diff --git a/compiler/rustc_interface/src/passes.rs b/compiler/rustc_interface/src/passes.rs index a2c11c608330a..6b8201da3719d 100644 --- a/compiler/rustc_interface/src/passes.rs +++ b/compiler/rustc_interface/src/passes.rs @@ -302,8 +302,7 @@ fn configure_and_expand( resolver.resolve_crate(&krate); - CStore::from_tcx(tcx).report_incompatible_target_modifiers(tcx, &krate); - CStore::from_tcx(tcx).report_incompatible_async_drop_feature(tcx, &krate); + CStore::from_tcx(tcx).report_session_incompatibilities(tcx, &krate); krate } diff --git a/compiler/rustc_metadata/src/creader.rs b/compiler/rustc_metadata/src/creader.rs index 4000f12459a90..62fae032659a7 100644 --- a/compiler/rustc_metadata/src/creader.rs +++ b/compiler/rustc_metadata/src/creader.rs @@ -1,5 +1,6 @@ //! Validates all used crates and extern libraries and loads their metadata +use std::collections::BTreeMap; use std::error::Error; use std::path::Path; use std::str::FromStr; @@ -24,6 +25,7 @@ use rustc_middle::ty::data_structures::IndexSet; use rustc_middle::ty::{TyCtxt, TyCtxtFeed}; use rustc_proc_macro::bridge::client::ProcMacro; use rustc_session::Session; +use rustc_session::config::mitigation_coverage::DeniedPartialMitigationLevel; use rustc_session::config::{ CrateType, ExtendedTargetModifierInfo, ExternLocation, Externs, OptionsTargetModifiers, TargetModifier, @@ -457,6 +459,12 @@ impl CStore { } } + pub fn report_session_incompatibilities(&self, tcx: TyCtxt<'_>, krate: &Crate) { + self.report_incompatible_target_modifiers(tcx, krate); + self.report_incompatible_partial_mitigations(tcx, krate); + self.report_incompatible_async_drop_feature(tcx, krate); + } + pub fn report_incompatible_target_modifiers(&self, tcx: TyCtxt<'_>, krate: &Crate) { for flag_name in &tcx.sess.opts.cg.unsafe_allow_abi_mismatch { if !OptionsTargetModifiers::is_target_modifier(flag_name) { @@ -478,6 +486,43 @@ impl CStore { } } + pub fn report_incompatible_partial_mitigations(&self, tcx: TyCtxt<'_>, krate: &Crate) { + let my_mitigations = tcx.sess.gather_enabled_denied_partial_mitigations(); + let mut my_mitigations: BTreeMap<_, _> = + my_mitigations.iter().map(|mitigation| (mitigation.kind, mitigation)).collect(); + for skipped_mitigation in tcx.sess.opts.allowed_partial_mitigations(tcx.sess.edition()) { + my_mitigations.remove(&skipped_mitigation); + } + const MAX_ERRORS_PER_MITIGATION: usize = 5; + let mut errors_per_mitigation = BTreeMap::new(); + for (_cnum, data) in self.iter_crate_data() { + if data.is_proc_macro_crate() { + continue; + } + let their_mitigations = data.enabled_denied_partial_mitigations(); + for my_mitigation in my_mitigations.values() { + let their_mitigation = their_mitigations + .iter() + .find(|mitigation| mitigation.kind == my_mitigation.kind) + .map_or(DeniedPartialMitigationLevel::Enabled(false), |m| m.level); + if their_mitigation < my_mitigation.level { + let errors = errors_per_mitigation.entry(my_mitigation.kind).or_insert(0); + if *errors >= MAX_ERRORS_PER_MITIGATION { + continue; + } + *errors += 1; + + tcx.dcx().emit_err(errors::MitigationLessStrictInDependency { + span: krate.spans.inner_span.shrink_to_lo(), + mitigation_name: my_mitigation.kind.to_string(), + mitigation_level: my_mitigation.level.level_str().to_string(), + extern_crate: data.name(), + }); + } + } + } + } + // Report about async drop types in dependency if async drop feature is disabled pub fn report_incompatible_async_drop_feature(&self, tcx: TyCtxt<'_>, krate: &Crate) { if tcx.features().async_drop() { diff --git a/compiler/rustc_metadata/src/errors.rs b/compiler/rustc_metadata/src/errors.rs index 7320ad98d113a..bdb227ca50e71 100644 --- a/compiler/rustc_metadata/src/errors.rs +++ b/compiler/rustc_metadata/src/errors.rs @@ -688,3 +688,21 @@ pub struct RawDylibMalformed { #[primary_span] pub span: Span, } + +#[derive(Diagnostic)] +#[diag( + "your program uses the crate `{$extern_crate}`, that is not compiled with `{$mitigation_name}{$mitigation_level}` enabled" +)] +#[note( + "recompile `{$extern_crate}` with `{$mitigation_name}{$mitigation_level}` enabled, or use `-Z allow-partial-mitigations={$mitigation_name}` to allow creating an artifact that has the mitigation only partially enabled " +)] +#[help( + "it is possible to disable `-Z allow-partial-mitigations={$mitigation_name}` via `-Z deny-partial-mitigations={$mitigation_name}`" +)] +pub struct MitigationLessStrictInDependency { + #[primary_span] + pub span: Span, + pub mitigation_name: String, + pub mitigation_level: String, + pub extern_crate: Symbol, +} diff --git a/compiler/rustc_metadata/src/rmeta/decoder.rs b/compiler/rustc_metadata/src/rmeta/decoder.rs index bd5b3893e4e8a..ead64335ecae7 100644 --- a/compiler/rustc_metadata/src/rmeta/decoder.rs +++ b/compiler/rustc_metadata/src/rmeta/decoder.rs @@ -30,6 +30,7 @@ use rustc_proc_macro::bridge::client::ProcMacro; use rustc_serialize::opaque::MemDecoder; use rustc_serialize::{Decodable, Decoder}; use rustc_session::config::TargetModifier; +use rustc_session::config::mitigation_coverage::DeniedPartialMitigation; use rustc_session::cstore::{CrateSource, ExternCrate}; use rustc_span::hygiene::HygieneDecodeContext; use rustc_span::{ @@ -78,9 +79,12 @@ impl MetadataBlob { /// own crate numbers. pub(crate) type CrateNumMap = IndexVec; -/// Target modifiers - abi or exploit mitigations flags +/// Target modifiers - abi or exploit mitigations flags that cause unsoundness when mixed pub(crate) type TargetModifiers = Vec; +/// The set of enforceable mitigations (RFC 3855) that are currently enabled for this crate +pub(crate) type DeniedPartialMitigations = Vec; + pub(crate) struct CrateMetadata { /// The primary crate data - binary metadata blob. blob: MetadataBlob, @@ -959,6 +963,13 @@ impl CrateRoot { ) -> impl ExactSizeIterator { self.target_modifiers.decode(metadata) } + + pub(crate) fn decode_denied_partial_mitigations<'a>( + &self, + metadata: &'a MetadataBlob, + ) -> impl ExactSizeIterator { + self.denied_partial_mitigations.decode(metadata) + } } impl<'a> CrateMetadataRef<'a> { @@ -1939,6 +1950,10 @@ impl CrateMetadata { self.root.decode_target_modifiers(&self.blob).collect() } + pub(crate) fn enabled_denied_partial_mitigations(&self) -> DeniedPartialMitigations { + self.root.decode_denied_partial_mitigations(&self.blob).collect() + } + /// Keep `new_extern_crate` if it looks better in diagnostics pub(crate) fn update_extern_crate_diagnostics( &mut self, diff --git a/compiler/rustc_metadata/src/rmeta/encoder.rs b/compiler/rustc_metadata/src/rmeta/encoder.rs index a3d8b07fb1d9a..de0c43ebc9357 100644 --- a/compiler/rustc_metadata/src/rmeta/encoder.rs +++ b/compiler/rustc_metadata/src/rmeta/encoder.rs @@ -27,6 +27,7 @@ use rustc_middle::ty::codec::TyEncoder; use rustc_middle::ty::fast_reject::{self, TreatParams}; use rustc_middle::{bug, span_bug}; use rustc_serialize::{Decodable, Decoder, Encodable, Encoder, opaque}; +use rustc_session::config::mitigation_coverage::DeniedPartialMitigation; use rustc_session::config::{CrateType, OptLevel, TargetModifier}; use rustc_span::hygiene::HygieneEncodeContext; use rustc_span::{ @@ -715,6 +716,8 @@ impl<'a, 'tcx> EncodeContext<'a, 'tcx> { // `SourceFiles` we actually need to encode. let source_map = stat!