Commit Graph

155 Commits

Author SHA1 Message Date
Benjamin A. Bjørnseth
bb9dee95ed add rustc option for using LLVM stack smash protection
LLVM has built-in heuristics for adding stack canaries to functions. These
heuristics can be selected with LLVM function attributes. This patch adds a
rustc option `-Z stack-protector={none,basic,strong,all}` which controls the use
of these attributes. This gives rustc the same stack smash protection support as
clang offers through options `-fno-stack-protector`, `-fstack-protector`,
`-fstack-protector-strong`, and `-fstack-protector-all`. The protection this can
offer is demonstrated in test/ui/abi/stack-protector.rs. This fills a gap in the
current list of rustc exploit
mitigations (https://doc.rust-lang.org/rustc/exploit-mitigations.html),
originally discussed in #15179.

Stack smash protection adds runtime overhead and is therefore still off by
default, but now users have the option to trade performance for security as they
see fit. An example use case is adding Rust code in an existing C/C++ code base
compiled with stack smash protection. Without the ability to add stack smash
protection to the Rust code, the code base artifacts could be exploitable in
ways not possible if the code base remained pure C/C++.

Stack smash protection support is present in LLVM for almost all the current
tier 1/tier 2 targets: see
test/assembly/stack-protector/stack-protector-target-support.rs. The one
exception is nvptx64-nvidia-cuda. This patch follows clang's example, and adds a
warning message printed if stack smash protection is used with this target (see
test/ui/stack-protector/warn-stack-protector-unsupported.rs). Support for tier 3
targets has not been checked.

Since the heuristics are applied at the LLVM level, the heuristics are expected
to add stack smash protection to a fraction of functions comparable to C/C++.
Some experiments demonstrating how Rust code is affected by the different
heuristics can be found in
test/assembly/stack-protector/stack-protector-heuristics-effect.rs. There is
potential for better heuristics using Rust-specific safety information. For
example it might be reasonable to skip stack smash protection in functions which
transitively only use safe Rust code, or which uses only a subset of functions
the user declares safe (such as anything under `std.*`). Such alternative
heuristics could be added at a later point.

LLVM also offers a "safestack" sanitizer as an alternative way to guard against
stack smashing (see #26612). This could possibly also be included as a
stack-protection heuristic. An alternative is to add it as a sanitizer (#39699).
This is what clang does: safestack is exposed with option
`-fsanitize=safe-stack`.

The options are only supported by the LLVM backend, but as with other codegen
options it is visible in the main codegen option help menu. The heuristic names
"basic", "strong", and "all" are hopefully sufficiently generic to be usable in
other backends as well.

Reviewed-by: Nikita Popov <nikic@php.net>

Extra commits during review:

- [address-review] make the stack-protector option unstable

- [address-review] reduce detail level of stack-protector option help text

- [address-review] correct grammar in comment

- [address-review] use compiler flag to avoid merging functions in test

- [address-review] specify min LLVM version in fortanix stack-protector test

  Only for Fortanix test, since this target specifically requests the
  `--x86-experimental-lvi-inline-asm-hardening` flag.

- [address-review] specify required LLVM components in stack-protector tests

- move stack protector option enum closer to other similar option enums

- rustc_interface/tests: sort debug option list in tracking hash test

- add an explicit `none` stack-protector option

Revert "set LLVM requirements for all stack protector support test revisions"

This reverts commit a49b74f92a4e7d701d6f6cf63d207a8aff2e0f68.
2021-11-22 20:06:22 +01:00
Tor Hovland
ede76c40d1 Made temps-dir an unstable option. 2021-11-07 09:32:05 +01:00
Tor Hovland
5d1e09f44a Added the --temps-dir option. 2021-11-02 22:41:34 +01:00
Mark Rousskov
3215eeb99f
Revert "Add rustc lint, warning when iterating over hashmaps" 2021-10-28 11:01:42 -04:00
Matthias Krüger
87822b27ee
Rollup merge of #89558 - lcnr:query-stable-lint, r=estebank
Add rustc lint, warning when iterating over hashmaps

r? rust-lang/wg-incr-comp
2021-10-24 15:48:42 +02:00
bors
bd41e09da3 Auto merge of #89124 - cjgillot:owner-info, r=michaelwoerister
Index and hash HIR as part of lowering

Part of https://github.com/rust-lang/rust/pull/88186
~Based on https://github.com/rust-lang/rust/pull/88880 (see merge commit).~

Once HIR is lowered, it is later indexed by the `index_hir` query and hashed for `crate_hash`. This PR moves those post-processing steps to lowering itself. As a side objective, the HIR crate data structure is refactored as an `IndexVec<LocalDefId, Option<OwnerInfo<'hir>>>` where `OwnerInfo` stores all the relevant information for an HIR owner.

