user0/rust
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Remove the no_sanitize attribute in favor of sanitize

Browse source 
This removes the #[no_sanitize] attribute, which was behind an unstable
feature named no_sanitize. Instead, we introduce the sanitize attribute
which is more powerful and allows to be extended in the future (instead
of just focusing on turning sanitizers off).

This also makes sanitize(kernel_address = ..) attribute work with
-Zsanitize=address

To do it the same as how clang disables address sanitizer, we now
disable ASAN on sanitize(kernel_address = "off") and KASAN on
sanitize(address = "off").

The same was added to clang in https://reviews.llvm.org/D44981.
This commit is contained in:
Bastian Kersting 2025-06-18 13:47:44 +00:00
parent 3ef065bf87
commit 95bdb34494
39 changed files with 239 additions and 406 deletions
Download patch file Download diff file Expand all files Collapse all files

5
compiler/rustc_codegen_ssa/messages.ftl
View file

@ -171,11 +171,8 @@ codegen_ssa_invalid_monomorphization_unsupported_symbol = invalid monomorphizati
codegen_ssa_invalid_monomorphization_unsupported_symbol_of_size = invalid monomorphization of `{$name}` intrinsic: unsupported {$symbol} from `{$in_ty}` with element `{$in_elem}` of size `{$size}` to `{$ret_ty}`
codegen_ssa_invalid_no_sanitize = invalid argument for `no_sanitize`
.note = expected one of: `address`, `cfi`, `hwaddress`, `kcfi`, `memory`, `memtag`, `shadow-call-stack`, or `thread`
codegen_ssa_invalid_sanitize = invalid argument for `sanitize`
.note = expected one of: `address`, `cfi`, `hwaddress`, `kcfi`, `memory`, `memtag`, `shadow-call-stack`, or `thread`
.note = expected one of: `address`, `kernel_address`, `cfi`, `hwaddress`, `kcfi`, `memory`, `memtag`, `shadow_call_stack`, or `thread`
codegen_ssa_invalid_windows_subsystem = invalid windows subsystem `{$subsystem}`, only `windows` and `console` are allowed

