@ +// Verifies that the `#[sanitize(address = "off")]` attribute can be used to +// selectively disable sanitizer instrumentation. +// +//@ needs-sanitizer-address +//@ compile-flags: -Zsanitizer=address -Ctarget-feature=-crt-static -Copt-level=0 + +#![crate_type = "lib"] +#![feature(sanitize)] + +// CHECK: @UNSANITIZED = constant{{.*}} no_sanitize_address +// CHECK-NOT: @__asan_global_SANITIZED +#[no_mangle] +#[sanitize(address = "off")] +pub static UNSANITIZED: u32 = 0; + +// CHECK: @__asan_global_SANITIZED +#[no_mangle] +pub static SANITIZED: u32 = 0; + +// CHECK-LABEL: ; sanitize_off::unsanitized +// CHECK-NEXT: ; Function Attrs: +// CHECK-NOT: sanitize_address +// CHECK: start: +// CHECK-NOT: call void @__asan_report_load +// CHECK: } +#[sanitize(address = "off")] +pub fn unsanitized(b: &mut u8) -> u8 { + *b +} + +// CHECK-LABEL: ; sanitize_off::sanitized +// CHECK-NEXT: ; Function Attrs: +// CHECK: sanitize_address +// CHECK: start: +// CHECK: call void @__asan_report_load +// CHECK: } +pub fn sanitized(b: &mut u8) -> u8 { + *b +} + +#[sanitize(address = "off")] +pub mod foo { + // CHECK-LABEL: ; sanitize_off::foo::unsanitized + // CHECK-NEXT: ; Function Attrs: + // CHECK-NOT: sanitize_address + // CHECK: start: + // CHECK-NOT: call void @__asan_report_load + // CHECK: } + pub fn unsanitized(b: &mut u8) -> u8 { + *b + } + + // CHECK-LABEL: ; sanitize_off::foo::sanitized + // CHECK-NEXT: ; Function Attrs: + // CHECK: sanitize_address + // CHECK: start: + // CHECK: call void @__asan_report_load + // CHECK: } + #[sanitize(address = "on")] + pub fn sanitized(b: &mut u8) -> u8 { + *b + } +} + +pub trait MyTrait { + fn unsanitized(&self, b: &mut u8) -> u8; + fn sanitized(&self, b: &mut u8) -> u8; + + // CHECK-LABEL: ; sanitize_off::MyTrait::unsanitized_default + // CHECK-NEXT: ; Function Attrs: + // CHECK-NOT: sanitize_address + // CHECK: start: + // CHECK-NOT: call void @__asan_report_load + // CHECK: } + #[sanitize(address = "off")] + fn unsanitized_default(&self, b: &mut u8) -> u8 { + *b + } + + // CHECK-LABEL: ; sanitize_off::MyTrait::sanitized_default + // CHECK-NEXT: ; Function Attrs: + // CHECK: sanitize_address + // CHECK: start: + // CHECK: call void @__asan_report_load + // CHECK: } + fn sanitized_default(&self, b: &mut u8) -> u8 { + *b + } +} + +#[sanitize(address = "off")] +impl MyTrait for () { + // CHECK-LABEL: ; <() as sanitize_off::MyTrait>::unsanitized + // CHECK-NEXT: ; Function Attrs: + // CHECK-NOT: sanitize_address + // CHECK: start: + // CHECK-NOT: call void @__asan_report_load + // CHECK: } + fn unsanitized(&self, b: &mut u8) -> u8 { + *b + } + + // CHECK-LABEL: ; <() as sanitize_off::MyTrait>::sanitized + // CHECK-NEXT: ; Function Attrs: + // CHECK: sanitize_address + // CHECK: start: + // CHECK: call void @__asan_report_load + // CHECK: } + #[sanitize(address = "on")] + fn sanitized(&self, b: &mut u8) -> u8 { + *b + } +} + +pub fn expose_trait(b: &mut u8) -> u8 { + <() as MyTrait>::unsanitized_default(&(), b); + <() as MyTrait>::sanitized_default(&(), b) +} diff --git a/tests/ui/feature-gates/feature-gate-sanitize.rs b/tests/ui/feature-gates/feature-gate-sanitize.rs new file mode 100644 index 00000000000..19656544da0 --- /dev/null +++ b/tests/ui/feature-gates/feature-gate-sanitize.rs @@ -0,0 +1,4 @@ +#[sanitize(address = "on")] +//~^ ERROR the `#[sanitize]` attribute is an experimental feature +fn main() { +} diff --git a/tests/ui/feature-gates/feature-gate-sanitize.stderr b/tests/ui/feature-gates/feature-gate-sanitize.stderr new file mode 100644 index 00000000000..a8e9b4608ac --- /dev/null +++ b/tests/ui/feature-gates/feature-gate-sanitize.stderr @@ -0,0 +1,13 @@ +error[E0658]: the `#[sanitize]` attribute is an experimental feature + --> $DIR/feature-gate-sanitize.rs:1:1 + | +LL | #[sanitize(address = "on")] + | ^^^^^^^^^^^^^^^^^^^^^^^^^^^ + | + = note: see issue #39699 for more information + = help: add `#![feature(sanitize)]` to the crate attributes to enable + = note: this compiler was built on YYYY-MM-DD; consider upgrading it if it is out of date + +error: aborting due to 1 previous error + +For more information about this error, try `rustc --explain E0658`. diff --git a/tests/ui/sanitize-attr/invalid-sanitize.rs b/tests/ui/sanitize-attr/invalid-sanitize.rs new file mode 100644 index 00000000000..49dc01c8daa --- /dev/null +++ b/tests/ui/sanitize-attr/invalid-sanitize.rs @@ -0,0 +1,22 @@ +#![feature(sanitize)] + +#[sanitize(brontosaurus = "off")] //~ ERROR invalid argument +fn main() { +} + +#[sanitize(address = "off")] //~ ERROR multiple `sanitize` attributes +#[sanitize(address = "off")] +fn multiple_consistent() {} + +#[sanitize(address = "on")] //~ ERROR multiple `sanitize` attributes +#[sanitize(address = "off")] +fn multiple_inconsistent() {} + +#[sanitize(address = "bogus")] //~ ERROR invalid argument for `sanitize` +fn wrong_value() {} + +#[sanitize = "off"] //~ ERROR malformed `sanitize` attribute input +fn name_value () {} + +#[sanitize] //~ ERROR malformed `sanitize` attribute input +fn just_word() {} diff --git a/tests/ui/sanitize-attr/invalid-sanitize.stderr b/tests/ui/sanitize-attr/invalid-sanitize.stderr new file mode 100644 index 00000000000..bd36ce67b96 --- /dev/null +++ b/tests/ui/sanitize-attr/invalid-sanitize.stderr @@ -0,0 +1,82 @@ +error: malformed `sanitize` attribute input + --> $DIR/invalid-sanitize.rs:18:1 + | +LL | #[sanitize = "off"] + | ^^^^^^^^^^^^^^^^^^^ + | +help: the following are the possible correct uses + | +LL - #[sanitize = "off"] +LL + #[sanitize(address = "on|off")] + | +LL - #[sanitize = "off"] +LL + #[sanitize(cfi = "on|off")] + | +LL - #[sanitize = "off"] +LL + #[sanitize(hwaddress = "on|off")] + | +LL - #[sanitize = "off"] +LL + #[sanitize(kcfi = "on|off")] + | + = and 5 other candidates + +error: malformed `sanitize` attribute input + --> $DIR/invalid-sanitize.rs:21:1 + | +LL | #[sanitize] + | ^^^^^^^^^^^ + | +help: the following are the possible correct uses + | +LL | #[sanitize(address = "on|off")] + | ++++++++++++++++++++ +LL | #[sanitize(cfi = "on|off")] + | ++++++++++++++++ +LL | #[sanitize(hwaddress = "on|off")] + | ++++++++++++++++++++++ +LL | #[sanitize(kcfi = "on|off")] + | +++++++++++++++++ + = and 5 other candidates + +error: multiple `sanitize` attributes + --> $DIR/invalid-sanitize.rs:7:1 + | +LL | #[sanitize(address = "off")] + | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ help: remove this attribute + | +note: attribute also specified here + --> $DIR/invalid-sanitize.rs:8:1 + | +LL | #[sanitize(address = "off")] + | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +error: multiple `sanitize` attributes + --> $DIR/invalid-sanitize.rs:11:1 + | +LL | #[sanitize(address = "on")] + | ^^^^^^^^^^^^^^^^^^^^^^^^^^^ help: remove this attribute + | +note: attribute also specified here + --> $DIR/invalid-sanitize.rs:12:1 + | +LL | #[sanitize(address = "off")] + | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +error: invalid argument for `sanitize` + --> $DIR/invalid-sanitize.rs:3:1 + | +LL | #[sanitize(brontosaurus = "off")] + | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + | + = note: expected one of: `address`, `cfi`, `hwaddress`, `kcfi`, `memory`, `memtag`, `shadow-call-stack`, or `thread` + +error: invalid argument for `sanitize` + --> $DIR/invalid-sanitize.rs:15:1 + | +LL | #[sanitize(address = "bogus")] + | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + | + = note: expected one of: `address`, `cfi`, `hwaddress`, `kcfi`, `memory`, `memtag`, `shadow-call-stack`, or `thread` + +error: aborting due to 6 previous errors + diff --git a/tests/ui/sanitize-attr/valid-sanitize.rs b/tests/ui/sanitize-attr/valid-sanitize.rs new file mode 100644 index 00000000000..ebe76fcba04 --- /dev/null +++ b/tests/ui/sanitize-attr/valid-sanitize.rs @@ -0,0 +1,115 @@ +//! Tests where the `#[sanitize(..)]