("source-map", || self.encode_source_map()); let target_modifiers = stat!("target-modifiers", || self.encode_target_modifiers()); + let denied_partial_mitigations = + stat!("enforced-mitigations", || self.encode_enabled_denied_partial_mitigations()); let root = stat!("final", || { let attrs = tcx.hir_krate_attrs(); @@ -758,6 +761,7 @@ impl<'a, 'tcx> EncodeContext<'a, 'tcx> { foreign_modules, source_map, target_modifiers, + denied_partial_mitigations, traits, impls, incoherent_impls, @@ -2102,6 +2106,12 @@ impl<'a, 'tcx> EncodeContext<'a, 'tcx> { self.lazy_array(tcx.sess.opts.gather_target_modifiers()) } + fn encode_enabled_denied_partial_mitigations(&mut self) -> LazyArray { + empty_proc_macro!(self); + let tcx = self.tcx; + self.lazy_array(tcx.sess.gather_enabled_denied_partial_mitigations()) + } + fn encode_lib_features(&mut self) -> LazyArray<(Symbol, FeatureStability)> { empty_proc_macro!(self); let tcx = self.tcx; diff --git a/compiler/rustc_metadata/src/rmeta/mod.rs b/compiler/rustc_metadata/src/rmeta/mod.rs index 408b50ae48df1..06c3a38b900f8 100644 --- a/compiler/rustc_metadata/src/rmeta/mod.rs +++ b/compiler/rustc_metadata/src/rmeta/mod.rs @@ -34,6 +34,7 @@ use rustc_middle::ty::fast_reject::SimplifiedType; use rustc_middle::ty::{self, Ty, TyCtxt, UnusedGenericParams}; use rustc_middle::util::Providers; use rustc_serialize::opaque::FileEncoder; +use rustc_session::config::mitigation_coverage::DeniedPartialMitigation; use rustc_session::config::{SymbolManglingVersion, TargetModifier}; use rustc_session::cstore::{CrateDepKind, ForeignModule, LinkagePreference, NativeLib}; use rustc_span::edition::Edition; @@ -285,6 +286,7 @@ pub(crate) struct CrateRoot { source_map: LazyTable>>, target_modifiers: LazyArray, + denied_partial_mitigations: LazyArray, compiler_builtins: bool, needs_allocator: bool, diff --git a/compiler/rustc_metadata/src/rmeta/parameterized.rs b/compiler/rustc_metadata/src/rmeta/parameterized.rs index 8a9de07836db4..1531584e99788 100644 --- a/compiler/rustc_metadata/src/rmeta/parameterized.rs +++ b/compiler/rustc_metadata/src/rmeta/parameterized.rs @@ -120,6 +120,7 @@ trivially_parameterized_over_tcx! { rustc_middle::ty::adjustment::CoerceUnsizedInfo, rustc_middle::ty::fast_reject::SimplifiedType, rustc_session::config::TargetModifier, + rustc_session::config::mitigation_coverage::DeniedPartialMitigation, rustc_session::cstore::ForeignModule, rustc_session::cstore::LinkagePreference, rustc_session::cstore::NativeLib, diff --git a/compiler/rustc_session/src/config.rs b/compiler/rustc_session/src/config.rs index b278a6179fe7f..21460fea6e8ae 100644 --- a/compiler/rustc_session/src/config.rs +++ b/compiler/rustc_session/src/config.rs @@ -1449,6 +1449,7 @@ impl Default for Options { logical_env: FxIndexMap::default(), verbose: false, target_modifiers: BTreeMap::default(), + mitigation_coverage_map: Default::default(), } } } @@ -2470,9 +2471,9 @@ pub fn build_session_options(early_dcx: &mut EarlyDiagCtxt, matches: &getopts::M let crate_types = parse_crate_types_from_list(unparsed_crate_types) .unwrap_or_else(|e| early_dcx.early_fatal(e)); - let mut target_modifiers = BTreeMap::::new(); + let mut collected_options = Default::default(); - let mut unstable_opts = UnstableOptions::build(early_dcx, matches, &mut target_modifiers); + let mut unstable_opts = UnstableOptions::build(early_dcx, matches, &mut collected_options); let (lint_opts, describe_lints, lint_cap) = get_cmd_lint_options(early_dcx, matches); if !unstable_opts.unstable_options && json_timings { @@ -2488,7 +2489,7 @@ pub fn build_session_options(early_dcx: &mut EarlyDiagCtxt, matches: &getopts::M let output_types = parse_output_types(early_dcx, &unstable_opts, matches); - let mut cg = CodegenOptions::build(early_dcx, matches, &mut target_modifiers); + let mut cg = CodegenOptions::build(early_dcx, matches, &mut collected_options); let (disable_local_thinlto, codegen_units) = should_override_cgus_and_disable_thinlto( early_dcx, &output_types, @@ -2641,7 +2642,7 @@ pub fn build_session_options(early_dcx: &mut EarlyDiagCtxt, matches: &getopts::M // -Zretpoline-external-thunk also requires -Zretpoline if unstable_opts.retpoline_external_thunk { unstable_opts.retpoline = true; - target_modifiers.insert( + collected_options.target_modifiers.insert( OptionsTargetModifiers::UnstableOptions(UnstableOptionsTargetModifiers::retpoline), "true".to_string(), ); @@ -2802,7 +2803,8 @@ pub fn build_session_options(early_dcx: &mut EarlyDiagCtxt, matches: &getopts::M color, logical_env, verbose, - target_modifiers, + target_modifiers: collected_options.target_modifiers, + mitigation_coverage_map: collected_options.mitigations, } } diff --git a/compiler/rustc_session/src/options.rs b/compiler/rustc_session/src/options.rs index 9219b5a7e8aca..92668cda33c25 100644 --- a/compiler/rustc_session/src/options.rs +++ b/compiler/rustc_session/src/options.rs @@ -84,6 +84,8 @@ pub struct TargetModifier { pub value_name: String, } +pub mod mitigation_coverage; + mod target_modifier_consistency_check { use super::*; pub(super) fn sanitizer(l: &TargetModifier, r: Option<&TargetModifier>) -> bool { @@ -197,15 +199,15 @@ macro_rules! gather_tmods { tmod_push!($struct_name, $tmod_enum_name, $opt_name, $opt_expr, $init, $mods, $tmod_vals) }; ($struct_name:ident, $tmod_enum_name:ident, $opt_name:ident, $opt_expr:expr, $init:expr, $mods:expr, $tmod_vals:expr, - [SUBSTRUCT], []) => { + [SUBSTRUCT], [$(MITIGATION)?]) => { $opt_expr.gather_target_modifiers($mods, $tmod_vals); }; ($struct_name:ident, $tmod_enum_name:ident, $opt_name:ident, $opt_expr:expr, $init:expr, $mods:expr, $tmod_vals:expr, - [UNTRACKED], []) => {{}}; + [UNTRACKED], [$(MITIGATION)?]) => {{}}; ($struct_name:ident, $tmod_enum_name:ident, $opt_name:ident, $opt_expr:expr, $init:expr, $mods:expr, $tmod_vals:expr, - [TRACKED], []) => {{}}; + [TRACKED], [$(MITIGATION)?]) => {{}}; ($struct_name:ident, $tmod_enum_name:ident, $opt_name:ident, $opt_expr:expr, $init:expr, $mods:expr, $tmod_vals:expr, - [TRACKED_NO_CRATE_HASH], []) => {{}}; + [TRACKED_NO_CRATE_HASH], [$(MITIGATION)?]) => {{}}; } macro_rules! gather_tmods_top_level { @@ -215,7 +217,7 @@ macro_rules! gather_tmods_top_level { ($opt_name:ident, $opt_expr:expr, $mods:expr, $tmod_vals:expr, [$non_substruct:ident TARGET_MODIFIER]) => { compile_error!