Add LLVM CFI support to the Rust compiler #89652
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
r? @estebank (rust-highfive has picked a reviewer for you, use r? to override) |
|
rust-highfive
added
the
S-waiting-on-review
|
r? @eddyb |
This comment has been minimized.
This comment has been minimized.
6 tasks
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
|
FYI, I'll be looking into the CI build failures over the next days. |
This comment has been minimized.
This comment has been minimized.
|
Huh, there seem to be more caveats with |
|
Oh I had mistakenly thought the sanitizers were under |
|
Ah, my bad, sanitizers are in general still It hasn't yet. But we still need to make sure that we don't accidentally stabilize CFI alongside all other sanitizers at the same time. |
|
Sorry, the -C in the summary was a typo. Fixed. |
This comment has been minimized.
This comment has been minimized.
rcvalle
added a commit
to rcvalle/rustc-dev-guide
that referenced
this pull request
Oct 27, 2021
This commit adds initial documentation for LLVM Control Flow Integrity (CFI) support to the Rust compiler (see rust-lang/rust#89652 and rust-lang/rust#89653).
This comment has been minimized.
This comment has been minimized.
This commit adds initial documentation for LLVM Control Flow Integrity (CFI) support to the Rust compiler (see rust-lang#89652 and rust-lang#89653).
|
@bors r+ |
|
📌 Commit c5708ca has been approved by |
bors
added
S-waiting-on-bors
|
☀️ Test successful - checks-actions |
This was referenced Oct 27, 2021
jyn514
pushed a commit
to rust-lang/rustc-dev-guide
that referenced
this pull request
Oct 27, 2021
This commit adds initial documentation for LLVM Control Flow Integrity (CFI) support to the Rust compiler (see rust-lang/rust#89652 and rust-lang/rust#89653).
|
Finished benchmarking commit (a8f6e61): comparison url. Summary: This benchmark run did not return any relevant changes. If you disagree with this performance assessment, please file an issue in rust-lang/rustc-perf. @rustbot label: -perf-regression |
bjorn3
pushed a commit
to bjorn3/rust
that referenced
this pull request
Dec 31, 2021
Add LLVM CFI support to the Rust compiler This PR adds LLVM Control Flow Integrity (CFI) support to the Rust compiler. It initially provides forward-edge control flow protection for Rust-compiled code only by aggregating function pointers in groups identified by their number of arguments. Forward-edge control flow protection for C or C++ and Rust -compiled code "mixed binaries" (i.e., for when C or C++ and Rust -compiled code share the same virtual address space) will be provided in later work as part of this project by defining and using compatible type identifiers (see Type metadata in the design document in the tracking issue rust-lang#89653). LLVM CFI can be enabled with -Zsanitizer=cfi and requires LTO (i.e., -Clto). Thank you, `@eddyb` and `@pcc,` for all the help!
wip-sync
pushed a commit
to NetBSD/pkgsrc-wip
that referenced
this pull request
Jan 22, 2022
Pkgsrc changes: * Bump available bootstraps to 1.57.0. * For some reason, the vendor/libc checksums don't need fixing. * Bump required external LLVM to 12.0, according to upstream change log. * Adapt the Darwin linker patch. (For some reason I've not figured out yet, cargo is a lot more verbose while building, echoes the rustc invocation.) Upstream changes: Version 1.58.1 (2022-01-19) =========================== * Fix race condition in `std::fs::remove_dir_all` ([CVE-2022-21658]) * [Handle captured arguments in the `useless_format` Clippy lint][clippy/8295] * [Move `non_send_fields_in_send_ty` Clippy lint to nursery][clippy/8075] * [Fix wrong error message displayed when some imports are missing][91254] * [Fix rustfmt not formatting generated files from stdin][92912] [CVE-2022-21658]: https://www.cve.org/CVERecord?id=CVE-2022-21658] [91254]: rust-lang/rust#91254 [92912]: rust-lang/rust#92912 [clippy/8075]: rust-lang/rust-clippy#8075 [clippy/8295]: rust-lang/rust-clippy#8295 Version 1.58.0 (2022-01-13) ========================== Language -------- - [Format strings can now capture arguments simply by writing `{ident}` in the string.][90473] This works in all macros accepting format strings. Support for this in `panic!