` attribute can and cannot be used. + +#![feature(sanitize)] +#![feature(extern_types)] +#![feature(impl_trait_in_assoc_type)] +#![warn(unused_attributes)] +#![sanitize(address = "off", thread = "on")] + +#[sanitize(address = "off", thread = "on")] +mod submod {} + +#[sanitize(address = "off")] +static FOO: u32 = 0; + +#[sanitize(thread = "off")] //~ ERROR sanitize attribute not allowed here +static BAR: u32 = 0; + +#[sanitize(address = "off")] //~ ERROR sanitize attribute not allowed here +type MyTypeAlias = (); + +#[sanitize(address = "off")] //~ ERROR sanitize attribute not allowed here +trait MyTrait { + #[sanitize(address = "off")] //~ ERROR sanitize attribute not allowed here + const TRAIT_ASSOC_CONST: u32; + + #[sanitize(address = "off")] //~ ERROR sanitize attribute not allowed here + type TraitAssocType; + + #[sanitize(address = "off")] //~ ERROR sanitize attribute not allowed here + fn trait_method(&self); + + #[sanitize(address = "off", thread = "on")] + fn trait_method_with_default(&self) {} + + #[sanitize(address = "off")] //~ ERROR sanitize attribute not allowed here + fn trait_assoc_fn(); +} + +#[sanitize(address = "off")] +impl MyTrait for () { + const TRAIT_ASSOC_CONST: u32 = 0; + + #[sanitize(address = "off")] //~ ERROR sanitize attribute not allowed here + type TraitAssocType = Self; + + #[sanitize(address = "off", thread = "on")] + fn trait_method(&self) {} + #[sanitize(address = "off", thread = "on")] + fn trait_method_with_default(&self) {} + #[sanitize(address = "off", thread = "on")] + fn trait_assoc_fn() {} +} + +trait HasAssocType { + type T; + fn constrain_assoc_type() -> Self::T; +} + +impl HasAssocType for () { + #[sanitize(address = "off")] //~ ERROR sanitize attribute not allowed here + type T = impl Copy; + fn constrain_assoc_type() -> Self::T {} +} + +#[sanitize(address = "off")] //~ ERROR sanitize attribute not allowed here +struct MyStruct { + #[sanitize(address = "off")] //~ ERROR sanitize attribute not allowed here + field: u32, +} + +#[sanitize(address = "off", thread = "on")] +impl MyStruct { + #[sanitize(address = "off", thread = "on")] + fn method(&self) {} + #[sanitize(address = "off", thread = "on")] + fn assoc_fn() {} +} + +extern "C" { + #[sanitize(address = "off", thread = "on")] //~ ERROR sanitize attribute not allowed here + static X: u32; + + #[sanitize(address = "off", thread = "on")] //~ ERROR sanitize attribute not allowed here + type T; + + #[sanitize(address = "off", thread = "on")] //~ ERROR sanitize attribute not allowed here + fn foreign_fn(); +} + +#[sanitize(address = "off", thread = "on")] +fn main() { + #[sanitize(address = "off", thread = "on")] //~ ERROR sanitize attribute not allowed here + let _ = (); + + // Currently not allowed on let statements, even if they bind to a closure. + // It might be nice to support this as a special case someday, but trying + // to define the precise boundaries of that special case might be tricky. + #[sanitize(address = "off")] //~ ERROR sanitize attribute not allowed here + let _let_closure = || (); + + // In situations where attributes can already be applied to expressions, + // the sanitize attribute is allowed on closure expressions. + let _closure_tail_expr = { + #[sanitize(address = "off", thread = "on")] + || () + }; + + match () { + #[sanitize(address = "off")] //~ ERROR sanitize attribute not allowed here + () => (), + } + + #[sanitize(address = "off")] //~ ERROR sanitize attribute not allowed here + return (); +} diff --git a/tests/ui/sanitize-attr/valid-sanitize.stderr b/tests/ui/sanitize-attr/valid-sanitize.stderr new file mode 100644 index 00000000000..ff9fe63eaf5 --- /dev/null +++ b/tests/ui/sanitize-attr/valid-sanitize.stderr @@ -0,0 +1,190 @@ +error: sanitize attribute not allowed here + --> $DIR/valid-sanitize.rs:15:1 + | +LL | #[sanitize(thread = "off")] + | ^^^^^^^^^^^^^^^^^^^^^^^^^^^ +LL | static BAR: u32 = 0; + | -------------------- not a function, impl block, or module + | + = help: sanitize attribute can be applied to a function (with body), impl block, or module + +error: sanitize attribute not allowed here + --> $DIR/valid-sanitize.rs:18:1 + | +LL | #[sanitize(address = "off")] + | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +LL | type MyTypeAlias = (); + | ---------------------- not a function, impl block, or module + | + = help: sanitize attribute can be applied to a function (with body), impl block, or module + +error: sanitize attribute not allowed here + --> $DIR/valid-sanitize.rs:21:1 + | +LL | #[sanitize(address = "off")] + | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +LL | / trait MyTrait { +LL | | #[sanitize(address = "off")] +LL | | const TRAIT_ASSOC_CONST: u32; +... | +LL | | fn trait_assoc_fn(); +LL | | } + | |_- not a function, impl block, or module + | + = help: sanitize attribute can be applied to a function (with body), impl block, or module + +error: sanitize attribute not allowed here + --> $DIR/valid-sanitize.rs:65:1 + | +LL | #[sanitize(address = "off")] + | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +LL | / struct MyStruct { +LL | | #[sanitize(address = "off")] +LL | | field: u32, +LL | | } + | |_- not a function, impl block, or module + | + = help: sanitize attribute can be applied to a function (with body), impl block, or module + +error: sanitize attribute not allowed here + --> $DIR/valid-sanitize.rs:67:5 + | +LL | #[sanitize(address = "off")] + | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +LL | field: u32, + | ---------- not a function, impl block, or module + | + = help: sanitize attribute can be applied to a function (with body), impl block, or module + +error: sanitize attribute not allowed here + --> $DIR/valid-sanitize.rs:92:5 + | +LL | #[sanitize(address = "off", thread = "on")] + | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +LL | let _ = (); + | ----------- not a function, impl block, or module + | + = help: sanitize attribute can be applied to a function (with body), impl block, or module + +error: sanitize attribute not allowed here + --> $DIR/valid-sanitize.rs:98:5 + | +LL | #[sanitize(address = "off")] + | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +LL | let _let_closure = || (); + | ------------------------- not a function, impl block, or module + | + = help: sanitize attribute can be applied to a function (with body), impl block, or module + +error: sanitize attribute not allowed here + --> $DIR/valid-sanitize.rs:109:9 + | +LL | #[sanitize(address = "off")] + | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +LL | () => (), + | -------- not a function, impl block, or module + | + = help: sanitize attribute can be applied to a function (with body), impl block, or module + +error: sanitize attribute not allowed here + --> $DIR/valid-sanitize.rs:113:5 + | +LL | #[sanitize(address = "off")] + | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +LL | return (); + | --------- not a function, impl block, or module + | + = help: sanitize attribute can be applied to a function (with body), impl block, or module + +error: sanitize attribute not allowed here + --> $DIR/valid-sanitize.rs:23:5 + | +LL | #[sanitize(address = "off")] + | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +LL | const TRAIT_ASSOC_CONST: u32; + | ----------------------------- not a function, impl block, or module + | + = help: sanitize attribute can be applied to a function (with body), impl block, or module + +error: sanitize attribute not allowed here + --> $DIR/valid-sanitize.rs:26:5 + | +LL | #[sanitize(address = "off")] + | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +LL | type TraitAssocType; + | -------------------- not a function, impl block, or module + | + = help: sanitize attribute can be applied to a function (with body), impl block, or module + +error: sanitize attribute not allowed here + --> $DIR/valid-sanitize.rs:29:5 + | +LL | #[sanitize(address = "off")] + | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +LL | fn trait_method(&self); + | ----------------------- function has no body + | + = help: sanitize attribute can be applied to a function (with body), impl block, or module + +error: sanitize attribute not allowed here + --> $DIR/valid-sanitize.rs:35:5 + | +LL | #[sanitize(address = "off")] + | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +LL | fn trait_assoc_fn(); + | -------------------- function has no body + | + = help: sanitize attribute can be applied to a function (with body), impl block, or module + +error: sanitize attribute not allowed here + --> $DIR/valid-sanitize.rs:43:5 + | +LL | #[sanitize(address = "off")] + | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +LL | type TraitAssocType = Self; + | --------------------------- not a function, impl block, or module + | + = help: sanitize attribute can be applied to a function (with body), impl block, or module + +error: sanitize attribute not allowed here + --> $DIR/valid-sanitize.rs:60:5 + | +LL | #[sanitize(address = "off")] + | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +LL | type T = impl Copy; + | ------------------- not a function, impl block, or module + | + = help: sanitize attribute can be applied to a function (with body), impl block, or module + +error: sanitize attribute not allowed here + --> $DIR/valid-sanitize.rs:80:5 + | +LL | #[sanitize(address = "off", thread = "on")] + | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +LL | static X: u32; + | -------------- not a function, impl block, or module + | + = help: sanitize attribute can be applied to a function (with body), impl block, or module + +error: sanitize attribute not allowed here + --> $DIR/valid-sanitize.rs:83:5 + | +LL | #[sanitize(address = "off", thread = "on")] + | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +LL | type T; + | ------- not a function, impl block, or module + | + = help: sanitize attribute can be applied to a function (with body), impl block, or module + +error: sanitize attribute not allowed here + --> $DIR/valid-sanitize.rs:86:5 + | +LL | #[sanitize(address = "off", thread = "on")] + | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ +LL | fn foreign_fn(); + | ---------------- function has no body + | + = help: sanitize attribute can be applied to a function (with body), impl block, or module + +error: aborting due to 18 previous errors + diff --git a/tests/ui/sanitizer/inline-always-sanitize.rs