("Top level option can't be target modifier"); }; - ($opt_name:ident, $opt_expr:expr, $mods:expr, $tmod_vals:expr, [$non_substruct:ident]) => {}; + ($opt_name:ident, $opt_expr:expr, $mods:expr, $tmod_vals:expr, [$non_substruct:ident $(MITIGATION)?]) => {}; } /// Macro for generating OptionsTargetsModifiers top-level enum with impl. @@ -320,6 +322,7 @@ macro_rules! top_level_options { pub $opt: $t ),*, pub target_modifiers: BTreeMap, + pub mitigation_coverage_map: mitigation_coverage::MitigationCoverageMap, } impl Options { @@ -503,11 +506,20 @@ top_level_options!( } ); +macro_rules! mitigation_enum_opt { + ($opt:ident, MITIGATION) => { + Some(mitigation_coverage::DeniedPartialMitigationKind::$opt) + }; + ($opt:ident, $(TARGET_MODIFIER)?) => { + None + }; +} + macro_rules! tmod_enum_opt { - ($struct_name:ident, $tmod_enum_name:ident, $opt:ident, $v:ident) => { + ($struct_name:ident, $tmod_enum_name:ident, $opt:ident, TARGET_MODIFIER) => { Some(OptionsTargetModifiers::$struct_name($tmod_enum_name::$opt)) }; - ($struct_name:ident, $tmod_enum_name:ident, $opt:ident, ) => { + ($struct_name:ident, $tmod_enum_name:ident, $opt:ident, $(MITIGATION)?) => { None }; } @@ -579,7 +591,7 @@ macro_rules! tmod_enum { ( $tmod_enum_name:ident, $prefix:expr, @parse {$($eout:tt)*}, ($puser_value:ident){$($pout:tt)*}; - $opt:ident, $parse:ident, $t:ty, [] | + $opt:ident, $parse:ident, $t:ty, [$(MITIGATION)?] | $($tail:tt)* ) => { tmod_enum! { @@ -596,6 +608,47 @@ macro_rules! tmod_enum { }; } +#[derive(Default)] +pub struct CollectedOptions { + pub target_modifiers: BTreeMap, + pub mitigations: mitigation_coverage::MitigationCoverageMap, +} + +macro_rules! setter_for { + // the allow/deny-mitigations options use collected/index instead of the cg, since they + // work across option groups + (allow_partial_mitigations, $struct_name:ident, $parse:ident) => { + pub(super) fn allow_partial_mitigations( + _cg: &mut super::$struct_name, + collected: &mut super::CollectedOptions, + v: Option<&str>, + index: usize, + ) -> bool { + collected.mitigations.handle_allowdeny_mitigation_option(v, index, true) + } + }; + (deny_partial_mitigations, $struct_name:ident, $parse:ident) => { + pub(super) fn deny_partial_mitigations( + _cg: &mut super::$struct_name, + collected: &mut super::CollectedOptions, + v: Option<&str>, + index: usize, + ) -> bool { + collected.mitigations.handle_allowdeny_mitigation_option(v, index, false) + } + }; + ($opt:ident, $struct_name:ident, $parse:ident) => { + pub(super) fn $opt( + cg: &mut super::$struct_name, + _collected: &mut super::CollectedOptions, + v: Option<&str>, + _index: usize, + ) -> bool { + super::parse::$parse(&mut redirect_field!(cg.$opt), v) + } + }; +} + /// Defines all `CodegenOptions`/`DebuggingOptions` fields and parsers all at once. The goal of this /// macro is to define an interface that can be programmatically used by the option parser /// to initialize the struct without hardcoding field names all over the place. @@ -609,7 +662,7 @@ macro_rules! options { $($( #[$attr:meta] )* $opt:ident : $t:ty = ( $init:expr, $parse:ident, - [$dep_tracking_marker:ident $( $tmod:ident )?], + [$dep_tracking_marker:ident $( $modifier_kind:ident )?], $desc:expr $(, deprecated_do_nothing: $dnn:literal )?) ),* ,) => @@ -618,7 +671,7 @@ macro_rules! options { #[rustc_lint_opt_ty] pub struct $struct_name { $( $( #[$attr] )* pub $opt: $t),* } - tmod_enum!( $tmod_enum_name, $prefix, {$($opt, $parse, $t, [$($tmod),*])|*} ); + tmod_enum!( $tmod_enum_name, $prefix, {$($opt, $parse, $t, [$($modifier_kind),*])|*} ); impl Default for $struct_name { fn default() -> $struct_name { @@ -630,7 +683,7 @@ macro_rules! options { pub fn build( early_dcx: &EarlyDiagCtxt, matches: &getopts::Matches, - target_modifiers: &mut BTreeMap, + target_modifiers: &mut CollectedOptions, ) -> $struct_name { build_options(early_dcx, matches, target_modifiers, $stat, $prefix, $outputname) } @@ -660,7 +713,7 @@ macro_rules! options { ) { $({ gather_tmods!($struct_name, $tmod_enum_name, $opt, &self.$opt, $init, _mods, _tmod_vals, - [$dep_tracking_marker], [$($tmod),*]); + [$dep_tracking_marker], [$($modifier_kind),*]); })* } } @@ -668,13 +721,13 @@ macro_rules! options { pub const $stat: OptionDescrs<$struct_name> = &[ $( OptionDesc{ name: stringify!($opt), setter: $optmod::$opt, type_desc: desc::$parse, desc: $desc, is_deprecated_and_do_nothing: false $( || $dnn )?, - tmod: tmod_enum_opt!($struct_name, $tmod_enum_name, $opt, $($tmod),*) } ),* ]; + tmod: tmod_enum_opt!($struct_name, $tmod_enum_name, $opt, $($modifier_kind),*), + mitigation: mitigation_enum_opt!($opt, $($modifier_kind),*), + } ),* ]; mod $optmod { $( - pub(super) fn $opt(cg: &mut super::$struct_name, v: Option<&str>) -> bool { - super::parse::$parse(&mut redirect_field!(cg.$opt), v) - } + setter_for!($opt, $struct_name, $parse); )* } @@ -702,7 +755,7 @@ macro_rules! redirect_field { }; } -type OptionSetter = fn(&mut O, v: Option<&str>) -> bool; +type OptionSetter = fn(&mut O, &mut CollectedOptions, v: Option<&str>, pos: usize) -> bool; type OptionDescrs = &'static [OptionDesc]; pub struct OptionDesc { @@ -714,6 +767,7 @@ pub struct OptionDesc { desc: &'static str, is_deprecated_and_do_nothing: bool, tmod: Option, + mitigation: Option, } impl OptionDesc { @@ -729,13 +783,13 @@ impl OptionDesc { fn build_options( early_dcx: &EarlyDiagCtxt, matches: &getopts::Matches, - target_modifiers: &mut BTreeMap, + collected_options: &mut CollectedOptions, descrs: OptionDescrs, prefix: &str, outputname: &str, ) -> O { let mut op = O::default(); - for option in matches.opt_strs(prefix) { + for (index, option) in matches.opt_strs_pos(prefix) { let (key, value) = match option.split_once('=') { None => (option, None), Some((k, v)) => (k.to_string(), Some(v)), @@ -750,13 +804,14 @@ fn build_options( desc, is_deprecated_and_do_nothing, tmod, + mitigation, }) => { if *is_deprecated_and_do_nothing { // deprecation works for prefixed options only assert!(!prefix.is_empty()); early_dcx.early_warn(format!