` (`panic!("{ident}")`) requires the 2021 edition; panic invocations in previous editions that appear to be trying to use this will result in a warning lint about not having the intended effect. - [`*const T` pointers can now be dereferenced in const contexts.][89551] - [The rules for when a generic struct implements `Unsize` have been relaxed.][90417] Compiler -------- - [Add LLVM CFI support to the Rust compiler][89652] - [Stabilize -Z strip as -C strip][90058]. Note that while release builds already don't add debug symbols for the code you compile, the compiled standard library that ships with Rust includes debug symbols, so you may want to use the `strip` option to remove these symbols to produce smaller release binaries. Note that this release only includes support in rustc, not directly in cargo. - [Add support for LLVM coverage mapping format versions 5 and 6][91207] - [Emit LLVM optimization remarks when enabled with `-Cremark`][90833] - [Update the minimum external LLVM to 12][90175] - [Add `x86_64-unknown-none` at Tier 3*][89062] - [Build musl dist artifacts with debuginfo enabled][90733]. When building release binaries using musl, you may want to use the newly stabilized strip option to remove these debug symbols, reducing the size of your binaries. - [Don't abort compilation after giving a lint error][87337] - [Error messages point at the source of trait bound obligations in more places][89580] \* Refer to Rust's [platform support page][platform-support-doc] for more information on Rust's tiered platform support. Libraries --------- - [All remaining functions in the standard library have `#[must_use]` annotations where appropriate][89692], producing a warning when ignoring their return value. This helps catch mistakes such as expecting a function to mutate a value in place rather than return a new value. - [Paths are automatically canonicalized on Windows for operations that support it][89174] - [Re-enable debug checks for `copy` and `copy_nonoverlapping`][90041] - [Implement `RefUnwindSafe` for `Rc<T>`][87467] - [Make RSplit<T, P>: Clone not require T: Clone][90117] - [Implement `Termination` for `Result<Infallible, E>`][88601]. This allows writing `fn main() -> Result<Infallible, ErrorType>`, for a program whose successful exits never involve returning from `main` (for instance, a program that calls `exit`, or that uses `exec` to run another program). Stabilized APIs --------------- - [`Metadata::is_symlink`] - [`Path::is_symlink`] - [`{integer}::saturating_div`] - [`Option::unwrap_unchecked`] - [`Result::unwrap_unchecked`] - [`Result::unwrap_err_unchecked`] - [`NonZero{unsigned}::is_power_of_two`] - [`File::options`] These APIs are now usable in const contexts: - [`Duration::new`] - [`Duration::checked_add`] - [`Duration::saturating_add`] - [`Duration::checked_sub`] - [`Duration::saturating_sub`] - [`Duration::checked_mul`] - [`Duration::saturating_mul`] - [`Duration::checked_div`] - [`MaybeUninit::as_ptr`] - [`MaybeUninit::as_mut_ptr`] - [`MaybeUninit::assume_init`] - [`MaybeUninit::assume_init_ref`] Cargo ----- - [Add --message-format for install command][cargo/10107] - [Warn when alias shadows external subcommand][cargo/10082] Rustdoc ------- - [Show all Deref implementations recursively in rustdoc][90183] - [Use computed visibility in