b/tests/ui/sanitizer/inline-always-sanitize.rs new file mode 100644 index 00000000000..2f1c8bb9c5b --- /dev/null +++ b/tests/ui/sanitizer/inline-always-sanitize.rs @@ -0,0 +1,15 @@ +//@ check-pass + +#![feature(sanitize)] + +#[inline(always)] +//~^ NOTE inlining requested here +#[sanitize(address = "off")] +//~^ WARN setting `sanitize` off will have no effect after inlining +//~| NOTE on by default +fn x() { +} + +fn main() { + x() +} diff --git a/tests/ui/sanitizer/inline-always-sanitize.stderr b/tests/ui/sanitizer/inline-always-sanitize.stderr new file mode 100644 index 00000000000..ed479472169 --- /dev/null +++ b/tests/ui/sanitizer/inline-always-sanitize.stderr @@ -0,0 +1,15 @@ +warning: setting `sanitize` off will have no effect after inlining + --> $DIR/inline-always-sanitize.rs:7:1 + | +LL | #[sanitize(address = "off")] + | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + | +note: inlining requested here + --> $DIR/inline-always-sanitize.rs:5:1 + | +LL | #[inline(always)] + | ^^^^^^^^^^^^^^^^^ + = note: `#[warn(inline_no_sanitize)]` on by default + +warning: 1 warning emitted + diff --git a/tests/ui/sanitizer/inline-always.rs b/tests/ui/sanitizer/inline-always.rs index d92daee3026..a868cd761db 100644 --- a/tests/ui/sanitizer/inline-always.rs +++ b/tests/ui/sanitizer/inline-always.rs @@ -1,7 +1,6 @@ //@ check-pass #![feature(no_sanitize)] - #[inline(always)] //~^ NOTE inlining requested here #[no_sanitize(address)] diff --git a/tests/ui/sanitizer/inline-always.stderr b/tests/ui/sanitizer/inline-always.stderr index 74fba3c0e0e..2ce48b0101d 100644 --- a/tests/ui/sanitizer/inline-always.stderr +++ b/tests/ui/sanitizer/inline-always.stderr @@ -1,11 +1,11 @@ warning: `no_sanitize` will have no effect after inlining - --> $DIR/inline-always.rs:7:1 + --> $DIR/inline-always.rs:6:1 | LL | #[no_sanitize(address)] | ^^^^^^^^^^^^^^^^^^^^^^^ | note: inlining requested here - --> $DIR/inline-always.rs:5:1 + --> $DIR/inline-always.rs:4:1 | LL | #[inline(always)] | ^^^^^^^^^^^^^^^^^ -- cgit 1.4.1-3-g733a5 From 95bdb34494ad795f552cab7a0eb7bfd2e98ef033 Mon Sep 17 00:00:00 2001 From: Bastian Kersting Date: Wed, 18 Jun 2025 13:47:44 +0000 Subject: Remove the no_sanitize attribute in favor of sanitize This removes the #[no_sanitize] attribute, which was behind an unstable feature named no_sanitize. Instead, we introduce the sanitize attribute which is more powerful and allows to be extended in the future (instead of just focusing on turning sanitizers off). This also makes sanitize(kernel_address = ..) attribute work with -Zsanitize=address To do it the same as how clang disables address sanitizer, we now disable ASAN on sanitize(kernel_address = "off") and KASAN on sanitize(address = "off"). The same was added to clang in https://reviews.llvm.org/D44981. --- compiler/rustc_codegen_ssa/messages.ftl | 5 +- compiler/rustc_codegen_ssa/src/codegen_attrs.rs | 78 ++++++--------------- compiler/rustc_codegen_ssa/src/errors.rs | 8 --- compiler/rustc_feature/src/builtin_attrs.rs | 5 -- compiler/rustc_feature/src/removed.rs | 3 + compiler/rustc_feature/src/unstable.rs | 2 - compiler/rustc_lint_defs/src/builtin.rs | 12 ++-- .../rustc_middle/src/middle/codegen_fn_attrs.rs | 4 +- compiler/rustc_passes/messages.ftl | 4 -- compiler/rustc_passes/src/check_attr.rs | 39 ----------- compiler/rustc_passes/src/errors.rs | 11 --- compiler/rustc_span/src/symbol.rs | 1 + src/doc/rustc-dev-guide/src/sanitizers.md | 2 +- .../src/language-features/no-sanitize.md | 29 -------- .../src/language-features/sanitize.md | 73 ++++++++++++++++++++ .../cfi/emit-type-checks-attr-no-sanitize.rs | 18 ----- .../cfi/emit-type-checks-attr-sanitize-off.rs | 18 +++++ .../sanitizer/kasan-emits-instrumentation.rs | 4 +- .../emit-kcfi-operand-bundle-attr-no-sanitize.rs | 27 -------- .../emit-kcfi-operand-bundle-attr-sanitize-off.rs | 27 ++++++++ .../codegen-llvm/sanitizer/no-sanitize-inlining.rs | 31 --------- tests/codegen-llvm/sanitizer/no-sanitize.rs | 39 ----------- .../sanitizer/sanitize-off-asan-kasan.rs | 42 ++++++++++++ .../sanitizer/sanitize-off-inlining.rs | 31 +++++++++ .../sanitizer/sanitize-off-kasan-asan.rs | 29 ++++++++ tests/codegen-llvm/sanitizer/sanitize-off.rs | 20 ++++++ tests/codegen-llvm/sanitizer/scs-attr-check.rs | 4 +- tests/mir-opt/inline/inline_compatibility.rs | 22 +++--- tests/ui/attributes/malformed-attrs.rs | 4 +- tests/ui/attributes/malformed-attrs.stderr | 18 ++++- tests/ui/attributes/no-sanitize.rs | 45 ------------ tests/ui/attributes/no-sanitize.stderr | 80 ---------------------- tests/ui/feature-gates/feature-gate-no_sanitize.rs | 4 -- .../feature-gates/feature-gate-no_sanitize.stderr | 13 ---- tests/ui/feature-gates/feature-gate-sanitize.rs | 3 + .../ui/feature-gates/feature-gate-sanitize.stderr | 16 ++++- tests/ui/invalid/invalid-no-sanitize.rs | 5 -- tests/ui/invalid/invalid-no-sanitize.stderr | 10 --- tests/ui/sanitize-attr/invalid-sanitize.stderr | 4 +- tests/ui/sanitizer/inline-always-sanitize.rs | 2 +- tests/ui/sanitizer/inline-always.rs | 14 ---- tests/ui/sanitizer/inline-always.stderr | 15 ---- triagebot.toml | 4 +- 43 files changed, 329 insertions(+), 496 deletions(-) delete mode 100644 src/doc/unstable-book/src/language-features/no-sanitize.md create mode 100644 src/doc/unstable-book/src/language-features/sanitize.md delete mode 100644 tests/codegen-llvm/sanitizer/cfi/emit-type-checks-attr-no-sanitize.rs create mode 100644 tests/codegen-llvm/sanitizer/cfi/emit-type-checks-attr-sanitize-off.rs delete mode 100644 tests/codegen-llvm/sanitizer/kcfi/emit-kcfi-operand-bundle-attr-no-sanitize.rs create mode 100644 tests/codegen-llvm/sanitizer/kcfi/emit-kcfi-operand-bundle-attr-sanitize-off.rs delete mode 100644 tests/codegen-llvm/sanitizer/no-sanitize-inlining.rs delete mode 100644 tests/codegen-llvm/sanitizer/no-sanitize.rs create mode 100644 tests/codegen-llvm/sanitizer/sanitize-off-asan-kasan.rs create mode 100644 tests/codegen-llvm/sanitizer/sanitize-off-inlining.rs create mode 100644 tests/codegen-llvm/sanitizer/sanitize-off-kasan-asan.rs delete mode 100644 tests/ui/attributes/no-sanitize.rs delete mode 100644 tests/ui/attributes/no-sanitize.stderr delete mode 100644 tests/ui/feature-gates/feature-gate-no_sanitize.rs delete mode 100644 tests/ui/feature-gates/feature-gate-no_sanitize.stderr delete mode 100644 tests/ui/invalid/invalid-no-sanitize.rs delete mode 100644 tests/ui/invalid/invalid-no-sanitize.stderr delete mode 100644 tests/ui/sanitizer/inline-always.rs delete mode 100644 tests/ui/sanitizer/inline-always.stderr (limited to 'compiler/rustc_codegen_ssa') diff --git a/compiler/rustc_codegen_ssa/messages.ftl b/compiler/rustc_codegen_ssa/messages.ftl index 75cc60587b8..42ba0154192 100644 --- a/compiler/rustc_codegen_ssa/messages.ftl +++ b/compiler/rustc_codegen_ssa/messages.ftl @@ -171,11 +171,8 @@ codegen_ssa_invalid_monomorphization_unsupported_symbol = invalid monomorphizati codegen_ssa_invalid_monomorphization_unsupported_symbol_of_size = invalid monomorphization of `{$name}` intrinsic: unsupported {$symbol} from `{$in_ty}` with element `{$in_elem}` of size `{$size}` to `{$ret_ty}` -codegen_ssa_invalid_no_sanitize = invalid argument for `no_sanitize` - .note = expected one of: `address`, `cfi`, `hwaddress`, `kcfi`, `memory`, `memtag`, `shadow-call-stack`, or `thread` - codegen_ssa_invalid_sanitize = invalid argument for `sanitize` - .note = expected one of: `address`, `cfi`, `hwaddress`, `kcfi`, `memory`, `memtag`, `shadow-call-stack`, or `thread` + .note = expected one of: `address`, `kernel_address`, `cfi`, `hwaddress`, `kcfi`, `memory`, `memtag`, `shadow_call_stack`, or `thread` codegen_ssa_invalid_windows_subsystem = invalid windows subsystem `{$subsystem}`, only `windows` and `console` are allowed diff --git a/compiler/rustc_codegen_ssa/src/codegen_attrs.rs b/compiler/rustc_codegen_ssa/src/codegen_attrs.rs index 068559497dd..bf14c02a09c 100644 --- a/compiler/rustc_codegen_ssa/src/codegen_attrs.rs +++ b/compiler/rustc_codegen_ssa/src/codegen_attrs.rs @@ -77,32 +77,6 @@ fn parse_instruction_set_attr(tcx: TyCtxt<'_>, attr: &Attribute) -> Option, attr: &Attribute) -> Option { - let list = attr.meta_item_list()?; - let mut sanitizer_set = SanitizerSet::empty(); - - for item in list.iter() { - match item.name() { - Some(sym::address) => { - sanitizer_set |= SanitizerSet::ADDRESS | SanitizerSet::KERNELADDRESS - } - Some(sym::cfi) => sanitizer_set |= SanitizerSet::CFI, - Some(sym::kcfi) => sanitizer_set |= SanitizerSet::KCFI, - Some(sym::memory) => sanitizer_set |= SanitizerSet::MEMORY, - Some(sym::memtag) => sanitizer_set |= SanitizerSet::MEMTAG, - Some(sym::shadow_call_stack) => sanitizer_set |= SanitizerSet::SHADOWCALLSTACK, - Some(sym::thread) => sanitizer_set |= SanitizerSet::THREAD, - Some(sym::hwaddress) => sanitizer_set |= SanitizerSet::HWADDRESS, - _ => { - tcx.dcx().emit_err(errors::InvalidNoSanitize { span: item.span() }); - } - } - } - - Some(sanitizer_set) -} - // FIXME(jdonszelmann): remove when patchable_function_entry becomes a parsed attr fn parse_patchable_function_entry( tcx: TyCtxt<'_>, @@ -161,7 +135,6 @@ fn parse_patchable_function_entry( #[derive(Default)] struct