78
compiler/rustc_codegen_ssa/src/codegen_attrs.rs
View file

@ -77,32 +77,6 @@ fn parse_instruction_set_attr(tcx: TyCtxt<'_>, attr: &Attribute) -> Option<Instr
}
}
// FIXME(jdonszelmann): remove when no_sanitize becomes a parsed attr
fn parse_no_sanitize_attr(tcx: TyCtxt<'_>, attr: &Attribute) -> Option<SanitizerSet> {
let list = attr.meta_item_list()?;
let mut sanitizer_set = SanitizerSet::empty();
for item in list.iter() {
match item.name() {
Some(sym::address) => {
sanitizer_set |= SanitizerSet::ADDRESS | SanitizerSet::KERNELADDRESS
}
Some(sym::cfi) => sanitizer_set |= SanitizerSet::CFI,
Some(sym::kcfi) => sanitizer_set |= SanitizerSet::KCFI,
Some(sym::memory) => sanitizer_set |= SanitizerSet::MEMORY,
Some(sym::memtag) => sanitizer_set |= SanitizerSet::MEMTAG,
Some(sym::shadow_call_stack) => sanitizer_set |= SanitizerSet::SHADOWCALLSTACK,
Some(sym::thread) => sanitizer_set |= SanitizerSet::THREAD,
Some(sym::hwaddress) => sanitizer_set |= SanitizerSet::HWADDRESS,
_ => {
tcx.dcx().emit_err(errors::InvalidNoSanitize { span: item.span() });
}
}
}
Some(sanitizer_set)
}
// FIXME(jdonszelmann): remove when patchable_function_entry becomes a parsed attr
fn parse_patchable_function_entry(
tcx: TyCtxt<'_>,
@ -161,7 +135,6 @@ fn parse_patchable_function_entry(
#[derive(Default)]
struct InterestingAttributeDiagnosticSpans {
link_ordinal: Option<Span>,
no_sanitize: Option<Span>,
sanitize: Option<Span>,
inline: Option<Span>,
no_mangle: Option<Span>,
@ -331,11 +304,6 @@ fn process_builtin_attrs(
codegen_fn_attrs.flags |= CodegenFnAttrFlags::ALLOCATOR_ZEROED
}
sym::thread_local => codegen_fn_attrs.flags |= CodegenFnAttrFlags::THREAD_LOCAL,
sym::no_sanitize => {
interesting_spans.no_sanitize = Some(attr.span());
codegen_fn_attrs.no_sanitize |=
parse_no_sanitize_attr(tcx, attr).unwrap_or_default();
}
sym::sanitize => interesting_spans.sanitize = Some(attr.span()),
sym::instruction_set => {
codegen_fn_attrs.instruction_set = parse_instruction_set_attr(tcx, attr)
@ -459,21 +427,10 @@ fn check_result(
if !codegen_fn_attrs.no_sanitize.is_empty()
&& codegen_fn_attrs.inline.always()
&& let (Some(no_sanitize_span), Some(inline_span)) =
(interesting_spans.no_sanitize, interesting_spans.inline)
{
let hir_id = tcx.local_def_id_to_hir_id(did);
tcx.node_span_lint(lint::builtin::INLINE_NO_SANITIZE, hir_id, no_sanitize_span, |lint| {
lint.primary_message("`no_sanitize` will have no effect after inlining");
lint.span_note(inline_span, "inlining requested here");
})
}
if !codegen_fn_attrs.no_sanitize.is_empty()
&& codegen_fn_attrs.inline.always()
&& let (Some(sanitize_span), Some(inline_span)) =
(interesting_spans.sanitize, interesting_spans.inline)
{
let hir_id = tcx.local_def_id_to_hir_id(did);
tcx.node_span_lint(lint::builtin::INLINE_NO_SANITIZE, hir_id, sanitize_span, |lint| {
tcx.node_span_lint(lint::builtin::INLINE_NO_SANITIZE, hir_id, no_sanitize_span, |lint| {
lint.primary_message("setting `sanitize` off will have no effect after inlining");
lint.span_note(inline_span, "inlining requested here");
})
@ -601,9 +558,14 @@ fn opt_trait_item(tcx: TyCtxt<'_>, def_id: DefId) -> Option<DefId> {
}
/// For an attr that has the `sanitize` attribute, read the list of
/// disabled sanitizers.
fn parse_sanitize_attr(tcx: TyCtxt<'_>, attr: &Attribute) -> SanitizerSet {
let mut result = SanitizerSet::empty();
/// disabled sanitizers. `current_attr` holds the information about
/// previously parsed attributes.
fn parse_sanitize_attr(
tcx: TyCtxt<'_>,
attr: &Attribute,
current_attr: SanitizerSet,
) -> SanitizerSet {
let mut result = current_attr;
if let Some(list) = attr.meta_item_list() {
for item in list.iter() {
let MetaItemInner::MetaItem(set) = item else {
@ -612,10 +574,13 @@ fn parse_sanitize_attr(tcx: TyCtxt<'_>, attr: &Attribute) -> SanitizerSet {
};
let segments = set.path.segments.iter().map(|x| x.ident.name).collect::<Vec<_>>();
match segments.as_slice() {
[sym::address] if set.value_str() == Some(sym::off) => {
// Similar to clang, sanitize(address = ..) and
// sanitize(kernel_address = ..) control both ASan and KASan
// Source: https://reviews.llvm.org/D44981.
[sym::address] | [sym::kernel_address] if set.value_str() == Some(sym::off) => {
result |= SanitizerSet::ADDRESS | SanitizerSet::KERNELADDRESS
}
[sym::address] if set.value_str() == Some(sym::on) => {
[sym::address] | [sym::kernel_address] if set.value_str() == Some(sym::on) => {
result &= !SanitizerSet::ADDRESS;
result &= !SanitizerSet::KERNELADDRESS;
}
@ -663,19 +628,20 @@ fn parse_sanitize_attr(tcx: TyCtxt<'_>, attr: &Attribute) -> SanitizerSet {
}
fn disabled_sanitizers_for(tcx: TyCtxt<'_>, did: LocalDefId) -> SanitizerSet {
// Check for a sanitize annotation directly on this def.
if let Some(attr) = tcx.get_attr(did, sym::sanitize) {
return parse_sanitize_attr(tcx, attr);
}
// Otherwise backtrack.
match tcx.opt_local_parent(did) {
// Backtrack to the crate root.
let disabled = match tcx.opt_local_parent(did) {
// Check the parent (recursively).
Some(parent) => tcx.disabled_sanitizers_for(parent),
// We reached the crate root without seeing an attribute, so
// there is no sanitizers to exclude.
None => SanitizerSet::empty(),
};
// Check for a sanitize annotation directly on this def.
if let Some(attr) = tcx.get_attr(did, sym::sanitize) {
return parse_sanitize_attr(tcx, attr, disabled);
}
disabled
}
/// Checks if the provided DefId is a method in a trait impl for a trait which has track_caller

8
compiler/rustc_codegen_ssa/src/errors.rs
View file

@ -1120,14 +1120,6 @@ impl IntoDiagArg for ExpectedPointerMutability {
}
}
#[derive(Diagnostic)]
#[diag(codegen_ssa_invalid_no_sanitize)]
#[note]
pub(crate) struct InvalidNoSanitize {
#[primary_span]
pub span: Span,
}
#[derive(Diagnostic)]
#[diag(codegen_ssa_invalid_sanitize)]
#[note]

5
compiler/rustc_feature/src/builtin_attrs.rs
View file

@ -740,11 +740,6 @@ pub static BUILTIN_ATTRIBUTES: &[BuiltinAttribute] = &[
template!(List: &["set"], "https://doc.rust-lang.org/reference/attributes/codegen.html#the-instruction_set-attribute"),
ErrorPreceding, EncodeCrossCrate::No
),
gated!(
no_sanitize, Normal,
template!(List: &["address, kcfi, memory, thread"]), DuplicatesOk,
EncodeCrossCrate::No, experimental!(no_sanitize)
),
gated!(
sanitize, Normal, template!(List: &[r#"address = "on|off""#, r#"kernel_address = "on|off""#, r#"cfi = "on|off""#, r#"hwaddress = "on|off""#, r#"kcfi = "on|off""#, r#"memory = "on|off""#, r#"memtag = "on|off""#, r#"shadow_call_stack = "on|off""#, r#"thread = "on|off""#]), ErrorPreceding,
EncodeCrossCrate::No, sanitize, experimental!(sanitize),

3
compiler/rustc_feature/src/removed.rs
View file

@ -190,6 +190,9 @@ declare_features! (
(removed, no_coverage, "1.74.0", Some(84605), Some("renamed to `coverage_attribute`"), 114656),
/// Allows `#[no_debug]`.
(removed, no_debug, "1.43.0", Some(29721), Some("removed due to lack of demand"), 69667),
// Allows the use of `no_sanitize` attribute.
/// The feature was renamed to `sanitize` and the attribute to `#[sanitize(xyz = "on|off")]`
(removed, no_sanitize, "CURRENT_RUSTC_VERSION", Some(39699), Some(r#"renamed to sanitize(xyz = "on|off")"#), 142681),
/// Note: this feature was previously recorded in a separate
/// `STABLE_REMOVED` list because it, uniquely, was once stable but was
/// then removed. But there was no utility storing it separately, so now