rustdoc][88447] Compatibility Notes ------------------- - [Try all stable method candidates first before trying unstable ones][90329]. This change ensures that adding new nightly-only methods to the Rust standard library will not break code invoking methods of the same name from traits outside the standard library. - Windows: [`std::process::Command` will no longer search the current directory for executables.][87704] - [All proc-macro backward-compatibility lints are now deny-by-default.][88041] - [proc_macro: Append .0 to unsuffixed float if it would otherwise become int token][90297] - [Refactor weak symbols in std::sys::unix][90846]. This optimizes accesses to glibc functions, by avoiding the use of dlopen. This does not increase the [minimum expected version of glibc](https://doc.rust-lang.org/nightly/rustc/platform-support.html). However, software distributions that use symbol versions to detect library dependencies, and which take weak symbols into account in that analysis, may detect rust binaries as requiring newer versions of glibc. - [rustdoc now rejects some unexpected semicolons in doctests][91026] Internal Changes ---------------- These changes provide no direct user facing benefits, but represent significant improvements to the internals and overall performance of rustc and related tools. - [Implement coherence checks for negative trait impls][90104] - [Add rustc lint, warning when iterating over hashmaps][89558] - [Optimize live point computation][90491] - [Enable verification for 1/32nd of queries loaded from disk][90361] - [Implement version of normalize_erasing_regions that allows for normalization failure][91255] [87337]: rust-lang/rust#87337 [87467]: rust-lang/rust#87467 [87704]: rust-lang/rust#87704 [88041]: rust-lang/rust#88041 [88300]: rust-lang/rust#88300 [88447]: rust-lang/rust#88447 [88601]: rust-lang/rust#88601 [88624]: rust-lang/rust#88624 [89062]: rust-lang/rust#89062 [89174]: rust-lang/rust#89174 [89542]: rust-lang/rust#89542 [89551]: rust-lang/rust#89551 [89558]: rust-lang/rust#89558 [89580]: rust-lang/rust#89580 [89652]: rust-lang/rust#89652 [89677]: rust-lang/rust#89677 [89951]: rust-lang/rust#89951 [90041]: rust-lang/rust#90041 [90058]: rust-lang/rust#90058 [90104]: rust-lang/rust#90104 [90117]: rust-lang/rust#90117 [90175]: rust-lang/rust#90175 [90183]: rust-lang/rust#90183 [90297]: rust-lang/rust#90297 [90329]: rust-lang/rust#90329 [90361]: rust-lang/rust#90361 [90417]: rust-lang/rust#90417 [90473]: rust-lang/rust#90473 [90491]: rust-lang/rust#90491 [90733]: rust-lang/rust#90733 [90833]: rust-lang/rust#90833 [90846]: rust-lang/rust#90846 [90896]: rust-lang/rust#90896 [91026]: rust-lang/rust#91026 [91207]: rust-lang/rust#91207 [91255]: rust-lang/rust#91255 [91301]: rust-lang/rust#91301 [cargo/10082]: rust-lang/cargo#10082 [cargo/10107]: rust-lang/cargo#10107 [`Metadata::is_symlink`]: https://doc.rust-lang.org/stable/std/fs/struct.Metadata.html#method.is_symlink [`Path::is_symlink`]: https://doc.rust-lang.org/stable/std/path/struct.Path.html#method.is_symlink [`{integer}::saturating_div`]: https://doc.rust-lang.org/stable/std/primitive.i8.html#method.saturating_div [`Option::unwrap_unchecked`]: https://doc.rust-lang.org/stable/std/option/enum.Option.html#method.unwrap_unchecked [`Result::unwrap_unchecked`]: https://doc.rust-lang.org/stable/std/result/enum.Result.html#method.unwrap_unchecked [`Result::unwrap_err_unchecked`]: https://doc.rust-lang.org/stable/std/result/enum.Result.html#method.unwrap_err_unchecked [`NonZero{unsigned}::is_power_of_two`]: https://doc.rust-lang.org/stable/std/num/struct.NonZeroU8.html#method.is_power_of_two [`File::options`]: https://doc.rust-lang.org/stable/std/fs/struct.File.html#method.options [`unix::process::ExitStatusExt::core_dumped`]: https://doc.rust-lang.org/stable/std/os/unix/process/trait.ExitStatusExt.html#tymethod.core_dumped [`unix::process::ExitStatusExt::stopped_signal`]: https://doc.rust-lang.org/stable/std/os/unix/process/trait.ExitStatusExt.html#tymethod.stopped_signal [`unix::process::ExitStatusExt::continued`]: https://doc.rust-lang.org/stable/std/os/unix/process/trait.ExitStatusExt.html#tymethod.continued [`unix::process::ExitStatusExt::into_raw`]: https://doc.rust-lang.org/stable/std/os/unix/process/trait.ExitStatusExt.html#tymethod.into_raw [`Duration::new`]: https://doc.rust-lang.org/stable/std/time/struct.Duration.html#method.new [`Duration::checked_add`]: https://doc.rust-lang.org/stable/std/time/struct.Duration.html#method.checked_add [`Duration::saturating_add`]: https://doc.rust-lang.org/stable/std/time/struct.Duration.html#method.saturating_add [`Duration::checked_sub`]: https://doc.rust-lang.org/stable/std/time/struct.Duration.html#method.checked_sub [`Duration::saturating_sub`]: https://doc.rust-lang.org/stable/std/time/struct.Duration.html#method.saturating_sub [`Duration::checked_mul`]: https://doc.rust-lang.org/stable/std/time/struct.Duration.html#method.checked_mul [`Duration::saturating_mul`]: https://doc.rust-lang.org/stable/std/time/struct.Duration.html#method.saturating_mul [`Duration::checked_div`]: https://doc.rust-lang.org/stable/std/time/struct.Duration.html#method.checked_div [`Duration::as_secs_f64`]: https://doc.rust-lang.org/stable/std/time/struct.Duration.html#method.as_secs_f64 [`Duration::as_secs_f32`]: https://doc.rust-lang.org/stable/std/time/struct.Duration.html#method.as_secs_f32 [`Duration::from_secs_f64`]: https://doc.rust-lang.org/stable/std/time/struct.Duration.html#method.from_secs_f64 [`Duration::from_secs_f32`]: https://doc.rust-lang.org/stable/std/time/struct.Duration.html#method.from_secs_f32 [`Duration::mul_f64`]: https://doc.rust-lang.org/stable/std/time/struct.Duration.html#method.mul_f64 [`Duration::mul_f32`]: https://doc.rust-lang.org/stable/std/time/struct.Duration.html#method.mul_f32 [`Duration::div_f64`]: https://doc.rust-lang.org/stable/std/time/struct.Duration.html#method.div_f64 [`Duration::div_f32`]: https://doc.rust-lang.org/stable/std/time/struct.Duration.html#method.div_f32 [`Duration::div_duration_f64`]: https://doc.rust-lang.org/stable/std/time/struct.Duration.html#method.div_duration_f64 [`Duration::div_duration_f32`]: https://doc.rust-lang.org/stable/std/time/struct.Duration.html#method.div_duration_f32 [`MaybeUninit::as_ptr`]: https://doc.rust-lang.org/stable/std/mem/union.MaybeUninit.html#method.as_ptr [`MaybeUninit::as_mut_ptr`]: https://doc.rust-lang.org/stable/std/mem/union.MaybeUninit.html#method.as_mut_ptr [`MaybeUninit::assume_init`]: https://doc.rust-lang.org/stable/std/mem/union.MaybeUninit.html#method.assume_init [`MaybeUninit::assume_init_ref`]: https://doc.rust-lang.org/stable/std/mem/union.MaybeUninit.html#method.assume_init_ref
netbsd-srcmastr
pushed a commit
to NetBSD/pkgsrc
that referenced
this pull request
Mar 1, 2022
Pkgsrc changes: * Bump bootstrap kit version to 1.57.0. * Bump require external LLVM to 12.0, according to upstream change log. * Adjust patches as needed, adjust line numbers. * Update checksum adjustments. For some reason the vendor/libc checksum doesn't need fixing, apparently, it remains as commented out. * Add makefile to do all the NetBSD boostrap/cross builds (do-cross.mk). Allow passing in additions to CONFIGURE_ARGS via ADD_CONFIGURE_ARGS. Upstream changes: Version 1.58.1 (2022-01-19) =========================== * Fix race condition in `std::fs::remove_dir_all` ([CVE-2022-21658]) * [Handle captured arguments in the `useless_format` Clippy lint][clippy/8295] * [Move `non_send_fields_in_send_ty` Clippy lint to nursery][clippy/8075] * [Fix wrong error message displayed when some imports are missing][91254] * [Fix rustfmt not formatting generated files from stdin][92912] [CVE-2022-21658]: https://www.cve.org/CVERecord?id=CVE-2022-21658] [91254]: rust-lang/rust#91254 [92912]: rust-lang/rust#92912 [clippy/8075]: rust-lang/rust-clippy#8075 [clippy/8295]: rust-lang/rust-clippy#8295 Version 1.58.0 (2022-01-13) ========================== Language -------- - [Format strings can now capture arguments simply by writing `{ident}` in the string.][90473] This works in all macros accepting format strings. Support for this in `panic!