("`-{prefix} {key}`: {desc}")); } - if !setter(&mut op, value) { + if !setter(&mut op, collected_options, value, index) { match value { None => early_dcx.early_fatal( format!( @@ -772,7 +827,10 @@ fn build_options( } if let Some(tmod) = *tmod { let v = value.map_or(String::new(), ToOwned::to_owned); - target_modifiers.insert(tmod, v); + collected_options.target_modifiers.insert(tmod, v); + } + if let Some(mitigation) = mitigation { + collected_options.mitigations.reset_mitigation(*mitigation, index); } } None => early_dcx.early_fatal(format!("unknown {outputname} option: `{key}`")), @@ -882,6 +940,10 @@ mod desc { pub(crate) const parse_mir_include_spans: &str = "either a boolean (`yes`, `no`, `on`, `off`, etc), or `nll` (default: `nll`)"; pub(crate) const parse_align: &str = "a number that is a power of 2 between 1 and 2^29"; + pub(crate) const parse_allow_partial_mitigations: &str = + super::mitigation_coverage::DeniedPartialMitigationKind::KINDS; + pub(crate) const parse_deny_partial_mitigations: &str = + super::mitigation_coverage::DeniedPartialMitigationKind::KINDS; } pub mod parse { @@ -2080,7 +2142,7 @@ options! { collapse_macro_debuginfo: CollapseMacroDebuginfo = (CollapseMacroDebuginfo::Unspecified, parse_collapse_macro_debuginfo, [TRACKED], "set option to collapse debuginfo for macros"), - control_flow_guard: CFGuard = (CFGuard::Disabled, parse_cfguard, [TRACKED], + control_flow_guard: CFGuard = (CFGuard::Disabled, parse_cfguard, [TRACKED MITIGATION], "use Windows Control Flow Guard (default: no)"), debug_assertions: Option = (None, parse_opt_bool, [TRACKED], "explicitly enable the `cfg(debug_assertions)` directive"), @@ -2219,6 +2281,10 @@ options! { // tidy-alphabetical-start allow_features: Option> = (None, parse_opt_comma_list, [TRACKED], "only allow the listed language features to be enabled in code (comma separated)"), + // the real parser is at the `setter_for` macro, to allow `-Z` and `-C` options to + // work together. + allow_partial_mitigations: () = ((), parse_allow_partial_mitigations, [UNTRACKED], + "Allow mitigations not enabled for all dependency crates (comma separated list)"), always_encode_mir: bool = (false, parse_bool, [TRACKED], "encode MIR of all functions into the crate metadata (default: no)"), annotate_moves: AnnotateMoves = (AnnotateMoves::Disabled, parse_annotate_moves, [TRACKED], @@ -2286,6 +2352,8 @@ options! { "deduplicate identical diagnostics (default: yes)"), default_visibility: Option = (None, parse_opt_symbol_visibility, [TRACKED], "overrides the `default_visibility` setting of the target"), + deny_partial_mitigations: () = ((), parse_deny_partial_mitigations, [UNTRACKED], + "Deny mitigations not enabled for all dependency crates (comma separated list)"), dep_info_omit_d_target: bool = (false, parse_bool, [TRACKED], "in dep-info output, omit targets for tracking dependencies of the dep-info files \ themselves (default: no)"), @@ -2670,7 +2738,7 @@ written to standard error output)"), src_hash_algorithm: Option = (None, parse_src_file_hash, [TRACKED], "hash algorithm of source files in debug info (`md5`, `sha1`, or `sha256`)"), #[rustc_lint_opt_deny_field_access("use `Session::stack_protector` instead of this field")] - stack_protector: StackProtector = (StackProtector::None, parse_stack_protector, [TRACKED], + stack_protector: StackProtector = (StackProtector::None, parse_stack_protector, [TRACKED MITIGATION], "control stack smash protection strategy (`rustc --print stack-protector-strategies` for details)"), staticlib_allow_rdylib_deps: bool = (false, parse_bool, [TRACKED], "allow staticlibs to have rust dylib dependencies"), diff --git a/compiler/rustc_session/src/options/mitigation_coverage.rs b/compiler/rustc_session/src/options/mitigation_coverage.rs new file mode 100644 index 0000000000000..cf839706fe787 --- /dev/null +++ b/compiler/rustc_session/src/options/mitigation_coverage.rs @@ -0,0 +1,242 @@ +use std::collections::{BTreeMap, BTreeSet}; +use std::str::FromStr; + +use rustc_macros::{BlobDecodable, Encodable}; +use rustc_span::edition::Edition; +use rustc_target::spec::StackProtector; + +use crate::Session; +use crate::config::Options; +use crate::options::CFGuard; + +#[derive(Copy, Clone, Debug, PartialEq, Eq, PartialOrd, Ord, Encodable, BlobDecodable)] +pub enum DeniedPartialMitigationLevel { + // Enabled(false) should be the bottom of the Ord hierarchy + Enabled(bool), + StackProtector(StackProtector), +} + +impl DeniedPartialMitigationLevel { + pub fn level_str(&self) -> &'static str { + match self { + DeniedPartialMitigationLevel::StackProtector(StackProtector::All) => "=all", + DeniedPartialMitigationLevel::StackProtector(StackProtector::Basic) => "=basic", + DeniedPartialMitigationLevel::StackProtector(StackProtector::Strong) => "=strong", + // currently `=disabled` should not appear + DeniedPartialMitigationLevel::Enabled(false) => "=disabled", + DeniedPartialMitigationLevel::StackProtector(StackProtector::None) + | DeniedPartialMitigationLevel::Enabled(true) => "", + } + } +} + +impl std::fmt::Display for DeniedPartialMitigationLevel { + fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result { + match self { + DeniedPartialMitigationLevel::StackProtector(StackProtector::All) => { + write!(f, "all") + } + DeniedPartialMitigationLevel::StackProtector(StackProtector::Basic) => { + write!(f, "basic") + } + DeniedPartialMitigationLevel::StackProtector(StackProtector::Strong) => { + write!(f, "strong") + } + DeniedPartialMitigationLevel::Enabled(true) => { + write!(f, "enabled") + } + DeniedPartialMitigationLevel::StackProtector(StackProtector::None) + | DeniedPartialMitigationLevel::Enabled(false) => { + write!