2
compiler/rustc_feature/src/unstable.rs
View file

@ -592,8 +592,6 @@ declare_features! (
(unstable, new_range, "1.86.0", Some(123741)),
/// Allows `#![no_core]`.
(unstable, no_core, "1.3.0", Some(29639)),
/// Allows the use of `no_sanitize` attribute.
(unstable, no_sanitize, "1.42.0", Some(39699)),
/// Allows using the `non_exhaustive_omitted_patterns` lint.
(unstable, non_exhaustive_omitted_patterns_lint, "1.57.0", Some(89554)),
/// Allows `for<T>` binders in where-clauses

12
compiler/rustc_lint_defs/src/builtin.rs
View file

@ -2301,18 +2301,18 @@ declare_lint! {
declare_lint! {
/// The `inline_no_sanitize` lint detects incompatible use of
/// [`#[inline(always)]`][inline] and [`#[no_sanitize(...)]`][no_sanitize].
/// [`#[inline(always)]`][inline] and [`#[sanitize(xyz = "off")]`][sanitize].
///
/// [inline]: https://doc.rust-lang.org/reference/attributes/codegen.html#the-inline-attribute
/// [no_sanitize]: https://doc.rust-lang.org/nightly/unstable-book/language-features/no-sanitize.html
/// [sanitize]: https://doc.rust-lang.org/nightly/unstable-book/language-features/no-sanitize.html
///
/// ### Example
///
/// ```rust
/// #![feature(no_sanitize)]
/// #![feature(sanitize)]
///
/// #[inline(always)]
/// #[no_sanitize(address)]
/// #[sanitize(address = "off")]
/// fn x() {}
///
/// fn main() {
@ -2325,11 +2325,11 @@ declare_lint! {
/// ### Explanation
///
/// The use of the [`#[inline(always)]`][inline] attribute prevents the
/// the [`#[no_sanitize(...)]`][no_sanitize] attribute from working.
/// the [`#[sanitize(xyz = "off")]`][sanitize] attribute from working.
/// Consider temporarily removing `inline` attribute.
pub INLINE_NO_SANITIZE,
Warn,
"detects incompatible use of `#[inline(always)]` and `#[no_sanitize(...)]`",
r#"detects incompatible use of `#[inline(always)]` and `#[sanitize(... = "off")]`"#,
}
declare_lint! {

4
compiler/rustc_middle/src/middle/codegen_fn_attrs.rs
View file

@ -61,8 +61,8 @@ pub struct CodegenFnAttrs {
/// The `#[link_section = "..."]` attribute, or what executable section this
/// should be placed in.
pub link_section: Option<Symbol>,
/// The `#[no_sanitize(...)]` attribute. Indicates sanitizers for which
/// instrumentation should be disabled inside the annotated function.
/// The `#[sanitize(xyz = "off")]` attribute. Indicates sanitizers for which
/// instrumentation should be disabled inside the function.
pub no_sanitize: SanitizerSet,
/// The `#[instruction_set(set)]` attribute. Indicates if the generated code should
/// be generated against a specific instruction set. Only usable on architectures which allow

4
compiler/rustc_passes/messages.ftl
View file

@ -444,10 +444,6 @@ passes_no_main_function =
.teach_note = If you don't know the basics of Rust, you can go look to the Rust Book to get started: https://doc.rust-lang.org/book/
.non_function_main = non-function item at `crate::main` is found
passes_no_sanitize =
`#[no_sanitize({$attr_str})]` should be applied to {$accepted_kind}
.label = not {$accepted_kind}
passes_non_exhaustive_with_default_field_values =
`#[non_exhaustive]` can't be used to annotate items with default field values
.label = this struct has default field values

39
compiler/rustc_passes/src/check_attr.rs
View file

@ -258,9 +258,6 @@ impl<'tcx> CheckAttrVisitor<'tcx> {
[sym::diagnostic, sym::on_unimplemented, ..] => {
self.check_diagnostic_on_unimplemented(attr.span(), hir_id, target)
}
[sym::no_sanitize, ..] => {
self.check_no_sanitize(attr, span, target)
}
[sym::sanitize, ..] => {
self.check_sanitize(attr, span, target)
}
@ -485,42 +482,6 @@ impl<'tcx> CheckAttrVisitor<'tcx> {
}
}
fn check_no_sanitize(&self, attr: &Attribute, span: Span, target: Target) {
if let Some(list) = attr.meta_item_list() {
for item in list.iter() {
let sym = item.name();
match sym {
Some(s @ sym::address | s @ sym::hwaddress) => {
let is_valid =
matches!(target, Target::Fn | Target::Method(..) | Target::Static);
if !is_valid {
self.dcx().emit_err(errors::NoSanitize {
attr_span: item.span(),
defn_span: span,
accepted_kind: "a function or static",
attr_str: s.as_str(),
});
}
}
_ => {
let is_valid = matches!(target, Target::Fn | Target::Method(..));
if !is_valid {
self.dcx().emit_err(errors::NoSanitize {
attr_span: item.span(),
defn_span: span,
accepted_kind: "a function",
attr_str: &match sym {
Some(name) => name.to_string(),
None => "...".to_string(),
},
});
}
}
}
}
}
}
/// Checks that the `#[sanitize(..)]` attribute is applied to a
/// function/closure/method, or to an impl block or module.
fn check_sanitize(&self, attr: &Attribute, target_span: Span, target: Target) {