InterestingAttributeDiagnosticSpans { link_ordinal: Option, - no_sanitize: Option, sanitize: Option, inline: Option, no_mangle: Option, @@ -331,11 +304,6 @@ fn process_builtin_attrs( codegen_fn_attrs.flags |= CodegenFnAttrFlags::ALLOCATOR_ZEROED } sym::thread_local => codegen_fn_attrs.flags |= CodegenFnAttrFlags::THREAD_LOCAL, - sym::no_sanitize => { - interesting_spans.no_sanitize = Some(attr.span()); - codegen_fn_attrs.no_sanitize |= - parse_no_sanitize_attr(tcx, attr).unwrap_or_default(); - } sym::sanitize => interesting_spans.sanitize = Some(attr.span()), sym::instruction_set => { codegen_fn_attrs.instruction_set = parse_instruction_set_attr(tcx, attr) @@ -459,21 +427,10 @@ fn check_result( if !codegen_fn_attrs.no_sanitize.is_empty() && codegen_fn_attrs.inline.always() && let (Some(no_sanitize_span), Some(inline_span)) = - (interesting_spans.no_sanitize, interesting_spans.inline) - { - let hir_id = tcx.local_def_id_to_hir_id(did); - tcx.node_span_lint(lint::builtin::INLINE_NO_SANITIZE, hir_id, no_sanitize_span, |lint| { - lint.primary_message("`no_sanitize` will have no effect after inlining"); - lint.span_note(inline_span, "inlining requested here"); - }) - } - if !codegen_fn_attrs.no_sanitize.is_empty() - && codegen_fn_attrs.inline.always() - && let (Some(sanitize_span), Some(inline_span)) = (interesting_spans.sanitize, interesting_spans.inline) { let hir_id = tcx.local_def_id_to_hir_id(did); - tcx.node_span_lint(lint::builtin::INLINE_NO_SANITIZE, hir_id, sanitize_span, |lint| { + tcx.node_span_lint(lint::builtin::INLINE_NO_SANITIZE, hir_id, no_sanitize_span, |lint| { lint.primary_message("setting `sanitize` off will have no effect after inlining"); lint.span_note(inline_span, "inlining requested here"); }) @@ -601,9 +558,14 @@ fn opt_trait_item(tcx: TyCtxt<'_>, def_id: DefId) -> Option { } /// For an attr that has the `sanitize` attribute, read the list of -/// disabled sanitizers. -fn parse_sanitize_attr(tcx: TyCtxt<'_>, attr: &Attribute) -> SanitizerSet { - let mut result = SanitizerSet::empty(); +/// disabled sanitizers. `current_attr` holds the information about +/// previously parsed attributes. +fn parse_sanitize_attr( + tcx: TyCtxt<'_>, + attr: &Attribute, + current_attr: SanitizerSet, +) -> SanitizerSet { + let mut result = current_attr; if let Some(list) = attr.meta_item_list() { for item in list.iter() { let MetaItemInner::MetaItem(set) = item else { @@ -612,10 +574,13 @@ fn parse_sanitize_attr(tcx: TyCtxt<'_>, attr: &Attribute) -> SanitizerSet { }; let segments = set.path.segments.iter().map(|x| x.ident.name).collect::>(); match segments.as_slice() { - [sym::address] if set.value_str() == Some(sym::off) => { + // Similar to clang, sanitize(address = ..) and + // sanitize(kernel_address = ..) control both ASan and KASan + // Source: https://reviews.llvm.org/D44981. + [sym::address] | [sym::kernel_address] if set.value_str() == Some(sym::off) => { result |= SanitizerSet::ADDRESS | SanitizerSet::KERNELADDRESS } - [sym::address] if set.value_str() == Some(sym::on) => { + [sym::address] | [sym::kernel_address] if set.value_str() == Some(sym::on) => { result &= !SanitizerSet::ADDRESS; result &= !SanitizerSet::KERNELADDRESS; } @@ -663,19 +628,20 @@ fn parse_sanitize_attr(tcx: TyCtxt<'_>, attr: &Attribute) -> SanitizerSet { } fn disabled_sanitizers_for(tcx: TyCtxt<'_>, did: LocalDefId) -> SanitizerSet { - // Check for a sanitize annotation directly on this def. - if let Some(attr) = tcx.get_attr(did, sym::sanitize) { - return parse_sanitize_attr(tcx, attr); - } - - // Otherwise backtrack. - match tcx.opt_local_parent(did) { + // Backtrack to the crate root. + let disabled = match tcx.opt_local_parent(did) { // Check the parent (recursively). Some(parent) => tcx.disabled_sanitizers_for(parent), // We reached the crate root without seeing an attribute, so // there is no sanitizers to exclude. None => SanitizerSet::empty(), + }; + + // Check for a sanitize annotation directly on this def. + if let Some(attr) = tcx.get_attr(did, sym::sanitize) { + return parse_sanitize_attr(tcx, attr, disabled); } + disabled } /// Checks if the provided DefId is a method in a trait impl for a trait which has track_caller diff --git a/compiler/rustc_codegen_ssa/src/errors.rs b/compiler/rustc_codegen_ssa/src/errors.rs index 913e0025f2e..209c78ddeda 100644 --- a/compiler/rustc_codegen_ssa/src/errors.rs +++ b/compiler/rustc_codegen_ssa/src/errors.rs @@ -1120,14 +1120,6 @@ impl IntoDiagArg for ExpectedPointerMutability { } } -#[derive(Diagnostic)] -#[diag(codegen_ssa_invalid_no_sanitize)] -#[note] -pub(crate) struct InvalidNoSanitize { - #[primary_span] - pub span: Span, -} - #[derive(Diagnostic)] #[diag(codegen_ssa_invalid_sanitize)] #[note] diff --git a/compiler/rustc_feature/src/builtin_attrs.rs b/compiler/rustc_feature/src/builtin_attrs.rs index 14fbf12f150..9749028adb0 100644 --- a/compiler/rustc_feature/src/builtin_attrs.rs +++ b/compiler/rustc_feature/src/builtin_attrs.rs @@ -740,11 +740,6 @@ pub static BUILTIN_ATTRIBUTES: &[BuiltinAttribute] = &[ template!(List: &["set"], "https://doc.rust-lang.org/reference/attributes/codegen.html#the-instruction_set-attribute"), ErrorPreceding, EncodeCrossCrate::No ), - gated!( - no_sanitize, Normal, - template!(List: &["address, kcfi, memory, thread"]), DuplicatesOk, - EncodeCrossCrate::No, experimental!(no_sanitize) - ), gated!( sanitize, Normal, template!(List: &[r#"address = "on|off""#, r#"kernel_address = "on|off""#, r#"cfi = "on|off""#, r#"hwaddress = "on|off""#, r#"kcfi = "on|off""#, r#"memory = "on|off""#, r#"memtag = "on|off""#, r#"shadow_call_stack = "on|off""#, r#"thread = "on|off""#]), ErrorPreceding, EncodeCrossCrate::No, sanitize, experimental!(sanitize), diff --git a/compiler/rustc_feature/src/removed.rs b/compiler/rustc_feature/src/removed.rs index 04f261ada06..e37fc6b7bfc 100644 --- a/compiler/rustc_feature/src/removed.rs +++ b/compiler/rustc_feature/src/removed.rs @@ -190,6 +190,9 @@ declare_features! ( (removed, no_coverage, "1.74.0", Some(84605), Some("renamed to `coverage_attribute`"), 114656), /// Allows `#[no_debug]`. (removed, no_debug, "1.43.0", Some(29721), Some("removed due to lack of demand"), 69667), + // Allows the use of `no_sanitize` attribute. + /// The feature was renamed to `sanitize` and the attribute to `#[sanitize(xyz = "on|off")]` + (removed, no_sanitize, "CURRENT_RUSTC_VERSION", Some(39699), Some(r#"renamed to sanitize(xyz = "on|off")"#), 142681), /// Note: this feature was previously recorded in a separate /// `STABLE_REMOVED` list because it, uniquely, was once stable but was /// then removed. But there was no utility storing it separately, so now diff --git a/compiler/rustc_feature/src/unstable.rs b/compiler/rustc_feature/src/unstable.rs index 4fb4b7fc8b7..8444d1d7351 100644 --- a/compiler/rustc_feature/src/unstable.rs +++ b/compiler/rustc_feature/src/unstable.rs @@ -592,8 +592,6 @@ declare_features! ( (unstable, new_range, "1.86.0", Some(123741)), /// Allows `#![no_core]`. (unstable, no_core, "1.3.0", Some(29639)), - /// Allows the use of `no_sanitize` attribute. - (unstable, no_sanitize, "1.42.0", Some(39699)), /// Allows using the `non_exhaustive_omitted_patterns` lint. (unstable, non_exhaustive_omitted_patterns_lint, "1.57.0", Some(89554)), /// Allows `for` binders in where-clauses diff --git a/compiler/rustc_lint_defs/src/builtin.rs b/compiler/rustc_lint_defs/src/builtin.rs index a0083a7df3d..97aa1065967 100644 --- a/compiler/rustc_lint_defs/src/builtin.rs +++ b/compiler/rustc_lint_defs/src/builtin.rs @@ -2301,18 +2301,18 @@ declare_lint! { declare_lint! { /// The `inline_no_sanitize` lint detects incompatible use of - /// [`#[inline(always)]`][inline] and [`#[no_sanitize(...)]`][no_sanitize]. + /// [`#[inline(always)]`][inline] and [`#[sanitize(xyz = "off")]`][sanitize]. /// /// [inline]: https://doc.rust-lang.org/reference/attributes/codegen.html#the-inline-attribute - /// [no_sanitize]: https://doc.rust-lang.org/nightly/unstable-book/language-features/no-sanitize.html + /// [sanitize]: https://doc.rust-lang.org/nightly/unstable-book/language-features/no-sanitize.html /// /// ### Example /// /// ```rust - /// #![feature(no_sanitize)] + /// #![feature(sanitize)] /// /// #[inline(always)] - /// #[no_sanitize(address)] + /// #[sanitize(address = "off")] /// fn x() {} /// /// fn main() { @@ -2325,11 +2325,11 @@ declare_lint! { /// ### Explanation /// /// The use of the [`#[inline(always)]`][inline] attribute prevents the - /// the [`#[no_sanitize(...)]`][no_sanitize] attribute from working. + /// the [`#[sanitize(xyz = "off")]`][sanitize] attribute from working. /// Consider temporarily removing `inline` attribute. pub INLINE_NO_SANITIZE, Warn, - "detects incompatible use of `#[inline(always)]` and `#[no_sanitize(...)]`", + r#"detects incompatible use of `#[inline(always)]` and `#[sanitize(... = "off")]`"#, } declare_lint! { diff --git a/compiler/rustc_middle/src/middle/codegen_fn_attrs.rs b/compiler/rustc_middle/src/middle/codegen_fn_attrs.rs index 7d2fc0995aa..da17ac04c76 100644 --- a/compiler/rustc_middle/src/middle/codegen_fn_attrs.rs +++ b/compiler/rustc_middle/src/middle/codegen_fn_attrs.rs @@ -61,8 +61,8 @@ pub struct CodegenFnAttrs { /// The `#[link_section = "..."]