(f, "disabled") + } + } + } +} + +impl From for DeniedPartialMitigationLevel { + fn from(value: bool) -> Self { + DeniedPartialMitigationLevel::Enabled(value) + } +} + +impl From for DeniedPartialMitigationLevel { + fn from(value: StackProtector) -> Self { + DeniedPartialMitigationLevel::StackProtector(value) + } +} + +#[derive(Copy, Clone)] +struct MitigationStatus { + // This is the index of the option in the command line. This is needed because + // re-enabling a mitigation resets the partial mitigation status if it's later in the command + // line, and this works across `-C` and `-Z` args. + // + // e.g. `-Z stack-protector=strong` resets `-C allow-partial-mitigations=stack-protector`. + index: usize, + allowed: Option, +} + +#[derive(Clone, Default)] +pub struct MitigationCoverageMap { + map: BTreeMap, +} + +impl MitigationCoverageMap { + fn apply_mitigation( + &mut self, + kind: DeniedPartialMitigationKind, + index: usize, + allowed: Option, + ) { + self.map + .entry(kind) + .and_modify(|e| { + if index >= e.index { + *e = MitigationStatus { index, allowed } + } + }) + .or_insert(MitigationStatus { index, allowed }); + } + + pub(crate) fn handle_allowdeny_mitigation_option( + &mut self, + v: Option<&str>, + index: usize, + allowed: bool, + ) -> bool { + match v { + Some(s) => { + for sub in s.split(',') { + match sub.parse() { + Ok(kind) => self.apply_mitigation(kind, index, Some(allowed)), + Err(_) => return false, + } + } + true + } + None => false, + } + } + + pub(crate) fn reset_mitigation(&mut self, kind: DeniedPartialMitigationKind, index: usize) { + self.apply_mitigation(kind, index, None); + } +} + +pub struct DeniedPartialMitigationKindParseError; + +macro_rules! intersperse { + ($sep:expr, ($first:expr $(, $rest:expr)* $(,)?)) => { + concat!($first $(, $sep, $rest)*) + }; +} + +macro_rules! denied_partial_mitigations { + ([$self:ident] enum $kind:ident {$(($name:ident, $text:expr, $since:ident, $code:expr)),*}) => { + #[allow(non_camel_case_types)] + #[derive(Copy, Clone, Debug, PartialEq, Eq, Hash, PartialOrd, Ord, Encodable, BlobDecodable)] + pub enum DeniedPartialMitigationKind { + $($name),* + } + + impl std::fmt::Display for DeniedPartialMitigationKind { + fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result { + match self { + $(DeniedPartialMitigationKind::$name => write!(f, $text)),* + } + } + } + + impl DeniedPartialMitigationKind { + pub(crate) const KINDS: &'static str = concat!("comma-separated list of mitigation kinds (available: ", + intersperse!(", ", ($(concat!("`", $text, "`")),*)), ")"); + } + + impl FromStr for DeniedPartialMitigationKind { + type Err = DeniedPartialMitigationKindParseError; + + fn from_str(v: &str) -> Result { + match v { + $($text => Ok(DeniedPartialMitigationKind::$name)),* + , + _ => Err(DeniedPartialMitigationKindParseError), + } + } + } + + #[allow(unused)] + impl DeniedPartialMitigationKind { + pub fn allowed_by_default_at(&self, edition: Edition) -> bool { + let enforced_since = match self { + // Should change the enforced-since edition of StackProtector to 2015 + // (all editions) when `-C stack-protector` is stabilized. + $(DeniedPartialMitigationKind::$name => Edition::$since),* + }; + edition < enforced_since + } + } + + impl Options { + pub fn all_denied_partial_mitigations(&self) -> impl Iterator { + [$(DeniedPartialMitigationKind::$name),*].into_iter() + } + } + + impl Session { + pub fn gather_enabled_denied_partial_mitigations(&$self) -> Vec { + let mut mitigations = [ + $( + DeniedPartialMitigation { + kind: DeniedPartialMitigationKind::$name, + level: From::from($code), + } + ),* + ]; + mitigations.sort(); + mitigations.into_iter().collect() + } + } + } +} + +denied_partial_mitigations! { + [self] + enum DeniedPartialMitigationKind { + // The mitigation name should match the option name in rustc_session::options, + // to allow for resetting the mitigation + (stack_protector, "stack-protector", EditionFuture, self.stack_protector()), + (control_flow_guard, "control-flow-guard", EditionFuture, self.opts.cg.control_flow_guard == CFGuard::Checks) + } +} + +/// Denied-partial mitigations, see [RFC 3855](https://github.com/rust-lang/rfcs/pull/3855) +#[derive(Copy, Clone, Debug, PartialEq, Eq, PartialOrd, Ord, Encodable, BlobDecodable)] +pub struct DeniedPartialMitigation { + pub kind: DeniedPartialMitigationKind, + pub level: DeniedPartialMitigationLevel, +} + +impl Options { + // Return the list of mitigations that are allowed to be partial + pub fn allowed_partial_mitigations( + &self, + edition: Edition, + ) -> impl Iterator { + let mut result: BTreeSet<_> = self + .all_denied_partial_mitigations() + .filter(|mitigation| mitigation.allowed_by_default_at(edition)) + .collect(); + for (kind, MitigationStatus { index: _, allowed }) in &self.mitigation_coverage_map.map { + match allowed { + Some(true) => { + result.insert(*kind); + } + Some(false) => { + result.remove(kind); + } + None => {} + } + } + result.into_iter() + } +} diff --git a/compiler/rustc_target/src/spec/mod.rs b/compiler/rustc_target/src/spec/mod.rs index 2d2f15651c431..9aca821ab1666 100644 --- a/compiler/rustc_target/src/spec/mod.rs +++ b/compiler/rustc_target/src/spec/mod.rs @@ -1336,6 +1336,7 @@ impl FramePointer { crate::target_spec_enum! { /// Controls use of stack canaries. + #[derive(Encodable, BlobDecodable, HashStable_Generic)] pub enum StackProtector { /// Disable stack canary generation. None = "none", diff --git a/src/librustdoc/config.rs b/src/librustdoc/config.rs index 3d4b4e969157c..c98049e4c3df6 100644 --- a/src/librustdoc/config.rs +++ b/src/librustdoc/config.rs @@ -409,9 +409,9 @@ impl Options { config::parse_error_format(early_dcx, matches, color, json_color, json_rendered); let diagnostic_width = matches.opt_get("diagnostic-width").unwrap_or_default(); - let mut target_modifiers = BTreeMap::::new(); - let codegen_options = CodegenOptions::build(early_dcx, matches, &mut target_modifiers); - let unstable_opts = UnstableOptions::build(early_dcx, matches, &mut target_modifiers); + let mut collected_options = Default::default(); + let codegen_options = CodegenOptions::build(early_dcx, matches, &mut collected_options); + let unstable_opts = UnstableOptions::build(early_dcx, matches, &mut collected_options); let remap_path_prefix = match parse_remap_path_prefix(matches) { Ok(prefix_mappings) => prefix_mappings, @@ -874,7 +874,7 @@ impl Options { scrape_examples_options, unstable_features, doctest_build_args, - target_modifiers, + target_modifiers: collected_options.target_modifiers, }; let render_options = RenderOptions { output, diff --git a/tests/ui/README.md b/tests/ui/README.md index 16cdde08431c0..5a44dd6e745c1 100644 --- a/tests/ui/README.md +++ b/tests/ui/README.md @@ -22,6 +22,12 @@ These tests exercise `#![feature(allocator_api)]` and the `#[global_allocator]` See [Allocator traits and `std::heap` #32838](https://github.com/rust-lang/rust/issues/32838). +## `tests/ui/allow-partial-mitigations` + +These tests exercise the check against partial mitigation enforcement. + +See [the mitigation enforcement RFC](https://github.com/rust-lang/rfcs/pull/3855). + ## `tests/ui/annotate-moves` These tests exercise the `annotate-moves` feature. diff --git a/tests/ui/allow-partial-mitigations/err-allow-partial-mitigations-1-error.cfg-allow-first.stderr