11
compiler/rustc_passes/src/errors.rs
View file

@ -1488,17 +1488,6 @@ pub(crate) struct AttrCrateLevelOnlySugg {
pub attr: Span,
}
#[derive(Diagnostic)]
#[diag(passes_no_sanitize)]
pub(crate) struct NoSanitize<'a> {
#[primary_span]
pub attr_span: Span,
#[label]
pub defn_span: Span,
pub accepted_kind: &'a str,
pub attr_str: &'a str,
}
/// "sanitize attribute not allowed here"
#[derive(Diagnostic)]
#[diag(passes_sanitize_attribute_not_allowed)]

1
compiler/rustc_span/src/symbol.rs
View file

@ -1257,6 +1257,7 @@ symbols! {
iterator,
iterator_collect_fn,
kcfi,
kernel_address,
keylocker_x86,
keyword,
kind,

2
src/doc/rustc-dev-guide/src/sanitizers.md
View file

@ -45,7 +45,7 @@ implementation:
[marked][sanitizer-attribute] with appropriate LLVM attribute:
`SanitizeAddress`, `SanitizeHWAddress`, `SanitizeMemory`, or
`SanitizeThread`. By default all functions are instrumented, but this
behaviour can be changed with `#[no_sanitize(...)]`.
behaviour can be changed with `#[sanitize(xyz = "on|off")]`.
* The decision whether to perform instrumentation or not is possible only at a
function granularity. In the cases were those decision differ between

29
src/doc/unstable-book/src/language-features/no-sanitize.md
View file

@ -1,29 +0,0 @@
# `no_sanitize`
The tracking issue for this feature is: [#39699]
[#39699]: https://github.com/rust-lang/rust/issues/39699
------------------------
The `no_sanitize` attribute can be used to selectively disable sanitizer
instrumentation in an annotated function. This might be useful to: avoid
instrumentation overhead in a performance critical function, or avoid
instrumenting code that contains constructs unsupported by given sanitizer.
The precise effect of this annotation depends on particular sanitizer in use.
For example, with `no_sanitize(thread)`, the thread sanitizer will no longer
instrument non-atomic store / load operations, but it will instrument atomic
operations to avoid reporting false positives and provide meaning full stack
traces.
## Examples
``` rust
#![feature(no_sanitize)]
#[no_sanitize(address)]
fn foo() {
// ...
}
```

73
src/doc/unstable-book/src/language-features/sanitize.md Normal file
View file

@ -0,0 +1,73 @@
# `sanitize`
The tracking issue for this feature is: [#39699]
[#39699]: https://github.com/rust-lang/rust/issues/39699
------------------------
The `sanitize` attribute can be used to selectively disable or enable sanitizer
instrumentation in an annotated function. This might be useful to: avoid
instrumentation overhead in a performance critical function, or avoid
instrumenting code that contains constructs unsupported by given sanitizer.
The precise effect of this annotation depends on particular sanitizer in use.
For example, with `sanitize(thread = "off")`, the thread sanitizer will no
longer instrument non-atomic store / load operations, but it will instrument
atomic operations to avoid reporting false positives and provide meaning full
stack traces.
This attribute was previously named `no_sanitize`.
## Examples
``` rust
#![feature(sanitize)]
#[sanitize(address = "off")]
fn foo() {
// ...
}
```
It is also possible to disable sanitizers for entire modules and enable them
for single items or functions.
```rust
#![feature(sanitize)]
#[sanitize(address = "off")]
mod foo {
fn unsanitized() {
// ...
}
#[sanitize(address = "on")]
fn sanitized() {
// ...
}
}
```
It's also applicable to impl blocks.
```rust
#![feature(sanitize)]
trait MyTrait {
fn foo(&self);
fn bar(&self);
}
#[sanitize(address = "off")]
impl MyTrait for () {
fn foo(&self) {
// ...
}
#[sanitize(address = "on")]
fn bar(&self) {
// ...
}
}
```

6
tests/codegen-llvm/sanitizer/cfi/emit-type-checks-attr-no-sanitize.rs → tests/codegen-llvm/sanitizer/cfi/emit-type-checks-attr-sanitize-off.rs
View file

@ -4,11 +4,11 @@
//@ compile-flags: -Clto -Cno-prepopulate-passes -Ctarget-feature=-crt-static -Zsanitizer=cfi -Copt-level=0
#![crate_type = "lib"]
#![feature(no_sanitize)]
#![feature(sanitize)]
#[no_sanitize(cfi)]
#[sanitize(cfi = "off")]
pub fn foo(f: fn(i32) -> i32, arg: i32) -> i32 {
// CHECK-LABEL: emit_type_checks_attr_no_sanitize::foo
// CHECK-LABEL: emit_type_checks_attr_sanitize_off::foo
// CHECK: Function Attrs: {{.*}}
// CHECK-LABEL: define{{.*}}foo{{.*}}!type !{{[0-9]+}} !type !{{[0-9]+}} !type !{{[0-9]+}} !type !{{[0-9]+}}
// CHECK: start:

4
tests/codegen-llvm/sanitizer/kasan-emits-instrumentation.rs
View file

@ -13,7 +13,7 @@
//@[x86_64] needs-llvm-components: x86
#![crate_type = "rlib"]
#![feature(no_core, no_sanitize, lang_items)]
#![feature(no_core, sanitize, lang_items)]
#![no_core]
extern crate minicore;
@ -25,7 +25,7 @@ use minicore::*;
// CHECK: start:
// CHECK-NOT: call void @__asan_report_load
// CHECK: }
#[no_sanitize(address)]
#[sanitize(address = "off")]
pub fn unsanitized(b: &mut u8) -> u8 {
*b
}