` attribute, or what executable section this /// should be placed in. pub link_section: Option, - /// The `#[no_sanitize(...)]` attribute. Indicates sanitizers for which - /// instrumentation should be disabled inside the annotated function. + /// The `#[sanitize(xyz = "off")]` attribute. Indicates sanitizers for which + /// instrumentation should be disabled inside the function. pub no_sanitize: SanitizerSet, /// The `#[instruction_set(set)]` attribute. Indicates if the generated code should /// be generated against a specific instruction set. Only usable on architectures which allow diff --git a/compiler/rustc_passes/messages.ftl b/compiler/rustc_passes/messages.ftl index 0e9d556afdd..57e55794f5f 100644 --- a/compiler/rustc_passes/messages.ftl +++ b/compiler/rustc_passes/messages.ftl @@ -444,10 +444,6 @@ passes_no_main_function = .teach_note = If you don't know the basics of Rust, you can go look to the Rust Book to get started: https://doc.rust-lang.org/book/ .non_function_main = non-function item at `crate::main` is found -passes_no_sanitize = - `#[no_sanitize({$attr_str})]` should be applied to {$accepted_kind} - .label = not {$accepted_kind} - passes_non_exhaustive_with_default_field_values = `#[non_exhaustive]` can't be used to annotate items with default field values .label = this struct has default field values diff --git a/compiler/rustc_passes/src/check_attr.rs b/compiler/rustc_passes/src/check_attr.rs index e51f3657eaa..e4c94650b8e 100644 --- a/compiler/rustc_passes/src/check_attr.rs +++ b/compiler/rustc_passes/src/check_attr.rs @@ -258,9 +258,6 @@ impl<'tcx> CheckAttrVisitor<'tcx> { [sym::diagnostic, sym::on_unimplemented, ..] => { self.check_diagnostic_on_unimplemented(attr.span(), hir_id, target) } - [sym::no_sanitize, ..] => { - self.check_no_sanitize(attr, span, target) - } [sym::sanitize, ..] => { self.check_sanitize(attr, span, target) } @@ -485,42 +482,6 @@ impl<'tcx> CheckAttrVisitor<'tcx> { } } - fn check_no_sanitize(&self, attr: &Attribute, span: Span, target: Target) { - if let Some(list) = attr.meta_item_list() { - for item in list.iter() { - let sym = item.name(); - match sym { - Some(s @ sym::address | s @ sym::hwaddress) => { - let is_valid = - matches!(target, Target::Fn | Target::Method(..) | Target::Static); - if !is_valid { - self.dcx().emit_err(errors::NoSanitize { - attr_span: item.span(), - defn_span: span, - accepted_kind: "a function or static", - attr_str: s.as_str(), - }); - } - } - _ => { - let is_valid = matches!(target, Target::Fn | Target::Method(..)); - if !is_valid { - self.dcx().emit_err(errors::NoSanitize { - attr_span: item.span(), - defn_span: span, - accepted_kind: "a function", - attr_str: &match sym { - Some(name) => name.to_string(), - None => "...".to_string(), - }, - }); - } - } - } - } - } - } - /// Checks that the `#[sanitize(..)]` attribute is applied to a /// function/closure/method, or to an impl block or module. fn check_sanitize(&self, attr: &Attribute, target_span: Span, target: Target) { diff --git a/compiler/rustc_passes/src/errors.rs b/compiler/rustc_passes/src/errors.rs index bd608dc2fee..c54b7d1d77c 100644 --- a/compiler/rustc_passes/src/errors.rs +++ b/compiler/rustc_passes/src/errors.rs @@ -1488,17 +1488,6 @@ pub(crate) struct AttrCrateLevelOnlySugg { pub attr: Span, } -#[derive(Diagnostic)] -#[diag(passes_no_sanitize)] -pub(crate) struct NoSanitize<'a> { - #[primary_span] - pub attr_span: Span, - #[label] - pub defn_span: Span, - pub accepted_kind: &'a str, - pub attr_str: &'a str, -} - /// "sanitize attribute not allowed here" #[derive(Diagnostic)] #[diag(passes_sanitize_attribute_not_allowed)] diff --git a/compiler/rustc_span/src/symbol.rs b/compiler/rustc_span/src/symbol.rs index f4a6d0f5891..8522338be27 100644 --- a/compiler/rustc_span/src/symbol.rs +++ b/compiler/rustc_span/src/symbol.rs @@ -1257,6 +1257,7 @@ symbols! { iterator, iterator_collect_fn, kcfi, + kernel_address, keylocker_x86, keyword, kind, diff --git a/src/doc/rustc-dev-guide/src/sanitizers.md b/src/doc/rustc-dev-guide/src/sanitizers.md index 29d9056c15d..34c78d4d952 100644 --- a/src/doc/rustc-dev-guide/src/sanitizers.md +++ b/src/doc/rustc-dev-guide/src/sanitizers.md @@ -45,7 +45,7 @@ implementation: [marked][sanitizer-attribute] with appropriate LLVM attribute: `SanitizeAddress`, `SanitizeHWAddress`, `SanitizeMemory`, or `SanitizeThread`. By default all functions are instrumented, but this - behaviour can be changed with `#[no_sanitize(...)]`. + behaviour can be changed with `#[sanitize(xyz = "on|off")]`. * The decision whether to perform instrumentation or not is possible only at a function granularity. In the cases were those decision differ between diff --git a/src/doc/unstable-book/src/language-features/no-sanitize.md b/src/doc/unstable-book/src/language-features/no-sanitize.md deleted file mode 100644 index 28c683934d4..00000000000 --- a/src/doc/unstable-book/src/language-features/no-sanitize.md +++ /dev/null @@ -1,29 +0,0 @@ -# `no_sanitize` - -The tracking issue for this feature is: [#39699] - -[#39699]: https://github.com/rust-lang/rust/issues/39699 - ------------------------- - -The `no_sanitize` attribute can be used to selectively disable sanitizer -instrumentation in an annotated function. This might be useful to: avoid -instrumentation overhead in a performance critical function, or avoid -instrumenting code that contains constructs unsupported by given sanitizer. - -The precise effect of this annotation depends on particular sanitizer in use. -For example, with `no_sanitize(thread)`, the thread sanitizer will no longer -instrument non-atomic store / load operations, but it will instrument atomic -operations to avoid reporting false positives and provide meaning full stack -traces. - -## Examples - -``` rust -#![feature(no_sanitize)] - -#[no_sanitize(address)] -fn foo() { - // ... -} -``` diff --git a/src/doc/unstable-book/src/language-features/sanitize.md b/src/doc/unstable-book/src/language-features/sanitize.md new file mode 100644 index 00000000000..fcd099cb36e --- /dev/null +++ b/src/doc/unstable-book/src/language-features/sanitize.md @@ -0,0 +1,73 @@ +# `sanitize` + +The tracking issue for this feature is: [#39699] + +[#39699]: https://github.com/rust-lang/rust/issues/39699 + +------------------------ + +The `sanitize` attribute can be used to selectively disable or enable sanitizer +instrumentation in an annotated function. This might be useful to: avoid +instrumentation overhead in a performance critical function, or avoid +instrumenting code that contains constructs unsupported by given sanitizer. + +The precise effect of this annotation depends on particular sanitizer in use. +For example, with `sanitize(thread = "off")`, the thread sanitizer will no +longer instrument non-atomic store / load operations, but it will instrument +atomic operations to avoid reporting false positives and provide meaning full +stack traces. + +This attribute was previously named `no_sanitize`. + +## Examples + +``` rust +#![feature(sanitize)] + +#[sanitize(address = "off")] +fn foo() { + // ... +} +``` + +It is also possible to disable sanitizers for entire modules and enable them +for single items or functions. + +```rust +#![feature(sanitize)] + +#[sanitize(address = "off")] +mod foo { + fn unsanitized() { + // ... + } + + #[sanitize(address = "on")] + fn sanitized() { + // ... + } +} +``` + +It's also applicable to impl blocks. + +```rust +#![feature(sanitize)] + +trait MyTrait { + fn foo(&self); + fn bar(&self); +} + +#[sanitize(address = "off")] +impl MyTrait for () { + fn foo(&self) { + // ... + } + + #[sanitize(address = "on")] + fn bar(&self) { + // ... + } +} +``` diff --git a/tests/codegen-llvm/sanitizer/cfi/emit-type-checks-attr-no-sanitize.rs b/tests/codegen-llvm/sanitizer/cfi/emit-type-checks-attr-no-sanitize.rs deleted file mode 100644 index 71ccdc8ca62..00000000000 --- a/tests/codegen-llvm/sanitizer/cfi/emit-type-checks-attr-no-sanitize.rs +++ /dev/null @@ -1,18 +0,0 @@ -// Verifies that pointer type membership tests for indirect calls are omitted. -// -//@ needs-sanitizer-cfi -//@ compile-flags: -Clto -Cno-prepopulate-passes -Ctarget-feature=-crt-static -Zsanitizer=cfi -Copt-level=0 - -#![crate_type = "lib"] -#![feature(no_sanitize)] - -#[no_sanitize(cfi)] -pub fn foo(f: fn(i32) -> i32, arg: i32) -> i32 { - // CHECK-LABEL: emit_type_checks_attr_no_sanitize::foo - // CHECK: Function Attrs: {{.*}} - // CHECK-LABEL: define{{.*}}foo{{.*}}!type !{{[0-9]+}} !type !{{[0-9]+}} !type !{{[0-9]+}} !type !{{[0-9]+}} - // CHECK: start: - // CHECK-NEXT: {{%.+}} = call i32 %f(i32{{.*}} %arg) - // CHECK-NEXT: ret i32 {{%.+}} - f(arg) -} diff --git a/tests/codegen-llvm/sanitizer/cfi/emit-type-checks-attr-sanitize-off.rs b/tests/codegen-llvm/sanitizer/cfi/emit-type-checks-attr-sanitize-off.rs new file mode 100644 index 00000000000..651afb33228 --- /dev/null +++ b/tests/codegen-llvm/sanitizer/cfi/emit-type-checks-attr-sanitize-off.rs @@ -0,0 +1,18 @@ +// Verifies that pointer type membership tests for indirect calls are omitted. +// +//@ needs-sanitizer-cfi +//@ compile-flags: -Clto -Cno-prepopulate-passes -Ctarget-feature=-crt-static -Zsanitizer=cfi -Copt-level=0 + +#![crate_type = "lib"] +#![feature(sanitize)] + +#[sanitize(cfi = "off")] +pub fn foo(f: fn(i32) -> i32, arg: i32) -> i32 { + // CHECK-LABEL: emit_type_checks_attr_sanitize_off::foo + // CHECK: Function Attrs: {{.