b/tests/ui/allow-partial-mitigations/err-allow-partial-mitigations-1-error.cfg-allow-first.stderr new file mode 100644 index 0000000000000..24bcf83a9be6f --- /dev/null +++ b/tests/ui/allow-partial-mitigations/err-allow-partial-mitigations-1-error.cfg-allow-first.stderr @@ -0,0 +1,47 @@ +error: your program uses the crate `std`, that is not compiled with `control-flow-guard` enabled + --> $DIR/err-allow-partial-mitigations-1-error.rs:15:1 + | +LL | fn main() {} + | ^ + | + = note: recompile `std` with `control-flow-guard` enabled, or use `-Z allow-partial-mitigations=control-flow-guard` to allow creating an artifact that has the mitigation only partially enabled + = help: it is possible to disable `-Z allow-partial-mitigations=control-flow-guard` via `-Z deny-partial-mitigations=control-flow-guard` + +error: your program uses the crate `core`, that is not compiled with `control-flow-guard` enabled + --> $DIR/err-allow-partial-mitigations-1-error.rs:15:1 + | +LL | fn main() {} + | ^ + | + = note: recompile `core` with `control-flow-guard` enabled, or use `-Z allow-partial-mitigations=control-flow-guard` to allow creating an artifact that has the mitigation only partially enabled + = help: it is possible to disable `-Z allow-partial-mitigations=control-flow-guard` via `-Z deny-partial-mitigations=control-flow-guard` + +error: your program uses the crate `alloc`, that is not compiled with `control-flow-guard` enabled + --> $DIR/err-allow-partial-mitigations-1-error.rs:15:1 + | +LL | fn main() {} + | ^ + | + = note: recompile `alloc` with `control-flow-guard` enabled, or use `-Z allow-partial-mitigations=control-flow-guard` to allow creating an artifact that has the mitigation only partially enabled + = help: it is possible to disable `-Z allow-partial-mitigations=control-flow-guard` via `-Z deny-partial-mitigations=control-flow-guard` + +error: your program uses the crate `compiler_builtins`, that is not compiled with `control-flow-guard` enabled + --> $DIR/err-allow-partial-mitigations-1-error.rs:15:1 + | +LL | fn main() {} + | ^ + | + = note: recompile `compiler_builtins` with `control-flow-guard` enabled, or use `-Z allow-partial-mitigations=control-flow-guard` to allow creating an artifact that has the mitigation only partially enabled + = help: it is possible to disable `-Z allow-partial-mitigations=control-flow-guard` via `-Z deny-partial-mitigations=control-flow-guard` + +error: your program uses the crate `libc`, that is not compiled with `control-flow-guard` enabled + --> $DIR/err-allow-partial-mitigations-1-error.rs:15:1 + | +LL | fn main() {} + | ^ + | + = note: recompile `libc` with `control-flow-guard` enabled, or use `-Z allow-partial-mitigations=control-flow-guard` to allow creating an artifact that has the mitigation only partially enabled + = help: it is possible to disable `-Z allow-partial-mitigations=control-flow-guard` via `-Z deny-partial-mitigations=control-flow-guard` + +error: aborting due to 5 previous errors + diff --git a/tests/ui/allow-partial-mitigations/err-allow-partial-mitigations-1-error.disable-enable-reset.stderr b/tests/ui/allow-partial-mitigations/err-allow-partial-mitigations-1-error.disable-enable-reset.stderr new file mode 100644 index 0000000000000..f039dc7acbd09 --- /dev/null +++ b/tests/ui/allow-partial-mitigations/err-allow-partial-mitigations-1-error.disable-enable-reset.stderr @@ -0,0 +1,47 @@ +error: your program uses the crate `std`, that is not compiled with `stack-protector=all` enabled + --> $DIR/err-allow-partial-mitigations-1-error.rs:15:1 + | +LL | fn main() {} + | ^ + | + = note: recompile `std` with `stack-protector=all` enabled, or use `-Z allow-partial-mitigations=stack-protector` to allow creating an artifact that has the mitigation only partially enabled + = help: it is possible to disable `-Z allow-partial-mitigations=stack-protector` via `-Z deny-partial-mitigations=stack-protector` + +error: your program uses the crate `core`, that is not compiled with `stack-protector=all` enabled + --> $DIR/err-allow-partial-mitigations-1-error.rs:15:1 + | +LL | fn main() {} + | ^ + | + = note: recompile `core` with `stack-protector=all` enabled, or use `-Z allow-partial-mitigations=stack-protector` to allow creating an artifact that has the mitigation only partially enabled + = help: it is possible to disable `-Z allow-partial-mitigations=stack-protector` via `-Z deny-partial-mitigations=stack-protector` + +error: your program uses the crate `alloc`, that is not compiled with `stack-protector=all` enabled + --> $DIR/err-allow-partial-mitigations-1-error.rs:15:1 + | +LL | fn main() {} + | ^ + | + = note: recompile `alloc` with `stack-protector=all` enabled, or use `-Z allow-partial-mitigations=stack-protector` to allow creating an artifact that has the mitigation only partially enabled + = help: it is possible to disable `-Z allow-partial-mitigations=stack-protector` via `-Z deny-partial-mitigations=stack-protector` + +error: your program uses the crate `compiler_builtins`, that is not compiled with `stack-protector=all` enabled + --> $DIR/err-allow-partial-mitigations-1-error.rs:15:1 + | +LL | fn main() {} + | ^ + | + = note: recompile `compiler_builtins` with `stack-protector=all` enabled, or use `-Z allow-partial-mitigations=stack-protector` to allow creating an artifact that has the mitigation only partially enabled + = help: it is possible to disable `-Z allow-partial-mitigations=stack-protector` via `-Z deny-partial-mitigations=stack-protector` + +error: your program uses the crate `libc`, that is not compiled with `stack-protector=all` enabled + --> $DIR/err-allow-partial-mitigations-1-error.rs:15:1 + | +LL | fn main() {} + | ^ + | + = note: recompile `libc` with `stack-protector=all` enabled, or use `-Z allow-partial-mitigations=stack-protector` to allow creating an artifact that has the mitigation only partially enabled + = help: it is possible to disable `-Z allow-partial-mitigations=stack-protector` via `-Z deny-partial-mitigations=stack-protector` + +error: aborting due to 5 previous errors + diff --git a/tests/ui/allow-partial-mitigations/err-allow-partial-mitigations-1-error.disable.stderr b/tests/ui/allow-partial-mitigations/err-allow-partial-mitigations-1-error.disable.stderr new file mode 100644 index 0000000000000..f039dc7acbd09 --- /dev/null +++ b/tests/ui/allow-partial-mitigations/err-allow-partial-mitigations-1-error.disable.stderr @@ -0,0 +1,47 @@ +error: your program uses the crate `std`, that is not compiled with `stack-protector=all` enabled + --> $DIR/err-allow-partial-mitigations-1-error.rs:15:1 + | +LL | fn main() {} + | ^ + | + = note: recompile `std` with `stack-protector=all` enabled, or use `-Z allow-partial-mitigations=stack-protector` to allow creating an artifact that has the mitigation only partially enabled + = help: it is possible to disable `-Z allow-partial-mitigations=stack-protector` via `-Z deny-partial-mitigations=stack-protector` + +error: your program uses the crate `core`, that is not compiled with `stack-protector=all` enabled + --> $DIR/err-allow-partial-mitigations-1-error.rs:15:1 + | +LL | fn main() {} + | ^ + | + = note: recompile `core` with `stack-protector=all` enabled, or use `-Z allow-partial-mitigations=stack-protector` to allow creating an artifact that has the mitigation only partially enabled + = help: it is possible to disable `-Z allow-partial-mitigations=stack-protector` via `-Z deny-partial-mitigations=stack-protector` + +error: your program uses the crate `alloc`, that is not compiled with `stack-protector=all` enabled + --> $DIR/err-allow-partial-mitigations-1-error.rs:15:1 + | +LL | fn main() {} + | ^ + | + = note: recompile `alloc` with `stack-protector=all` enabled, or use `-Z allow-partial-mitigations=stack-protector` to allow creating an artifact that has the mitigation only partially enabled + = help: it is possible to disable `-Z allow-partial-mitigations=stack-protector` via `-Z deny-partial-mitigations=stack-protector` + +error: your program uses the crate `compiler_builtins`, that is not compiled with `stack-protector=all` enabled + --> $DIR/err-allow-partial-mitigations-1-error.rs:15:1 + | +LL | fn main() {} + | ^ + | + = note: recompile `compiler_builtins` with `stack-protector=all` enabled, or use `-Z allow-partial-mitigations=stack-protector` to allow creating an artifact that has the mitigation only partially enabled + = help: it is possible to disable `-Z allow-partial-mitigations=stack-protector` via `-Z deny-partial-mitigations=stack-protector` + +error: your program uses the crate `libc`, that is not compiled with `stack-protector=all` enabled + --> $DIR/err-allow-partial-mitigations-1-error.rs:15:1 + | +LL | fn main() {} + | ^ + | + = note: recompile `libc` with `stack-protector=all` enabled, or use `-Z allow-partial-mitigations=stack-protector` to allow creating an artifact that has the mitigation only partially enabled + = help: it is possible to disable `-Z allow-partial-mitigations=stack-protector` via `-Z deny-partial-mitigations=stack-protector` + +error: aborting due to 5 previous errors + diff --git a/tests/ui/allow-partial-mitigations/err-allow-partial-mitigations-1-error.enable-disable.stderr b/tests/ui/allow-partial-mitigations/err-allow-partial-mitigations-1-error.enable-disable.stderr new file mode 100644 index 0000000000000..f039dc7acbd09 --- /dev/null +++ b/tests/ui/allow-partial-mitigations/err-allow-partial-mitigations-1-error.enable-disable.stderr @@ -0,0 +1,47 @@ +error: your program uses the crate `std`, that is not compiled with `stack-protector=all` enabled + --> $DIR/err-allow-partial-mitigations-1-error.rs:15:1 + | +LL | fn main() {} + | ^ + | + = note: recompile `std` with `stack-protector=all` enabled, or use `-Z allow-partial-mitigations=stack-protector` to allow creating an artifact that has the mitigation only partially enabled + = help: it is possible to disable `-Z allow-partial-mitigations=stack-protector` via `-Z deny-partial-mitigations=stack-protector` + +error: your program uses the crate `core`, that is not compiled with `stack-protector=all` enabled + --> $DIR/err-allow-partial-mitigations-1-error.rs:15:1 + | +LL | fn main() {} + | ^ + | + = note: recompile `core` with `stack-protector=all` enabled, or use `-Z allow-partial-mitigations=stack-protector` to allow creating an artifact that has the mitigation only partially enabled + = help: it is possible to disable `-Z allow-partial-mitigations=stack-protector` via `-Z deny-partial-mitigations=stack-protector` + +error: your program uses the crate `alloc`, that is not compiled with `stack-protector=all` enabled + --> $DIR/err-allow-partial-mitigations-1-error.rs:15:1 + | +LL | fn main() {} + | ^ + | + = note: recompile `alloc` with `stack-protector=all` enabled, or use `-Z allow-partial-mitigations=stack-protector` to allow creating an artifact that has the mitigation only partially enabled + = help: it is possible to disable `-Z allow-partial-mitigations=stack-protector` via `-Z deny-partial-mitigations=stack-protector` + +error: your program uses the crate `compiler_builtins`, that is not compiled with `stack-protector=all` enabled + --> $DIR/err-allow-partial-mitigations-1-error.rs:15:1 + | +LL | fn main() {} + | ^ + | + = note: recompile `compiler_builtins` with `stack-protector=all` enabled, or use `-Z allow-partial-mitigations=stack-protector` to allow creating an artifact that has the mitigation only partially enabled + = help: it is possible to disable `-Z allow-partial-mitigations=stack-protector` via `-Z deny-partial-mitigations=stack-protector` + +error: your program uses the crate `libc`, that is not compiled with `stack-protector=all` enabled + --> $DIR/err-allow-partial-mitigations-1-error.rs:15:1 + | +LL | fn main() {} + | ^ + | + = note: recompile `libc` with `stack-protector=all` enabled, or use `-Z allow-partial-mitigations=stack-protector` to allow creating an artifact that has the mitigation only partially enabled + = help: it is possible to disable `-Z allow-partial-mitigations=stack-protector` via `-Z deny-partial-mitigations=stack-protector` + +error: aborting due to 5 previous errors + diff --git a/tests/ui/allow-partial-mitigations/err-allow-partial-mitigations-1-error.rs b/tests/ui/allow-partial-mitigations/err-allow-partial-mitigations-1-error.rs new file mode 100644 index 0000000000000..4b419e8212c10 --- /dev/null +++ b/tests/ui/allow-partial-mitigations/err-allow-partial-mitigations-1-error.rs @@ -0,0 +1,20 @@ +// ignore-tidy-linelength +//@ revisions: sp disable enable-disable wrong-enable disable-enable-reset cfg-allow-first sp-allow-first +//@ check-fail +//@ ignore-nvptx64 stack protector is not supported +//@ ignore-wasm32-unknown-unknown stack protector is not supported +//@ edition:future +//@ [sp] compile-flags: -Z unstable-options -Z stack-protector=all +//@ [disable] compile-flags: -Z unstable-options -Z deny-partial-mitigations=stack-protector -Z stack-protector=all +//@ [enable-disable] compile-flags: -Z unstable-options -Z allow-partial-mitigations=stack-protector -Z