6
tests/codegen-llvm/sanitizer/kcfi/emit-kcfi-operand-bundle-attr-no-sanitize.rs → tests/codegen-llvm/sanitizer/kcfi/emit-kcfi-operand-bundle-attr-sanitize-off.rs
View file

@ -9,15 +9,15 @@
//@ compile-flags: -Cno-prepopulate-passes -Zsanitizer=kcfi -Copt-level=0
#![crate_type = "lib"]
#![feature(no_core, no_sanitize, lang_items)]
#![feature(no_core, sanitize, lang_items)]
#![no_core]
extern crate minicore;
use minicore::*;
#[no_sanitize(kcfi)]
#[sanitize(kcfi = "off")]
pub fn foo(f: fn(i32) -> i32, arg: i32) -> i32 {
// CHECK-LABEL: emit_kcfi_operand_bundle_attr_no_sanitize::foo
// CHECK-LABEL: emit_kcfi_operand_bundle_attr_sanitize_off::foo
// CHECK: Function Attrs: {{.*}}
// CHECK-LABEL: define{{.*}}foo{{.*}}!{{<unknown kind #36>|kcfi_type}} !{{[0-9]+}}
// CHECK: start:

42
tests/codegen-llvm/sanitizer/sanitize-off-asan-kasan.rs Normal file
View file

@ -0,0 +1,42 @@
// Verifies that the `#[sanitize(address = "off")]` attribute also turns off
// the kernel address sanitizer.
//
//@ add-core-stubs
//@ compile-flags: -Zsanitizer=kernel-address -Ctarget-feature=-crt-static -Copt-level=0
//@ revisions: aarch64 riscv64imac riscv64gc x86_64
//@[aarch64] compile-flags: --target aarch64-unknown-none
//@[aarch64] needs-llvm-components: aarch64
//@[riscv64imac] compile-flags: --target riscv64imac-unknown-none-elf
//@[riscv64imac] needs-llvm-components: riscv
//@[riscv64gc] compile-flags: --target riscv64gc-unknown-none-elf
//@[riscv64gc] needs-llvm-components: riscv
//@[x86_64] compile-flags: --target x86_64-unknown-none
//@[x86_64] needs-llvm-components: x86
#![crate_type = "rlib"]
#![feature(no_core, sanitize, lang_items)]
#![no_core]
extern crate minicore;
use minicore::*;
// CHECK-LABEL: ; sanitize_off_asan_kasan::unsanitized
// CHECK-NEXT: ; Function Attrs:
// CHECK-NOT: sanitize_address
// CHECK: start:
// CHECK-NOT: call void @__asan_report_load
// CHECK: }
#[sanitize(address = "off")]
pub fn unsanitized(b: &mut u8) -> u8 {
*b
}
// CHECK-LABEL: ; sanitize_off_asan_kasan::sanitized
// CHECK-NEXT: ; Function Attrs:
// CHECK: sanitize_address
// CHECK: start:
// CHECK: call void @__asan_report_load
// CHECK: }
pub fn sanitized(b: &mut u8) -> u8 {
*b
}

6
tests/codegen-llvm/sanitizer/no-sanitize-inlining.rs → tests/codegen-llvm/sanitizer/sanitize-off-inlining.rs
View file

@ -1,4 +1,4 @@
// Verifies that no_sanitize attribute prevents inlining when
// Verifies that sanitize(xyz = "off") attribute prevents inlining when
// given sanitizer is enabled, but has no effect on inlining otherwise.
//
//@ needs-sanitizer-address
@ -9,7 +9,7 @@
//@[LSAN] compile-flags: -Zsanitizer=leak
#![crate_type = "lib"]
#![feature(no_sanitize)]
#![feature(sanitize)]
// ASAN-LABEL: define void @test
// ASAN: call {{.*}} @random_inline
@ -23,7 +23,7 @@ pub fn test(n: &mut u32) {
random_inline(n);
}
#[no_sanitize(address)]
#[sanitize(address = "off")]
#[inline]
#[no_mangle]
pub fn random_inline(n: &mut u32) {

22
tests/codegen-llvm/sanitizer/no-sanitize.rs → tests/codegen-llvm/sanitizer/sanitize-off-kasan-asan.rs
View file

@ -1,34 +1,24 @@
// Verifies that no_sanitize attribute can be used to
// selectively disable sanitizer instrumentation.
// Verifies that the `#[sanitize(kernel_address = "off")]` attribute also turns off
// the address sanitizer.
//
//@ needs-sanitizer-address
//@ compile-flags: -Zsanitizer=address -Ctarget-feature=-crt-static -Copt-level=0
#![crate_type = "lib"]
#![feature(no_sanitize)]
#![feature(sanitize)]
// CHECK: @UNSANITIZED = constant{{.*}} no_sanitize_address
// CHECK-NOT: @__asan_global_UNSANITIZED
#[no_mangle]
#[no_sanitize(address)]
pub static UNSANITIZED: u32 = 0;
// CHECK: @__asan_global_SANITIZED
#[no_mangle]
pub static SANITIZED: u32 = 0;
// CHECK-LABEL: ; no_sanitize::unsanitized
// CHECK-LABEL: ; sanitize_off_kasan_asan::unsanitized
// CHECK-NEXT: ; Function Attrs:
// CHECK-NOT: sanitize_address
// CHECK: start:
// CHECK-NOT: call void @__asan_report_load
// CHECK: }
#[no_sanitize(address)]
#[sanitize(kernel_address = "off")]
pub fn unsanitized(b: &mut u8) -> u8 {
*b
}
// CHECK-LABEL: ; no_sanitize::sanitized
// CHECK-LABEL: ; sanitize_off_kasan_asan::sanitized
// CHECK-NEXT: ; Function Attrs:
// CHECK: sanitize_address
// CHECK: start:

20
tests/codegen-llvm/sanitizer/sanitize-off.rs
View file

@ -116,3 +116,23 @@ pub fn expose_trait(b: &mut u8) -> u8 {
<() as MyTrait>::unsanitized_default(&(), b);
<() as MyTrait>::sanitized_default(&(), b)
}
#[sanitize(address = "off")]
pub mod outer {
#[sanitize(thread = "off")]
pub mod inner {
// CHECK-LABEL: ; sanitize_off::outer::inner::unsanitized
// CHECK-NEXT: ; Function Attrs:
// CHECK-NOT: sanitize_address
// CHECK: start:
// CHECK-NOT: call void @__asan_report_load
// CHECK: }
pub fn unsanitized() {
let xs = [0, 1, 2, 3];
// Avoid optimizing everything out.
let xs = std::hint::black_box(xs.as_ptr());
let code = unsafe { *xs.offset(4) };
std::process::exit(code);
}
}
}

4
tests/codegen-llvm/sanitizer/scs-attr-check.rs
View file

@ -5,7 +5,7 @@
//@ compile-flags: -Zsanitizer=shadow-call-stack
#![crate_type = "lib"]
#![feature(no_sanitize)]
#![feature(sanitize)]
// CHECK: ; sanitizer_scs_attr_check::scs
// CHECK-NEXT: ; Function Attrs:{{.*}}shadowcallstack
@ -13,5 +13,5 @@ pub fn scs() {}
// CHECK: ; sanitizer_scs_attr_check::no_scs
// CHECK-NOT: ; Function Attrs:{{.*}}shadowcallstack
#[no_sanitize(shadow_call_stack)]
#[sanitize(shadow_call_stack = "off")]
pub fn no_scs() {}

22
tests/mir-opt/inline/inline_compatibility.rs
View file

@ -3,7 +3,7 @@
//@ compile-flags: -Cpanic=abort
#![crate_type = "lib"]
#![feature(no_sanitize)]
#![feature(sanitize)]
#![feature(c_variadic)]
#[inline]
@ -37,22 +37,22 @@ pub unsafe fn f2() {
}
#[inline]
#[no_sanitize(address)]
pub unsafe fn no_sanitize() {}
#[sanitize(address = "off")]
pub unsafe fn sanitize_off() {}
// CHECK-LABEL: fn inlined_no_sanitize()
// CHECK-LABEL: fn inlined_sanitize_off()
// CHECK: bb0: {
// CHECK-NEXT: return;
#[no_sanitize(address)]
pub unsafe fn inlined_no_sanitize() {
no_sanitize();
#[sanitize(address = "off")]
pub unsafe fn inlined_sanitize_off() {
sanitize_off();
}
// CHECK-LABEL: fn not_inlined_no_sanitize()
// CHECK-LABEL: fn not_inlined_sanitize_off()
// CHECK: bb0: {
// CHECK-NEXT: no_sanitize()
pub unsafe fn not_inlined_no_sanitize() {
no_sanitize();
// CHECK-NEXT: sanitize_off()
pub unsafe fn not_inlined_sanitize_off() {
sanitize_off();
}
// CHECK-LABEL: fn not_inlined_c_variadic()

4
tests/ui/attributes/malformed-attrs.rs
View file

@ -12,7 +12,7 @@
#![feature(min_generic_const_args)]
#![feature(ffi_const, ffi_pure)]
#![feature(coverage_attribute)]
#![feature(no_sanitize)]
#![feature(sanitize)]
#![feature(marker_trait_attr)]
#![feature(thread_local)]
#![feature(must_not_suspend)]
@ -89,7 +89,7 @@
//~^ ERROR malformed
#[coverage]
//~^ ERROR malformed `coverage` attribute input
#[no_sanitize]
#[sanitize]
//~^ ERROR malformed
#[ignore()]
//~^ ERROR valid forms for the attribute are

18
tests/ui/attributes/malformed-attrs.stderr
View file

@ -49,11 +49,23 @@ LL | #[crate_name]
|
= note: for more information, visit <https://doc.rust-lang.org/reference/crates-and-source-files.html#the-crate_name-attribute>
error: malformed `no_sanitize` attribute input
error: malformed `sanitize` attribute input
--> $DIR/malformed-attrs.rs:92:1
|
LL | #[no_sanitize]
| ^^^^^^^^^^^^^^ help: must be of the form: `#[no_sanitize(address, kcfi, memory, thread)]`
LL | #[sanitize]
| ^^^^^^^^^^^
|
help: the following are the possible correct uses
|
LL | #[sanitize(address = "on|off")]
| ++++++++++++++++++++
LL | #[sanitize(cfi = "on|off")]
| ++++++++++++++++
LL | #[sanitize(hwaddress = "on|off")]
| ++++++++++++++++++++++
LL | #[sanitize(kcfi = "on|off")]
| +++++++++++++++++
= and 5 other candidates
error: malformed `instruction_set` attribute input
--> $DIR/malformed-attrs.rs:106:1