*}} + // CHECK-LABEL: define{{.*}}foo{{.*}}!type !{{[0-9]+}} !type !{{[0-9]+}} !type !{{[0-9]+}} !type !{{[0-9]+}} + // CHECK: start: + // CHECK-NEXT: {{%.+}} = call i32 %f(i32{{.*}} %arg) + // CHECK-NEXT: ret i32 {{%.+}} + f(arg) +} diff --git a/tests/codegen-llvm/sanitizer/kasan-emits-instrumentation.rs b/tests/codegen-llvm/sanitizer/kasan-emits-instrumentation.rs index 774c9ab53f1..c70aae1703e 100644 --- a/tests/codegen-llvm/sanitizer/kasan-emits-instrumentation.rs +++ b/tests/codegen-llvm/sanitizer/kasan-emits-instrumentation.rs @@ -13,7 +13,7 @@ //@[x86_64] needs-llvm-components: x86 #![crate_type = "rlib"] -#![feature(no_core, no_sanitize, lang_items)] +#![feature(no_core, sanitize, lang_items)] #![no_core] extern crate minicore; @@ -25,7 +25,7 @@ use minicore::*; // CHECK: start: // CHECK-NOT: call void @__asan_report_load // CHECK: } -#[no_sanitize(address)] +#[sanitize(address = "off")] pub fn unsanitized(b: &mut u8) -> u8 { *b } diff --git a/tests/codegen-llvm/sanitizer/kcfi/emit-kcfi-operand-bundle-attr-no-sanitize.rs b/tests/codegen-llvm/sanitizer/kcfi/emit-kcfi-operand-bundle-attr-no-sanitize.rs deleted file mode 100644 index 02c31fb8e9b..00000000000 --- a/tests/codegen-llvm/sanitizer/kcfi/emit-kcfi-operand-bundle-attr-no-sanitize.rs +++ /dev/null @@ -1,27 +0,0 @@ -// Verifies that KCFI operand bundles are omitted. -// -//@ add-core-stubs -//@ revisions: aarch64 x86_64 -//@ [aarch64] compile-flags: --target aarch64-unknown-none -//@ [aarch64] needs-llvm-components: aarch64 -//@ [x86_64] compile-flags: --target x86_64-unknown-none -//@ [x86_64] needs-llvm-components: x86 -//@ compile-flags: -Cno-prepopulate-passes -Zsanitizer=kcfi -Copt-level=0 - -#![crate_type = "lib"] -#![feature(no_core, no_sanitize, lang_items)] -#![no_core] - -extern crate minicore; -use minicore::*; - -#[no_sanitize(kcfi)] -pub fn foo(f: fn(i32) -> i32, arg: i32) -> i32 { - // CHECK-LABEL: emit_kcfi_operand_bundle_attr_no_sanitize::foo - // CHECK: Function Attrs: {{.*}} - // CHECK-LABEL: define{{.*}}foo{{.*}}!{{|kcfi_type}} !{{[0-9]+}} - // CHECK: start: - // CHECK-NOT: {{%.+}} = call {{(noundef )*}}i32 %f(i32 {{(noundef )*}}%arg){{.*}}[ "kcfi"(i32 {{[-0-9]+}}) ] - // CHECK: ret i32 {{%.+}} - f(arg) -} diff --git a/tests/codegen-llvm/sanitizer/kcfi/emit-kcfi-operand-bundle-attr-sanitize-off.rs b/tests/codegen-llvm/sanitizer/kcfi/emit-kcfi-operand-bundle-attr-sanitize-off.rs new file mode 100644 index 00000000000..2581784ce3e --- /dev/null +++ b/tests/codegen-llvm/sanitizer/kcfi/emit-kcfi-operand-bundle-attr-sanitize-off.rs @@ -0,0 +1,27 @@ +// Verifies that KCFI operand bundles are omitted. +// +//@ add-core-stubs +//@ revisions: aarch64 x86_64 +//@ [aarch64] compile-flags: --target aarch64-unknown-none +//@ [aarch64] needs-llvm-components: aarch64 +//@ [x86_64] compile-flags: --target x86_64-unknown-none +//@ [x86_64] needs-llvm-components: x86 +//@ compile-flags: -Cno-prepopulate-passes -Zsanitizer=kcfi -Copt-level=0 + +#![crate_type = "lib"] +#![feature(no_core, sanitize, lang_items)] +#![no_core] + +extern crate minicore; +use minicore::*; + +#[sanitize(kcfi = "off")] +pub fn foo(f: fn(i32) -> i32, arg: i32) -> i32 { + // CHECK-LABEL: emit_kcfi_operand_bundle_attr_sanitize_off::foo + // CHECK: Function Attrs: {{.*}} + // CHECK-LABEL: define{{.*}}foo{{.*}}!{{|kcfi_type}} !{{[0-9]+}} + // CHECK: start: + // CHECK-NOT: {{%.+}} = call {{(noundef )*}}i32 %f(i32 {{(noundef )*}}%arg){{.*}}[ "kcfi"(i32 {{[-0-9]+}}) ] + // CHECK: ret i32 {{%.+}} + f(arg) +} diff --git a/tests/codegen-llvm/sanitizer/no-sanitize-inlining.rs b/tests/codegen-llvm/sanitizer/no-sanitize-inlining.rs deleted file mode 100644 index 4bd832d2ab1..00000000000 --- a/tests/codegen-llvm/sanitizer/no-sanitize-inlining.rs +++ /dev/null @@ -1,31 +0,0 @@ -// Verifies that no_sanitize attribute prevents inlining when -// given sanitizer is enabled, but has no effect on inlining otherwise. -// -//@ needs-sanitizer-address -//@ needs-sanitizer-leak -//@ revisions: ASAN LSAN -//@ compile-flags: -Copt-level=3 -Zmir-opt-level=4 -Ctarget-feature=-crt-static -//@[ASAN] compile-flags: -Zsanitizer=address -//@[LSAN] compile-flags: -Zsanitizer=leak - -#![crate_type = "lib"] -#![feature(no_sanitize)] - -// ASAN-LABEL: define void @test -// ASAN: call {{.*}} @random_inline -// ASAN: } -// -// LSAN-LABEL: define void @test -// LSAN-NOT: call -// LSAN: } -#[no_mangle] -pub fn test(n: &mut u32) { - random_inline(n); -} - -#[no_sanitize(address)] -#[inline] -#[no_mangle] -pub fn random_inline(n: &mut u32) { - *n = 42; -} diff --git a/tests/codegen-llvm/sanitizer/no-sanitize.rs b/tests/codegen-llvm/sanitizer/no-sanitize.rs deleted file mode 100644 index 2a309f6b9c6..00000000000 --- a/tests/codegen-llvm/sanitizer/no-sanitize.rs +++ /dev/null @@ -1,39 +0,0 @@ -// Verifies that no_sanitize attribute can be used to -// selectively disable sanitizer instrumentation. -// -//@ needs-sanitizer-address -//@ compile-flags: -Zsanitizer=address -Ctarget-feature=-crt-static -Copt-level=0 - -#![crate_type = "lib"] -#![feature(no_sanitize)] - -// CHECK: @UNSANITIZED = constant{{.*}} no_sanitize_address -// CHECK-NOT: @__asan_global_UNSANITIZED -#[no_mangle] -#[no_sanitize(address)] -pub static UNSANITIZED: u32 = 0; - -// CHECK: @__asan_global_SANITIZED -#[no_mangle] -pub static SANITIZED: u32 = 0; - -// CHECK-LABEL: ; no_sanitize::unsanitized -// CHECK-NEXT: ; Function Attrs: -// CHECK-NOT: sanitize_address -// CHECK: start: -// CHECK-NOT: call void @__asan_report_load -// CHECK: } -#[no_sanitize(address)] -pub fn unsanitized(b: &mut u8) -> u8 { - *b -} - -// CHECK-LABEL: ; no_sanitize::sanitized -// CHECK-NEXT: ; Function Attrs: -// CHECK: sanitize_address -// CHECK: start: -// CHECK: call void @__asan_report_load -// CHECK: } -pub fn sanitized(b: &mut u8) -> u8 { - *b -} diff --git a/tests/codegen-llvm/sanitizer/sanitize-off-asan-kasan.rs b/tests/codegen-llvm/sanitizer/sanitize-off-asan-kasan.rs new file mode 100644 index 00000000000..37549aba447 --- /dev/null +++ b/tests/codegen-llvm/sanitizer/sanitize-off-asan-kasan.rs @@ -0,0 +1,42 @@ +// Verifies that the `#[sanitize(address = "off")]` attribute also turns off +// the kernel address sanitizer. +// +//@ add-core-stubs +//@ compile-flags: -Zsanitizer=kernel-address -Ctarget-feature=-crt-static -Copt-level=0 +//@ revisions: aarch64 riscv64imac riscv64gc x86_64 +//@[aarch64] compile-flags: --target aarch64-unknown-none +//@[aarch64] needs-llvm-components: aarch64 +//@[riscv64imac] compile-flags: --target riscv64imac-unknown-none-elf +//@[riscv64imac] needs-llvm-components: riscv +//@[riscv64gc] compile-flags: --target riscv64gc-unknown-none-elf +//@[riscv64gc] needs-llvm-components: riscv +//@[x86_64] compile-flags: --target x86_64-unknown-none +//@[x86_64] needs-llvm-components: x86 + +#![crate_type = "rlib"] +#![feature(no_core, sanitize, lang_items)] +#![no_core] + +extern crate minicore; +use minicore::*; + +// CHECK-LABEL: ; sanitize_off_asan_kasan::unsanitized +// CHECK-NEXT: ; Function Attrs: +// CHECK-NOT: sanitize_address +// CHECK: start: +// CHECK-NOT: call void @__asan_report_load +// CHECK: } +#[sanitize(address = "off")] +pub fn unsanitized(b: &mut u8) -> u8 { + *b +} + +// CHECK-LABEL: ; sanitize_off_asan_kasan::sanitized +// CHECK-NEXT: ; Function Attrs: +// CHECK: sanitize_address +// CHECK: start: +// CHECK: call void @__asan_report_load +// CHECK: } +pub fn sanitized(b: &mut u8) -> u8 { + *b +} diff --git a/tests/codegen-llvm/sanitizer/sanitize-off-inlining.rs b/tests/codegen-llvm/sanitizer/sanitize-off-inlining.rs new file mode 100644 index 00000000000..69771827c3a --- /dev/null +++ b/tests/codegen-llvm/sanitizer/sanitize-off-inlining.rs @@ -0,0 +1,31 @@ +// Verifies that sanitize(xyz = "off") attribute prevents inlining when +// given sanitizer is enabled, but has no effect on inlining otherwise. +// +//@ needs-sanitizer-address +//@ needs-sanitizer-leak +//@ revisions: ASAN LSAN +//@ compile-flags: -Copt-level=3 -Zmir-opt-level=4 -Ctarget-feature=-crt-static +//@[ASAN] compile-flags: -Zsanitizer=address +//@[LSAN] compile-flags: -Zsanitizer=leak + +#![crate_type = "lib"] +#![feature(sanitize)] + +// ASAN-LABEL: define void @test +// ASAN: call {{.