r? `@michaelwoerister`
cc `@petrochenkov`
2021-10-18 19:53:05 +00:00
lcnr
00e5abe9b6 allow potential_query_instability everywhere 2021-10-15 10:58:18 +02:00
Matthew Jasper
9e6e89af69 Fix RUSTC_LOG handling
Rustc was incorrectly reading the value of `RUSTC_LOG` as the
environment vairable with the logging configuration, rather than the
logging configuration itself.
2021-10-10 19:59:36 +01:00
Camille GILLOT
f9e1de979d Stop referring to hir::Crate in hir_pretty. 2021-10-09 11:19:44 +02:00
Eliza Weisman
eb67bf9368
Update compiler/rustc_driver/src/lib.rs
Co-authored-by: Joshua Nelson <github@jyn.dev>
2021-10-07 09:52:51 -07:00
Eliza Weisman
e7f04857ef
rustc_driver: Enable the WARN log level by default
This commit changes the `tracing_subscriber` initialization in
`rustc_driver` so that the `WARN` verbosity level is enabled by default
when the `RUSTC_LOG` env variable is empty. If the `RUSTC_LOG` env
variable is set, the filter string in the environment variable is
honored, instead.

Fixes #76824
Closes #89623

cc @eddyb, @oli-obk
2021-10-07 09:23:42 -07:00
bors
25ec827385 Auto merge of #89363 - oli-obk:in_tracing_we_trust, r=Mark-Simulacrum
Fix performance regression with #[instrument]

linked tracing PR: https://github.com/tokio-rs/tracing/pull/1600

regression introduced by #89048
2021-10-05 12:52:43 +00:00
bors
55111d656f Auto merge of #89266 - cjgillot:session-ich, r=michaelwoerister
Move ICH to rustc_query_system

Based on https://github.com/rust-lang/rust/pull/89183

The StableHashingContext does not need to be in rustc_middle.

This PR moves it to rustc_query_system. This will avoid a dependency between rustc_ast_lowering and rustc_middle in https://github.com/rust-lang/rust/pull/89124.
2021-10-05 09:45:11 +00:00
Jubilee
2bc89ce0bf
Rollup merge of #89453 - waywardmonkeys:consistent-supertrait-usage, r=nagisa
Consistently use 'supertrait'.

A subset of places referred to 'super-trait', so this changes them
to all use 'supertrait'. This matches 'supertype' and some other
usages. An exception is 'auto-trait' which is consistently used
in that manner.
2021-10-04 13:58:14 -07:00
Camille GILLOT
8961616e60 Move rustc_middle::middle::cstore to rustc_session. 2021-10-03 16:08:51 +02:00
bors
b27661eb33 Auto merge of #89405 - GuillaumeGomez:fix-clippy-lints, r=cjgillot
Fix clippy lints

I'm currently working on allowing clippy to run on librustdoc after a discussion I had with `@Mark-Simulacrum.` So in the meantime, I fixed a few lints on the compiler crates.
2021-10-02 10:52:09 +00:00
Oli Scherer
69274aa549 Bump tracing to get the instrumentation perf improvement 2021-10-02 08:22:03 +00:00
Bruce Mitchener
058a21d5cf Consistently use 'supertrait'.
A subset of places referred to 'super-trait', so this changes them
to all use 'supertrait'. This matches 'supertype' and some other
usages. An exception is 'auto-trait' which is consistently used
in that manner.
2021-10-02 08:05:44 +07:00
Guillaume Gomez
759eba0a08 Fix clippy lints 2021-10-01 23:17:19 +02:00
Camille GILLOT
abc57f63ad Move body_owners to tcx.hir(). 2021-09-29 23:16:48 +02:00
Mark Rousskov
c746be2219 Migrate to 2021 2021-09-20 22:21:42 -04:00
Yuki Okushi
a84d39c7d4
Rollup merge of #88751 - bjorn3:move_filesearch, r=oli-obk
Couple of changes to FileSearch and SearchPath

* Turn a couple of regular comments into doc comments
* Move `get_tools_search_paths` from `FileSearch` to `Session`
* Use Lrc instead of Option to avoid duplication of a `SearchPath`
2021-09-17 14:09:47 +09:00
bjorn3
d7ef0b30e8 Use Lrc instead of Option to avoid duplication of a SearchPath 2021-09-08 18:25:47 +02:00
Camille GILLOT
c5fc2609f0 Rename rustc_mir to rustc_const_eval. 2021-09-07 20:46:26 +02:00
Camille GILLOT
fd9c04fe32 Move the dataflow framework to its own crate. 2021-09-07 19:57:07 +02:00
bjorn3
c9abc7e2bb Remove print_fuel_crate field of Session 2021-09-02 12:29:11 +02:00
jackh726
62b8a5ef04 Reduce verbosity of RUSTC_LOG 2021-08-09 21:39:39 -04:00
bors
b53a93db2d Auto merge of #87535 - lf-:authors, r=Mark-Simulacrum
rfc3052 followup: Remove authors field from Cargo manifests

Since RFC 3052 soft deprecated the authors field, hiding it from
crates.io, docs.rs, and making Cargo not add it by default, and it is
not generally up to date/useful information for contributors, we may as well
remove it from crates in this repo.
2021-08-02 05:49:17 +00:00
Yuki Okushi
7e4b1737ff
Rollup merge of #87553 - bjorn3:fix_hotplug_codegen_version, r=wesleywiser
Fix typo in rustc_driver::version