45
tests/ui/attributes/no-sanitize.rs
View file

@ -1,45 +0,0 @@
#![feature(no_sanitize)]
#![feature(stmt_expr_attributes)]
#![deny(unused_attributes)]
#![allow(dead_code)]
fn invalid() {
#[no_sanitize(memory)] //~ ERROR `#[no_sanitize(memory)]` should be applied to a function
{
1
};
}
#[no_sanitize(memory)] //~ ERROR `#[no_sanitize(memory)]` should be applied to a function
type InvalidTy = ();
#[no_sanitize(memory)] //~ ERROR `#[no_sanitize(memory)]` should be applied to a function
mod invalid_module {}
fn main() {
let _ = #[no_sanitize(memory)] //~ ERROR `#[no_sanitize(memory)]` should be applied to a function
(|| 1);
}
#[no_sanitize(memory)] //~ ERROR `#[no_sanitize(memory)]` should be applied to a function
struct F;
#[no_sanitize(memory)] //~ ERROR `#[no_sanitize(memory)]` should be applied to a function
impl F {
#[no_sanitize(memory)]
fn valid(&self) {}
}
#[no_sanitize(address, memory)] //~ ERROR `#[no_sanitize(memory)]` should be applied to a function
static INVALID : i32 = 0;
#[no_sanitize(memory)]
fn valid() {}
#[no_sanitize(address)]
static VALID : i32 = 0;
#[no_sanitize("address")]
//~^ ERROR `#[no_sanitize(...)]` should be applied to a function
//~| ERROR invalid argument for `no_sanitize`
static VALID2 : i32 = 0;

80
tests/ui/attributes/no-sanitize.stderr
View file

@ -1,80 +0,0 @@
error: `#[no_sanitize(memory)]` should be applied to a function
--> $DIR/no-sanitize.rs:7:19
|
LL | #[no_sanitize(memory)]
| ^^^^^^
LL | / {
LL | | 1
LL | | };
| |_____- not a function
error: `#[no_sanitize(memory)]` should be applied to a function
--> $DIR/no-sanitize.rs:13:15
|
LL | #[no_sanitize(memory)]
| ^^^^^^
LL | type InvalidTy = ();
| -------------------- not a function
error: `#[no_sanitize(memory)]` should be applied to a function
--> $DIR/no-sanitize.rs:16:15
|
LL | #[no_sanitize(memory)]
| ^^^^^^
LL | mod invalid_module {}
| --------------------- not a function
error: `#[no_sanitize(memory)]` should be applied to a function
--> $DIR/no-sanitize.rs:20:27
|
LL | let _ = #[no_sanitize(memory)]
| ^^^^^^
LL | (|| 1);
| ------ not a function
error: `#[no_sanitize(memory)]` should be applied to a function
--> $DIR/no-sanitize.rs:24:15
|
LL | #[no_sanitize(memory)]
| ^^^^^^
LL | struct F;
| --------- not a function
error: `#[no_sanitize(memory)]` should be applied to a function
--> $DIR/no-sanitize.rs:27:15
|
LL | #[no_sanitize(memory)]
| ^^^^^^
LL | / impl F {
LL | | #[no_sanitize(memory)]
LL | | fn valid(&self) {}
LL | | }
| |_- not a function
error: `#[no_sanitize(memory)]` should be applied to a function
--> $DIR/no-sanitize.rs:33:24
|
LL | #[no_sanitize(address, memory)]
| ^^^^^^
LL | static INVALID : i32 = 0;
| ------------------------- not a function
error: `#[no_sanitize(...)]` should be applied to a function
--> $DIR/no-sanitize.rs:42:15
|
LL | #[no_sanitize("address")]
| ^^^^^^^^^
...
LL | static VALID2 : i32 = 0;
| ------------------------ not a function
error: invalid argument for `no_sanitize`
--> $DIR/no-sanitize.rs:42:15
|
LL | #[no_sanitize("address")]
| ^^^^^^^^^
|
= note: expected one of: `address`, `cfi`, `hwaddress`, `kcfi`, `memory`, `memtag`, `shadow-call-stack`, or `thread`
error: aborting due to 9 previous errors

4
tests/ui/feature-gates/feature-gate-no_sanitize.rs
View file

@ -1,4 +0,0 @@
#[no_sanitize(address)]
//~^ ERROR the `#[no_sanitize]` attribute is an experimental feature
fn main() {
}

13
tests/ui/feature-gates/feature-gate-no_sanitize.stderr
View file

@ -1,13 +0,0 @@
error[E0658]: the `#[no_sanitize]` attribute is an experimental feature
--> $DIR/feature-gate-no_sanitize.rs:1:1
|
LL | #[no_sanitize(address)]
| ^^^^^^^^^^^^^^^^^^^^^^^
|
= note: see issue #39699 <https://github.com/rust-lang/rust/issues/39699> for more information
= help: add `#![feature(no_sanitize)]` to the crate attributes to enable
= note: this compiler was built on YYYY-MM-DD; consider upgrading it if it is out of date
error: aborting due to 1 previous error
For more information about this error, try `rustc --explain E0658`.