*}} @random_inline +// ASAN: } +// +// LSAN-LABEL: define void @test +// LSAN-NOT: call +// LSAN: } +#[no_mangle] +pub fn test(n: &mut u32) { + random_inline(n); +} + +#[sanitize(address = "off")] +#[inline] +#[no_mangle] +pub fn random_inline(n: &mut u32) { + *n = 42; +} diff --git a/tests/codegen-llvm/sanitizer/sanitize-off-kasan-asan.rs b/tests/codegen-llvm/sanitizer/sanitize-off-kasan-asan.rs new file mode 100644 index 00000000000..94945f2b2e6 --- /dev/null +++ b/tests/codegen-llvm/sanitizer/sanitize-off-kasan-asan.rs @@ -0,0 +1,29 @@ +// Verifies that the `#[sanitize(kernel_address = "off")]` attribute also turns off +// the address sanitizer. +// +//@ needs-sanitizer-address +//@ compile-flags: -Zsanitizer=address -Ctarget-feature=-crt-static -Copt-level=0 + +#![crate_type = "lib"] +#![feature(sanitize)] + +// CHECK-LABEL: ; sanitize_off_kasan_asan::unsanitized +// CHECK-NEXT: ; Function Attrs: +// CHECK-NOT: sanitize_address +// CHECK: start: +// CHECK-NOT: call void @__asan_report_load +// CHECK: } +#[sanitize(kernel_address = "off")] +pub fn unsanitized(b: &mut u8) -> u8 { + *b +} + +// CHECK-LABEL: ; sanitize_off_kasan_asan::sanitized +// CHECK-NEXT: ; Function Attrs: +// CHECK: sanitize_address +// CHECK: start: +// CHECK: call void @__asan_report_load +// CHECK: } +pub fn sanitized(b: &mut u8) -> u8 { + *b +} diff --git a/tests/codegen-llvm/sanitizer/sanitize-off.rs b/tests/codegen-llvm/sanitizer/sanitize-off.rs index 0b0c01ed962..9f3f7cd9df7 100644 --- a/tests/codegen-llvm/sanitizer/sanitize-off.rs +++ b/tests/codegen-llvm/sanitizer/sanitize-off.rs @@ -116,3 +116,23 @@ pub fn expose_trait(b: &mut u8) -> u8 { <() as MyTrait>::unsanitized_default(&(), b); <() as MyTrait>::sanitized_default(&(), b) } + +#[sanitize(address = "off")] +pub mod outer { + #[sanitize(thread = "off")] + pub mod inner { + // CHECK-LABEL: ; sanitize_off::outer::inner::unsanitized + // CHECK-NEXT: ; Function Attrs: + // CHECK-NOT: sanitize_address + // CHECK: start: + // CHECK-NOT: call void @__asan_report_load + // CHECK: } + pub fn unsanitized() { + let xs = [0, 1, 2, 3]; + // Avoid optimizing everything out. + let xs = std::hint::black_box(xs.as_ptr()); + let code = unsafe { *xs.offset(4) }; + std::process::exit(code); + } + } +} diff --git a/tests/codegen-llvm/sanitizer/scs-attr-check.rs b/tests/codegen-llvm/sanitizer/scs-attr-check.rs index 6f4cbc2c0a6..f726503503c 100644 --- a/tests/codegen-llvm/sanitizer/scs-attr-check.rs +++ b/tests/codegen-llvm/sanitizer/scs-attr-check.rs @@ -5,7 +5,7 @@ //@ compile-flags: -Zsanitizer=shadow-call-stack #![crate_type = "lib"] -#![feature(no_sanitize)] +#![feature(sanitize)] // CHECK: ; sanitizer_scs_attr_check::scs // CHECK-NEXT: ; Function Attrs:{{.*}}shadowcallstack @@ -13,5 +13,5 @@ pub fn scs() {} // CHECK: ; sanitizer_scs_attr_check::no_scs // CHECK-NOT: ; Function Attrs:{{.*}}shadowcallstack -#[no_sanitize(shadow_call_stack)] +#[sanitize(shadow_call_stack = "off")] pub fn no_scs() {} diff --git a/tests/mir-opt/inline/inline_compatibility.rs b/tests/mir-opt/inline/inline_compatibility.rs index 1bb102ccda5..a31153dedc9 100644 --- a/tests/mir-opt/inline/inline_compatibility.rs +++ b/tests/mir-opt/inline/inline_compatibility.rs @@ -3,7 +3,7 @@ //@ compile-flags: -Cpanic=abort #![crate_type = "lib"] -#![feature(no_sanitize)] +#![feature(sanitize)] #![feature(c_variadic)] #[inline] @@ -37,22 +37,22 @@ pub unsafe fn f2() { } #[inline] -#[no_sanitize(address)] -pub unsafe fn no_sanitize() {} +#[sanitize(address = "off")] +pub unsafe fn sanitize_off() {} -// CHECK-LABEL: fn inlined_no_sanitize() +// CHECK-LABEL: fn inlined_sanitize_off() // CHECK: bb0: { // CHECK-NEXT: return; -#[no_sanitize(address)] -pub unsafe fn inlined_no_sanitize() { - no_sanitize(); +#[sanitize(address = "off")] +pub unsafe fn inlined_sanitize_off() { + sanitize_off(); } -// CHECK-LABEL: fn not_inlined_no_sanitize() +// CHECK-LABEL: fn not_inlined_sanitize_off() // CHECK: bb0: { -// CHECK-NEXT: no_sanitize() -pub unsafe fn not_inlined_no_sanitize() { - no_sanitize(); +// CHECK-NEXT: sanitize_off() +pub unsafe fn not_inlined_sanitize_off() { + sanitize_off(); } // CHECK-LABEL: fn not_inlined_c_variadic() diff --git a/tests/ui/attributes/malformed-attrs.rs b/tests/ui/attributes/malformed-attrs.rs index 3293f75fba9..90ca007451e 100644 --- a/tests/ui/attributes/malformed-attrs.rs +++ b/tests/ui/attributes/malformed-attrs.rs @@ -12,7 +12,7 @@ #![feature(min_generic_const_args)] #![feature(ffi_const, ffi_pure)] #![feature(coverage_attribute)] -#![feature(no_sanitize)] +#![feature(sanitize)] #![feature(marker_trait_attr)] #![feature(thread_local)] #![feature(must_not_suspend)] @@ -89,7 +89,7 @@ //~^ ERROR malformed #[coverage] //~^ ERROR malformed `coverage` attribute input -#[no_sanitize] +#[sanitize] //~^ ERROR malformed #[ignore()] //~^ ERROR valid forms for the attribute are diff --git a/tests/ui/attributes/malformed-attrs.stderr b/tests/ui/attributes/malformed-attrs.stderr index 9c31765149b..d1d9fef2a40 100644 --- a/tests/ui/attributes/malformed-attrs.stderr +++ b/tests/ui/attributes/malformed-attrs.stderr @@ -49,11 +49,23 @@ LL | #[crate_name] | = note: for more information, visit -error: malformed `no_sanitize` attribute input +error: malformed `sanitize` attribute input --> $DIR/malformed-attrs.rs:92:1 | -LL | #[no_sanitize] - | ^^^^^^^^^^^^^^ help: must be of the form: `#[no_sanitize(address, kcfi, memory, thread)]` +LL | #[sanitize] + | ^^^^^^^^^^^ + | +help: the following are the possible correct uses + | +LL | #[sanitize(address = "on|off")] + | ++++++++++++++++++++ +LL | #[sanitize(cfi = "on|off")] + | ++++++++++++++++ +LL | #[sanitize(hwaddress = "on|off")] + | ++++++++++++++++++++++ +LL | #[sanitize(kcfi = "on|off")] + | +++++++++++++++++ + = and 5 other candidates error: malformed `instruction_set` attribute input --> $DIR/malformed-attrs.rs:106:1 diff --git a/tests/ui/attributes/no-sanitize.rs b/tests/ui/attributes/no-sanitize.rs deleted file mode 100644 index ddf909be63a..00000000000 --- a/tests/ui/attributes/no-sanitize.rs +++ /dev/null @@ -1,45 +0,0 @@ -#![feature(no_sanitize)] -#![feature(stmt_expr_attributes)] -#![deny(unused_attributes)] -#![allow(dead_code)] - -fn invalid() { - #[no_sanitize(memory)] //~ ERROR `#[no_sanitize(memory)]` should be applied to a function - { - 1 - }; -} - -#[no_sanitize(memory)] //~ ERROR `#[no_sanitize(memory)]` should be applied to a function -type InvalidTy = (); - -#[no_sanitize(memory)] //~ ERROR `#[no_sanitize(memory)]` should be applied to a function -mod invalid_module {} - -fn main() { - let _ = #[no_sanitize(memory)] //~ ERROR `#[no_sanitize(memory)]` should be applied to a function - (|| 1); -} - -#[no_sanitize(memory)] //~ ERROR `#[no_sanitize(memory)]` should be applied to a function -struct F; - -#[no_sanitize(memory)] //~ ERROR `#[no_sanitize(memory)]` should be applied to a function -impl F { - #[no_sanitize(memory)] - fn valid(&self) {} -} - -#[no_sanitize(address, memory)] //~ ERROR `#[no_sanitize(memory)]` should be applied to a function -static INVALID : i32 = 0; - -#[no_sanitize(memory)] -fn valid() {} - -#[no_sanitize(address)] -static VALID : i32 = 0; - -#[no_sanitize("address")] -//~^ ERROR `#[no_sanitize(...)]` should be applied to a function -//~| ERROR invalid argument for `no_sanitize` -static VALID2 : i32 = 0; diff --git a/tests/ui/attributes/no-sanitize.stderr b/tests/ui/attributes/no-sanitize.stderr deleted file mode 100644 index 8d5fbb109ea..00000000000 --- a/tests/ui/attributes/no-sanitize.stderr +++ /dev/null @@ -1,80 +0,0 @@ -error: `#[no_sanitize(memory)]` should be applied to a function - --> $DIR/no-sanitize.rs:7:19 - | -LL | #[no_sanitize(memory)] - | ^^^^^^ -LL | / { -LL | | 1 -LL | | }; - | |_____- not a function - -error: `#[no_sanitize(memory)]` should be applied to a function - --> $DIR/no-sanitize.rs:13:15 - | -LL | #[no_sanitize(memory)] - | ^^^^^^ -LL | type InvalidTy = (); - | -------------------- not a function - -error: `#[no_sanitize(memory)]` should be applied to a function - --> $DIR/no-sanitize.rs:16:15 - | -LL | #[no_sanitize(memory)] - | ^^^^^^ -LL | mod invalid_module {} - | --------------------- not a function - -error: `#[no_sanitize(memory)]` should be applied to a function - --> $DIR/no-sanitize.rs:20:27 - | -LL | let _ = #[no_sanitize(memory)] - | ^^^^^^ -LL | (|| 1); - | ------ not a function - -error: `#[no_sanitize(memory)]` should be applied to a function - --> $DIR/no-sanitize.rs:24:15 - | -LL | #[no_sanitize(memory)] - | ^^^^^^ -LL | struct F; - | --------- not a function - -error: `#[no_sanitize(memory)]` should be applied to a function - --> $DIR/no-sanitize.rs:27:15 - | -LL | #[no_sanitize(memory)] - | ^^^^^^ -LL | / impl F { -LL | | #[no_sanitize(memory)] -LL | | fn valid(&self) {} -LL | | } - | |_- not a function - -error: `#[no_sanitize(memory)]` should be applied to a function - --> $DIR/no-sanitize.rs:33:24 - | -LL | #[no_sanitize(address, memory)] - | ^^^^^^ -LL | static INVALID : i32 = 0; - | ------------------------- not a function - -error: `#[no_sanitize(...)]