` (`panic!("{ident}")`) requires the 2021 edition; panic invocations in previous editions that appear to be trying to use this will result in a warning lint about not having the intended effect. - [`*const T` pointers can now be dereferenced in const contexts.][89551] - [The rules for when a generic struct implements `Unsize` have been relaxed.][90417] Compiler -------- - [Add LLVM CFI support to the Rust compiler][89652] - [Stabilize -Z strip as -C strip][90058]. Note that while release builds already don't add debug symbols for the code you compile, the compiled standard library that ships with Rust includes debug symbols, so you may want to use the `strip` option to remove these symbols to produce smaller release binaries. Note that this release only includes support in rustc, not directly in cargo. - [Add support for LLVM coverage mapping format versions 5 and 6][91207] - [Emit LLVM optimization remarks when enabled with `-Cremark`][90833] - [Update the minimum external LLVM to 12][90175] - [Add `x86_64-unknown-none` at Tier 3*][89062] - [Build musl dist artifacts with debuginfo enabled][90733]. When building release binaries using musl, you may want to use the newly stabilized strip option to remove these debug symbols, reducing the size of your binaries. - [Don't abort compilation after giving a lint error][87337] - [Error messages point at the source of trait bound obligations in more places][89580] \* Refer to Rust's [platform support page][platform-support-doc] for more information on Rust's tiered platform support. Libraries --------- - [All remaining functions in the standard library have `#[must_use]` annotations where appropriate][89692], producing a warning when ignoring their return value. This helps catch mistakes such as expecting a function to mutate a value in place rather than return a new value. - [Paths are automatically canonicalized on Windows for operations that support it][89174] - [Re-enable debug checks for `copy` and `copy_nonoverlapping`][90041] - [Implement `RefUnwindSafe` for `Rc<T>`][87467] - [Make RSplit<T, P>: Clone not require T: Clone][90117] - [Implement `Termination` for `Result<Infallible, E>`][88601]. This allows writing `fn main() -> Result<Infallible, ErrorType>`, for a program whose successful exits never involve returning from `main` (for instance, a program that calls `exit`, or that uses `exec` to run another program). Stabilized APIs --------------- - [`Metadata::is_symlink`] - [`Path::is_symlink`] - [`{integer}::saturating_div`] - [`Option::unwrap_unchecked`] - [`Result::unwrap_unchecked`] - [`Result::unwrap_err_unchecked`] - [`NonZero{unsigned}::is_power_of_two`] - [`File::options`] These APIs are now usable in const contexts: - [`Duration::new`] - [`Duration::checked_add`] - [`Duration::saturating_add`] - [`Duration::checked_sub`] - [`Duration::saturating_sub`] - [`Duration::checked_mul`] - [`Duration::saturating_mul`] - [`Duration::checked_div`] - [`MaybeUninit::as_ptr`] - [`MaybeUninit::as_mut_ptr`] - [`MaybeUninit::assume_init`] - [`MaybeUninit::assume_init_ref`] Cargo ----- - [Add --message-format for install command][cargo/10107] - [Warn when alias shadows external subcommand][cargo/10082] Rustdoc ------- - [Show