3
tests/ui/feature-gates/feature-gate-sanitize.rs
View file

@ -1,3 +1,6 @@
//@ normalize-stderr: "you are using [0-9]+\.[0-9]+\.[0-9]+(-[a-zA-Z0-9]+)?( \([^)]*\))?" -> "you are using $$RUSTC_VERSION"
#![feature(no_sanitize)] //~ ERROR feature has been removed
#[sanitize(address = "on")]
//~^ ERROR the `#[sanitize]` attribute is an experimental feature
fn main() {

16
tests/ui/feature-gates/feature-gate-sanitize.stderr
View file

@ -1,5 +1,14 @@
error[E0557]: feature has been removed
--> $DIR/feature-gate-sanitize.rs:2:12
|
LL | #![feature(no_sanitize)]
| ^^^^^^^^^^^ feature has been removed
|
= note: removed in CURRENT_RUSTC_VERSION; see <https://github.com/rust-lang/rust/pull/142681> for more information
= note: renamed to sanitize(xyz = "on|off")
error[E0658]: the `#[sanitize]` attribute is an experimental feature
--> $DIR/feature-gate-sanitize.rs:1:1
--> $DIR/feature-gate-sanitize.rs:4:1
|
LL | #[sanitize(address = "on")]
| ^^^^^^^^^^^^^^^^^^^^^^^^^^^
@ -8,6 +17,7 @@ LL | #[sanitize(address = "on")]
= help: add `#![feature(sanitize)]` to the crate attributes to enable
= note: this compiler was built on YYYY-MM-DD; consider upgrading it if it is out of date
error: aborting due to 1 previous error
error: aborting due to 2 previous errors
For more information about this error, try `rustc --explain E0658`.
Some errors have detailed explanations: E0557, E0658.
For more information about an error, try `rustc --explain E0557`.

5
tests/ui/invalid/invalid-no-sanitize.rs
View file

@ -1,5 +0,0 @@
#![feature(no_sanitize)]
#[no_sanitize(brontosaurus)] //~ ERROR invalid argument
fn main() {
}

10
tests/ui/invalid/invalid-no-sanitize.stderr
View file

@ -1,10 +0,0 @@
error: invalid argument for `no_sanitize`
--> $DIR/invalid-no-sanitize.rs:3:15
|
LL | #[no_sanitize(brontosaurus)]
| ^^^^^^^^^^^^
|
= note: expected one of: `address`, `cfi`, `hwaddress`, `kcfi`, `memory`, `memtag`, `shadow-call-stack`, or `thread`
error: aborting due to 1 previous error

4
tests/ui/sanitize-attr/invalid-sanitize.stderr
View file

@ -68,7 +68,7 @@ error: invalid argument for `sanitize`
LL | #[sanitize(brontosaurus = "off")]
| ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
= note: expected one of: `address`, `cfi`, `hwaddress`, `kcfi`, `memory`, `memtag`, `shadow-call-stack`, or `thread`
= note: expected one of: `address`, `kernel_address`, `cfi`, `hwaddress`, `kcfi`, `memory`, `memtag`, `shadow_call_stack`, or `thread`
error: invalid argument for `sanitize`
--> $DIR/invalid-sanitize.rs:15:1
@ -76,7 +76,7 @@ error: invalid argument for `sanitize`
LL | #[sanitize(address = "bogus")]
| ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
|
= note: expected one of: `address`, `cfi`, `hwaddress`, `kcfi`, `memory`, `memtag`, `shadow-call-stack`, or `thread`
= note: expected one of: `address`, `kernel_address`, `cfi`, `hwaddress`, `kcfi`, `memory`, `memtag`, `shadow_call_stack`, or `thread`
error: aborting due to 6 previous errors

2
tests/ui/sanitizer/inline-always-sanitize.rs
View file

@ -5,7 +5,7 @@
#[inline(always)]
//~^ NOTE inlining requested here
#[sanitize(address = "off")]
//~^ WARN setting `sanitize` off will have no effect after inlining
//~^ WARN setting `sanitize` off will have no effect after inlining
//~| NOTE on by default
fn x() {
}

14
tests/ui/sanitizer/inline-always.rs
View file

@ -1,14 +0,0 @@
//@ check-pass
#![feature(no_sanitize)]
#[inline(always)]
//~^ NOTE inlining requested here
#[no_sanitize(address)]
//~^ WARN will have no effect after inlining
//~| NOTE on by default
fn x() {
}
fn main() {
x()
}

15
tests/ui/sanitizer/inline-always.stderr
View file

@ -1,15 +0,0 @@
warning: `no_sanitize` will have no effect after inlining
--> $DIR/inline-always.rs:6:1
|
LL | #[no_sanitize(address)]
| ^^^^^^^^^^^^^^^^^^^^^^^
|
note: inlining requested here
--> $DIR/inline-always.rs:4:1
|
LL | #[inline(always)]
| ^^^^^^^^^^^^^^^^^
= note: `#[warn(inline_no_sanitize)]` on by default
warning: 1 warning emitted

4
triagebot.toml
View file

@ -579,7 +579,7 @@ trigger_files = [
"src/doc/unstable-book/src/compiler-flags/sanitizer.md",
"src/doc/unstable-book/src/language-features/cfg-sanitize.md",
"src/doc/unstable-book/src/language-features/cfi-encoding.md",
"src/doc/unstable-book/src/language-features/no-sanitize.md",
"src/doc/unstable-book/src/language-features/sanitize.md",
"tests/codegen-llvm/sanitizer",
"tests/codegen-llvm/split-lto-unit.rs",
"tests/codegen-llvm/stack-probes-inline.rs",
@ -1209,7 +1209,7 @@ cc = ["@rust-lang/project-exploit-mitigations", "@rcvalle"]
[mentions."src/doc/unstable-book/src/language-features/cfi-encoding.md"]
cc = ["@rust-lang/project-exploit-mitigations", "@rcvalle"]
[mentions."src/doc/unstable-book/src/language-features/no-sanitize.md"]
[mentions."src/doc/unstable-book/src/language-features/sanitize.md"]
cc = ["@rust-lang/project-exploit-mitigations", "@rcvalle"]
[mentions."src/doc/rustc/src/check-cfg.md"]