` should be applied to a function - --> $DIR/no-sanitize.rs:42:15 - | -LL | #[no_sanitize("address")] - | ^^^^^^^^^ -... -LL | static VALID2 : i32 = 0; - | ------------------------ not a function - -error: invalid argument for `no_sanitize` - --> $DIR/no-sanitize.rs:42:15 - | -LL | #[no_sanitize("address")] - | ^^^^^^^^^ - | - = note: expected one of: `address`, `cfi`, `hwaddress`, `kcfi`, `memory`, `memtag`, `shadow-call-stack`, or `thread` - -error: aborting due to 9 previous errors - diff --git a/tests/ui/feature-gates/feature-gate-no_sanitize.rs b/tests/ui/feature-gates/feature-gate-no_sanitize.rs deleted file mode 100644 index 5ac014f1c5b..00000000000 --- a/tests/ui/feature-gates/feature-gate-no_sanitize.rs +++ /dev/null @@ -1,4 +0,0 @@ -#[no_sanitize(address)] -//~^ ERROR the `#[no_sanitize]` attribute is an experimental feature -fn main() { -} diff --git a/tests/ui/feature-gates/feature-gate-no_sanitize.stderr b/tests/ui/feature-gates/feature-gate-no_sanitize.stderr deleted file mode 100644 index a33bf6a9e40..00000000000 --- a/tests/ui/feature-gates/feature-gate-no_sanitize.stderr +++ /dev/null @@ -1,13 +0,0 @@ -error[E0658]: the `#[no_sanitize]` attribute is an experimental feature - --> $DIR/feature-gate-no_sanitize.rs:1:1 - | -LL | #[no_sanitize(address)] - | ^^^^^^^^^^^^^^^^^^^^^^^ - | - = note: see issue #39699 for more information - = help: add `#![feature(no_sanitize)]` to the crate attributes to enable - = note: this compiler was built on YYYY-MM-DD; consider upgrading it if it is out of date - -error: aborting due to 1 previous error - -For more information about this error, try `rustc --explain E0658`. diff --git a/tests/ui/feature-gates/feature-gate-sanitize.rs b/tests/ui/feature-gates/feature-gate-sanitize.rs index 19656544da0..40098d93272 100644 --- a/tests/ui/feature-gates/feature-gate-sanitize.rs +++ b/tests/ui/feature-gates/feature-gate-sanitize.rs @@ -1,3 +1,6 @@ +//@ normalize-stderr: "you are using [0-9]+\.[0-9]+\.[0-9]+(-[a-zA-Z0-9]+)?( \([^)]*\))?" -> "you are using $$RUSTC_VERSION" +#![feature(no_sanitize)] //~ ERROR feature has been removed + #[sanitize(address = "on")] //~^ ERROR the `#[sanitize]` attribute is an experimental feature fn main() { diff --git a/tests/ui/feature-gates/feature-gate-sanitize.stderr b/tests/ui/feature-gates/feature-gate-sanitize.stderr index a8e9b4608ac..7c38b351916 100644 --- a/tests/ui/feature-gates/feature-gate-sanitize.stderr +++ b/tests/ui/feature-gates/feature-gate-sanitize.stderr @@ -1,5 +1,14 @@ +error[E0557]: feature has been removed + --> $DIR/feature-gate-sanitize.rs:2:12 + | +LL | #![feature(no_sanitize)] + | ^^^^^^^^^^^ feature has been removed + | + = note: removed in CURRENT_RUSTC_VERSION; see for more information + = note: renamed to sanitize(xyz = "on|off") + error[E0658]: the `#[sanitize]` attribute is an experimental feature - --> $DIR/feature-gate-sanitize.rs:1:1 + --> $DIR/feature-gate-sanitize.rs:4:1 | LL | #[sanitize(address = "on")] | ^^^^^^^^^^^^^^^^^^^^^^^^^^^ @@ -8,6 +17,7 @@ LL | #[sanitize(address = "on")] = help: add `#![feature(sanitize)]` to the crate attributes to enable = note: this compiler was built on YYYY-MM-DD; consider upgrading it if it is out of date -error: aborting due to 1 previous error +error: aborting due to 2 previous errors -For more information about this error, try `rustc --explain E0658`. +Some errors have detailed explanations: E0557, E0658. +For more information about an error, try `rustc --explain E0557`. diff --git a/tests/ui/invalid/invalid-no-sanitize.rs b/tests/ui/invalid/invalid-no-sanitize.rs deleted file mode 100644 index b52e3cc83fa..00000000000 --- a/tests/ui/invalid/invalid-no-sanitize.rs +++ /dev/null @@ -1,5 +0,0 @@ -#![feature(no_sanitize)] - -#[no_sanitize(brontosaurus)] //~ ERROR invalid argument -fn main() { -} diff --git a/tests/ui/invalid/invalid-no-sanitize.stderr b/tests/ui/invalid/invalid-no-sanitize.stderr deleted file mode 100644 index b1c80438b31..00000000000 --- a/tests/ui/invalid/invalid-no-sanitize.stderr +++ /dev/null @@ -1,10 +0,0 @@ -error: invalid argument for `no_sanitize` - --> $DIR/invalid-no-sanitize.rs:3:15 - | -LL | #[no_sanitize(brontosaurus)] - | ^^^^^^^^^^^^ - | - = note: expected one of: `address`, `cfi`, `hwaddress`, `kcfi`, `memory`, `memtag`, `shadow-call-stack`, or `thread` - -error: aborting due to 1 previous error - diff --git a/tests/ui/sanitize-attr/invalid-sanitize.stderr b/tests/ui/sanitize-attr/invalid-sanitize.stderr index bd36ce67b96..4bf81770b89 100644 --- a/tests/ui/sanitize-attr/invalid-sanitize.stderr +++ b/tests/ui/sanitize-attr/invalid-sanitize.stderr @@ -68,7 +68,7 @@ error: invalid argument for `sanitize` LL | #[sanitize(brontosaurus = "off")] | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ | - = note: expected one of: `address`, `cfi`, `hwaddress`, `kcfi`, `memory`, `memtag`, `shadow-call-stack`, or `thread` + = note: expected one of: `address`, `kernel_address`, `cfi`, `hwaddress`, `kcfi`, `memory`, `memtag`, `shadow_call_stack`, or `thread` error: invalid argument for `sanitize` --> $DIR/invalid-sanitize.rs:15:1 @@ -76,7 +76,7 @@ error: invalid argument for `sanitize` LL | #[sanitize(address = "bogus")] | ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ | - = note: expected one of: `address`, `cfi`, `hwaddress`, `kcfi`, `memory`, `memtag`, `shadow-call-stack`, or `thread` + = note: expected one of: `address`, `kernel_address`, `cfi`, `hwaddress`, `kcfi`, `memory`, `memtag`, `shadow_call_stack`, or `thread` error: aborting due to 6 previous errors diff --git a/tests/ui/sanitizer/inline-always-sanitize.rs b/tests/ui/sanitizer/inline-always-sanitize.rs index 2f1c8bb9c5b..d6ee214e9b3 100644 --- a/tests/ui/sanitizer/inline-always-sanitize.rs +++ b/tests/ui/sanitizer/inline-always-sanitize.rs @@ -5,7 +5,7 @@ #[inline(always)] //~^ NOTE inlining requested here #[sanitize(address = "off")] -//~^ WARN setting `sanitize` off will have no effect after inlining +//~^ WARN setting `sanitize` off will have no effect after inlining //~| NOTE on by default fn x() { } diff --git a/tests/ui/sanitizer/inline-always.rs b/tests/ui/sanitizer/inline-always.rs deleted file mode 100644 index a868cd761db..00000000000 --- a/tests/ui/sanitizer/inline-always.rs +++ /dev/null @@ -1,14 +0,0 @@ -//@ check-pass - -#![feature(no_sanitize)] -#[inline(always)] -//~^ NOTE inlining requested here -#[no_sanitize(address)] -//~^ WARN will have no effect after inlining -//~| NOTE on by default -fn x() { -} - -fn main() { - x() -} diff --git a/tests/ui/sanitizer/inline-always.stderr b/tests/ui/sanitizer/inline-always.stderr deleted file mode 100644 index 2ce48b0101d..00000000000 --- a/tests/ui/sanitizer/inline-always.stderr +++ /dev/null @@ -1,15 +0,0 @@ -warning: `no_sanitize` will have no effect after inlining - --> $DIR/inline-always.rs:6:1 - | -LL | #[no_sanitize(address)] - | ^^^^^^^^^^^^^^^^^^^^^^^ - | -note: inlining requested here - --> $DIR/inline-always.rs:4:1 - | -LL | #[inline(always)] - | ^^^^^^^^^^^^^^^^^ - = note: `#[warn(inline_no_sanitize)]` on by default - -warning: 1 warning emitted - diff --git a/triagebot.toml b/triagebot.toml index 2f31a30019b..777ef928e5d 100644 --- a/triagebot.toml +++ b/triagebot.toml @@ -579,7 +579,7 @@ trigger_files = [ "src/doc/unstable-book/src/compiler-flags/sanitizer.md", "src/doc/unstable-book/src/language-features/cfg-sanitize.md", "src/doc/unstable-book/src/language-features/cfi-encoding.md", - "src/doc/unstable-book/src/language-features/no-sanitize.md", + "src/doc/unstable-book/src/language-features/sanitize.md", "tests/codegen-llvm/sanitizer", "tests/codegen-llvm/split-lto-unit.rs", "tests/codegen-llvm/stack-probes-inline.rs", @@ -1209,7 +1209,7 @@ cc = ["@rust-lang/project-exploit-mitigations", "@rcvalle"] [mentions."src/doc/unstable-book/src/language-features/cfi-encoding.md"] cc = ["@rust-lang/project-exploit-mitigations", "@rcvalle"] -[mentions."src/doc/unstable-book/src/language-features/no-sanitize.md"] +[mentions."src/doc/unstable-book/src/language-features/sanitize.md"] cc = ["@rust-lang/project-exploit-mitigations", "@rcvalle"] [mentions."src/doc/rustc/src/check-cfg.md"] -- cgit 1.4.1-3-g733a5 From 0e47f19ffc934298227e77e49836ee1e335b7b61 Mon Sep 17 00:00:00 2001 From: Lewis McClelland Date: Sat, 9 Aug 2025 15:46:45 -0700 Subject: Specify linker scripts after user link args --- compiler/rustc_codegen_ssa/src/back/link.rs | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) (limited to 'compiler/rustc_codegen_ssa') diff --git a/compiler/rustc_codegen_ssa/src/back/link.rs b/compiler/rustc_codegen_ssa/src/back/link.rs index 3ec0d900994..30ad9450aef 100644 --- a/compiler/rustc_codegen_ssa/src/back/link.rs +++ b/compiler/rustc_codegen_ssa/src/back/link.rs @@ -2435,6 +2435,13 @@ fn linker_with_args( // Passed after compiler-generated options to support manual overriding when necessary. add_user_defined_link_args(cmd, sess); + // ------------ Builtin configurable linker scripts ------------ + // The user's link args should be able to overwrite symbols in the compiler's + // linker script that were weakly defined (i.e. defined with `PROVIDE()`). For this + // to work correctly, the user needs to be able to specify linker arguments like + // `--defsym` and `--script` *before* any builtin linker scripts are evaluated. + add_link_script(cmd, sess, tmpdir, crate_type); + // ------------ Object code and libraries, order-dependent ------------ // Post-link CRT objects. @@ -2469,8 +2476,6 @@ fn add_order_independent_options( let apple_sdk_root = add_apple_sdk(cmd, sess, flavor); - add_link_script(cmd, sess, tmpdir, crate_type); - if sess.target.os == "fuchsia" && crate_type == CrateType::Executable && !matches!(flavor, LinkerFlavor::Gnu(Cc::Yes, _)) -- cgit 1.4.1-3-g733a5