This caused rustc `-Zcodegen-backend=foo.so -vV` to look for `oo.so` instead of `foo.so`
2021-07-30 16:26:54 +09:00
Jade
3cf820e17d rfc3052: Remove authors field from Cargo manifests
Since RFC 3052 soft deprecated the authors field anyway, hiding it from
crates.io, docs.rs, and making Cargo not add it by default, and it is
not generally up to date/useful information, we should remove it from
crates in this repo.
2021-07-29 14:56:05 -07:00
bjorn3
2f6662da85 Use strip_prefix 2021-07-29 11:54:39 +02:00
bjorn3
cd6c0e4e3b Fix typo in rustc_driver::version
This caused rustc -Zcodegen-backend=foo.so -vV to look for oo.so instead of
foo.so
2021-07-28 16:36:01 +02:00
Smitty
e8165e7f1b Support -Z unpretty=thir-tree again 2021-07-24 17:18:15 -04:00
bors
1aa6c7cbc6 Auto merge of #80182 - in42:stack_trace, r=tmandry
Implement printing of stack traces on LLVM segfaults and aborts

Implement #79153

Based on discussion, try to extend the rust_backtrace=1 feature to handle segfault or aborts in the llvm backend
2021-07-02 05:40:51 +00:00
Tyler Mandry
162ed4d7da Use signal handler only on supported platforms 2021-07-02 01:23:25 +00:00
bors
1034282bca Auto merge of #86617 - joshtriplett:prune-dependencies, r=Mark-Simulacrum
Remove unused dependencies from compiler crates

Various compiler crates have dependencies that they don't appear to use. I used some scripting to detect such dependencies, filtered them based on some manual review, and removed those that do indeed appear to be entirely unused.
2021-07-01 03:49:47 +00:00
bors
866335b337 Auto merge of #86757 - JohnTitor:rollup-acevhz7, r=JohnTitor
Rollup of 8 pull requests

Successful merges:

 - #85504 (the foundation owns rust trademarks)
 - #85520 (Fix typo and improve documentation for E0632)
 - #86680 (Improve error for missing -Z with debugging option)
 - #86728 (Check node kind to avoid ICE in `check_expr_return()`)
 - #86740 (copy rust-lld as ld in dist)
 - #86746 (Fix rustdoc query type filter)
 - #86750 (Test cross-crate usage of `feature(const_trait_impl)`)
 - #86755 (alloc: `RawVec<T, A>::shrink` can be in `no_global_oom_handling`.)

Failed merges:

r? `@ghost`
`@rustbot` modify labels: rollup
2021-07-01 01:08:46 +00:00
Yuki Okushi
56ddef8ab8
Rollup merge of #86680 - camsteffen:dbg-opt-error, r=petrochenkov
Improve error for missing -Z with debugging option

Before:
```text
❯ rustc --unpretty=hir
error: Unrecognized option: 'unpretty'
```
After:
```text
❯ rustc --unpretty=hir
error: Unrecognized option: 'unpretty'. Did you mean `-Z unpretty`?
```
2021-07-01 05:20:57 +09:00
Camille GILLOT
aa1bc5874e Fix AST pretty. 2021-06-30 20:53:10 +02:00
Camille GILLOT
2f28737ebe Move AST crate. 2021-06-30 20:53:10 +02:00
Cameron Steffen
2a60f090b9 Add suggestion for missing compile flag group 2021-06-30 13:28:15 -05:00
Fabian Wolff
a8b57723d4 Use Option::map() instead of if let 2021-06-26 22:26:26 +02:00
Fabian Wolff
7682e87c6d Fix ICE with -Zunpretty=hir,typed when an expression occurs in a function signature 2021-06-26 16:05:53 +02:00
Josh Triplett
8f7839f722 rustc_driver: Remove unused dependencies rustc_mir_build and rustc_typeck
Unused since commit dc3eabd487
("Store THIR in `IndexVec`s instead of an `Arena`").
2021-06-25 01:12:59 -07:00
bors
50a9081216 Auto merge of #85640 - bjorn3:custom_ice_hook, r=jackh726
Allow changing the bug report url for the ice hook

cc https://github.com/bjorn3/rustc_codegen_cranelift/issues/1174
2021-06-25 04:06:32 +00:00
Aris Merchant
0bb6bc40ce Teach rustc to accept lowercase error codes 2021-06-22 22:56:38 -07:00
Tyler Mandry
ec6a85a536 Small fixes 2021-06-16 01:44:18 +00:00
Vikram Pal
2325966003 Implement printing of stack traces on LLVM segfaults and aborts 2021-06-16 01:43:20 +00:00
bjorn3
7d5c79497c Rustfmt 2021-06-04 13:20:05 +02:00
bjorn3
c1b66379dd Support --version and -Cpasses=list for other codegen backends 2021-06-04 13:20:04 +02:00