all Deref implementations recursively in rustdoc][90183] - [Use computed visibility in rustdoc][88447] Compatibility Notes ------------------- - [Try all stable method candidates first before trying unstable ones][90329]. This change ensures that adding new nightly-only methods to the Rust standard library will not break code invoking methods of the same name from traits outside the standard library. - Windows: [`std::process::Command` will no longer search the current directory for executables.][87704] - [All proc-macro backward-compatibility lints are now deny-by-default.][88041] - [proc_macro: Append .0 to unsuffixed float if it would otherwise become int token][90297] - [Refactor weak symbols in std::sys::unix][90846]. This optimizes accesses to glibc functions, by avoiding the use of dlopen. This does not increase the [minimum expected version of glibc](https://doc.rust-lang.org/nightly/rustc/platform-support.html). However, software distributions that use symbol versions to detect library dependencies, and which take weak symbols into account in that analysis, may detect rust binaries as requiring newer versions of glibc. - [rustdoc now rejects some unexpected semicolons in doctests][91026] Internal Changes ---------------- These changes provide no direct user facing benefits, but represent significant improvements to the internals and overall performance of rustc and related tools. - [Implement coherence checks for negative trait impls][90104] - [Add rustc lint, warning when iterating over hashmaps][89558] - [Optimize live point computation][90491] - [Enable verification for 1/32nd of queries loaded from disk][90361] - [Implement version of normalize_erasing_regions that allows for normalization failure][91255] [87337]: rust-lang/rust#87337 [87467]: rust-lang/rust#87467 [87704]: rust-lang/rust#87704 [88041]: rust-lang/rust#88041 [88300]: rust-lang/rust#88300 [88447]: rust-lang/rust#88447 [88601]: rust-lang/rust#88601 [88624]: rust-lang/rust#88624 [89062]: rust-lang/rust#89062 [89174]: rust-lang/rust#89174 [89542]: rust-lang/rust#89542 [89551]: rust-lang/rust#89551 [89558]: rust-lang/rust#89558 [89580]: rust-lang/rust#89580 [89652]: rust-lang/rust#89652 [89677]: rust-lang/rust#89677 [89951]: rust-lang/rust#89951 [90041]: rust-lang/rust#90041 [90058]: rust-lang/rust#90058 [90104]: rust-lang/rust#90104 [90117]: rust-lang/rust#90117 [90175]: rust-lang/rust#90175 [90183]: rust-lang/rust#90183 [90297]: rust-lang/rust#90297 [90329]: rust-lang/rust#90329 [90361]: rust-lang/rust#90361 [90417]: rust-lang/rust#90417 [90473]: rust-lang/rust#90473 [90491]: rust-lang/rust#90491 [90733]: rust-lang/rust#90733 [90833]: rust-lang/rust#90833 [90846]: rust-lang/rust#90846 [90896]: rust-lang/rust#90896 [91026]: rust-lang/rust#91026 [91207]: rust-lang/rust#91207 [91255]: rust-lang/rust#91255 [91301]: rust-lang/rust#91301 [cargo/10082]: rust-lang/cargo#10082 [cargo/10107]: rust-lang/cargo#10107 [`Metadata::is_symlink`]: https://doc.rust-lang.org/stable/std/fs/struct.Metadata.html#method.is_symlink [`Path::is_symlink`]: https://doc.rust-lang.org/stable/std/path/struct.Path.html#method.is_symlink [`{integer}::saturating_div`]: https://doc.rust-lang.org/stable/std/primitive.i8.html#method.saturating_div [`Option::unwrap_unchecked`]: https://doc.rust-lang.org/stable/std/option/enum.Option.html#method.unwrap_unchecked [`Result::unwrap_unchecked`]: https://doc.rust-lang.org/stable/std/result/enum.Result.html#method.unwrap_unchecked [`Result::unwrap_err_unchecked`]: https://doc.rust-lang.org/stable/std/result/enum.Result.html#method.unwrap_err_unchecked [`NonZero{unsigned}::is_power_of_two`]: https://doc.rust-lang.org/stable/std/num/struct.NonZeroU8.html#method.is_power_of_two [`File::options`]: https://doc.rust-lang.org/stable/std/fs/struct.File.html#method.options [`unix::process::ExitStatusExt::core_dumped`]: https://doc.rust-lang.org/stable/std/os/unix/process/trait.ExitStatusExt.html#tymethod.core_dumped [`unix::process::ExitStatusExt::stopped_signal`]: https://doc.rust-lang.org/stable/std/os/unix/process/trait.ExitStatusExt.html#tymethod.stopped_signal [`unix::process::ExitStatusExt::continued`]: https://doc.rust-lang.org/stable/std/os/unix/process/trait.ExitStatusExt.html#tymethod.continued [`unix::process::ExitStatusExt::into_raw`]: https://doc.rust-lang.org/stable/std/os/unix/process/trait.ExitStatusExt.html#tymethod.into_raw [`Duration::new`]: https://doc.rust-lang.org/stable/std/time/struct.Duration.html#method.new [`Duration::checked_add`]: https://doc.rust-lang.org/stable/std/time/struct.Duration.html#method.checked_add [`Duration::saturating_add`]: https://doc.rust-lang.org/stable/std/time/struct.Duration.html#method.saturating_add [`Duration::checked_sub`]: https://doc.rust-lang.org/stable/std/time/struct.Duration.html#method.checked_sub [`Duration::saturating_sub`]: https://doc.rust-lang.org/stable/std/time/struct.Duration.html#method.saturating_sub [`Duration::checked_mul`]: https://doc.rust-lang.org/stable/std/time/struct.Duration.html#method.checked_mul [`Duration::saturating_mul`]: https://doc.rust-lang.org/stable/std/time/struct.Duration.html#method.saturating_mul [`Duration::checked_div`]: https://doc.rust-lang.org/stable/std/time/struct.Duration.html#method.checked_div [`Duration::as_secs_f64`]: https://doc.rust-lang.org/stable/std/time/struct.Duration.html#method.as_secs_f64 [`Duration::as_secs_f32`]: https://doc.rust-lang.org/stable/std/time/struct.Duration.html#method.as_secs_f32 [`Duration::from_secs_f64`]: https://doc.rust-lang.org/stable/std/time/struct.Duration.html#method.from_secs_f64 [`Duration::from_secs_f32`]: https://doc.rust-lang.org/stable/std/time/struct.Duration.html#method.from_secs_f32 [`Duration::mul_f64`]: https://doc.rust-lang.org/stable/std/time/struct.Duration.html#method.mul_f64 [`Duration::mul_f32`]: https://doc.rust-lang.org/stable/std/time/struct.Duration.html#method.mul_f32 [`Duration::div_f64`]: https://doc.rust-lang.org/stable/std/time/struct.Duration.html#method.div_f64 [`Duration::div_f32`]: https://doc.rust-lang.org/stable/std/time/struct.Duration.html#method.div_f32 [`Duration::div_duration_f64`]: https://doc.rust-lang.org/stable/std/time/struct.Duration.html#method.div_duration_f64 [`Duration::div_duration_f32`]: https://doc.rust-lang.org/stable/std/time/struct.Duration.html#method.div_duration_f32 [`MaybeUninit::as_ptr`]: https://doc.rust-lang.org/stable/std/mem/union.MaybeUninit.html#method.as_ptr [`MaybeUninit::as_mut_ptr`]: https://doc.rust-lang.org/stable/std/mem/union.MaybeUninit.html#method.as_mut_ptr [`MaybeUninit::assume_init`]: https://doc.rust-lang.org/stable/std/mem/union.MaybeUninit.html#method.assume_init [`MaybeUninit::assume_init_ref`]: https://doc.rust-lang.org/stable/std/mem/union.MaybeUninit.html#method.assume_init_ref
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR adds LLVM Control Flow Integrity (CFI) support to the Rust compiler. It initially provides forward-edge control flow protection for Rust-compiled code only by aggregating function pointers in groups identified by their number of arguments.
Forward-edge control flow protection for C or C++ and Rust -compiled code "mixed binaries" (i.e., for when C or C++ and Rust -compiled code share the same virtual address space) will be provided in later work as part of this project by defining and using compatible type identifiers (see Type metadata in the design document in the tracking issue #89653).
LLVM CFI can be enabled with -Zsanitizer=cfi and requires LTO (i.e., -Clto).
Thank you, @eddyb and @pcc, for all the help!