deny-partial-mitigations=stack-protector -Z stack-protector=all +//@ [wrong-enable] compile-flags: -Z unstable-options -Z allow-partial-mitigations=control-flow-guard -Z stack-protector=all +//@ [cfg-allow-first] compile-flags: -Z unstable-options -Z allow-partial-mitigations=stack-protector -C control-flow-guard=on +//@ [sp-allow-first] compile-flags: -Z unstable-options -Z allow-partial-mitigations=stack-protector -Z stack-protector=all +//@ [disable-enable-reset] compile-flags: -Z unstable-options -Z deny-partial-mitigations=stack-protector -Z allow-partial-mitigations=stack-protector -Z stack-protector=all + +fn main() {} +//~^ ERROR that is not compiled with +//~| ERROR that is not compiled with +//~| ERROR that is not compiled with +//~| ERROR that is not compiled with +//~| ERROR that is not compiled with diff --git a/tests/ui/allow-partial-mitigations/err-allow-partial-mitigations-1-error.sp-allow-first.stderr b/tests/ui/allow-partial-mitigations/err-allow-partial-mitigations-1-error.sp-allow-first.stderr new file mode 100644 index 0000000000000..f039dc7acbd09 --- /dev/null +++ b/tests/ui/allow-partial-mitigations/err-allow-partial-mitigations-1-error.sp-allow-first.stderr @@ -0,0 +1,47 @@ +error: your program uses the crate `std`, that is not compiled with `stack-protector=all` enabled + --> $DIR/err-allow-partial-mitigations-1-error.rs:15:1 + | +LL | fn main() {} + | ^ + | + = note: recompile `std` with `stack-protector=all` enabled, or use `-Z allow-partial-mitigations=stack-protector` to allow creating an artifact that has the mitigation only partially enabled + = help: it is possible to disable `-Z allow-partial-mitigations=stack-protector` via `-Z deny-partial-mitigations=stack-protector` + +error: your program uses the crate `core`, that is not compiled with `stack-protector=all` enabled + --> $DIR/err-allow-partial-mitigations-1-error.rs:15:1 + | +LL | fn main() {} + | ^ + | + = note: recompile `core` with `stack-protector=all` enabled, or use `-Z allow-partial-mitigations=stack-protector` to allow creating an artifact that has the mitigation only partially enabled + = help: it is possible to disable `-Z allow-partial-mitigations=stack-protector` via `-Z deny-partial-mitigations=stack-protector` + +error: your program uses the crate `alloc`, that is not compiled with `stack-protector=all` enabled + --> $DIR/err-allow-partial-mitigations-1-error.rs:15:1 + | +LL | fn main() {} + | ^ + | + = note: recompile `alloc` with `stack-protector=all` enabled, or use `-Z allow-partial-mitigations=stack-protector` to allow creating an artifact that has the mitigation only partially enabled + = help: it is possible to disable `-Z allow-partial-mitigations=stack-protector` via `-Z deny-partial-mitigations=stack-protector` + +error: your program uses the crate `compiler_builtins`, that is not compiled with `stack-protector=all` enabled + --> $DIR/err-allow-partial-mitigations-1-error.rs:15:1 + | +LL | fn main() {} + | ^ + | + = note: recompile `compiler_builtins` with `stack-protector=all` enabled, or use `-Z allow-partial-mitigations=stack-protector` to allow creating an artifact that has the mitigation only partially enabled + = help: it is possible to disable `-Z allow-partial-mitigations=stack-protector` via `-Z deny-partial-mitigations=stack-protector` + +error: your program uses the crate `libc`, that is not compiled with `stack-protector=all` enabled + --> $DIR/err-allow-partial-mitigations-1-error.rs:15:1 + | +LL | fn main() {} + | ^ + | + = note: recompile `libc` with `stack-protector=all` enabled, or use `-Z allow-partial-mitigations=stack-protector` to allow creating an artifact that has the mitigation only partially enabled + = help: it is possible to disable `-Z allow-partial-mitigations=stack-protector` via `-Z deny-partial-mitigations=stack-protector` + +error: aborting due to 5 previous errors + diff --git a/tests/ui/allow-partial-mitigations/err-allow-partial-mitigations-1-error.sp.stderr b/tests/ui/allow-partial-mitigations/err-allow-partial-mitigations-1-error.sp.stderr new file mode 100644 index 0000000000000..f039dc7acbd09 --- /dev/null +++ b/tests/ui/allow-partial-mitigations/err-allow-partial-mitigations-1-error.sp.stderr @@ -0,0 +1,47 @@ +error: your program uses the crate `std`, that is not compiled with `stack-protector=all` enabled + --> $DIR/err-allow-partial-mitigations-1-error.rs:15:1 + | +LL | fn main() {} + | ^ + | + = note: recompile `std` with `stack-protector=all` enabled, or use `-Z allow-partial-mitigations=stack-protector` to allow creating an artifact that has the mitigation only partially enabled + = help: it is possible to disable `-Z allow-partial-mitigations=stack-protector` via `-Z deny-partial-mitigations=stack-protector` + +error: your program uses the crate `core`, that is not compiled with `stack-protector=all` enabled + --> $DIR/err-allow-partial-mitigations-1-error.rs:15:1 + | +LL | fn main() {} + | ^ + | + = note: recompile `core` with `stack-protector=all` enabled, or use `-Z allow-partial-mitigations=stack-protector` to allow creating an artifact that has the mitigation only partially enabled + = help: it is possible to disable `-Z allow-partial-mitigations=stack-protector` via `-Z deny-partial-mitigations=stack-protector` + +error: your program uses the crate `alloc`, that is not compiled with `stack-protector=all` enabled + --> $DIR/err-allow-partial-mitigations-1-error.rs:15:1 + | +LL | fn main() {} + | ^ + | + = note: recompile `alloc` with `stack-protector=all` enabled, or use `-Z allow-partial-mitigations=stack-protector` to allow creating an artifact that has the mitigation only partially enabled + = help: it is possible to disable `-Z allow-partial-mitigations=stack-protector` via `-Z deny-partial-mitigations=stack-protector` + +error: your program uses the crate `compiler_builtins`, that is not compiled with `stack-protector=all` enabled + --> $DIR/err-allow-partial-mitigations-1-error.rs:15:1 + | +LL | fn main() {} + | ^ + | + = note: recompile `compiler_builtins` with `stack-protector=all` enabled, or use `-Z allow-partial-mitigations=stack-protector` to allow creating an artifact that has the mitigation only partially enabled + = help: it is possible to disable `-Z allow-partial-mitigations=stack-protector` via `-Z deny-partial-mitigations=stack-protector` + +error: your program uses the crate `libc`, that is not compiled with `stack-protector=all` enabled + --> $DIR/err-allow-partial-mitigations-1-error.rs:15:1 + | +LL | fn main() {} + | ^ + | + = note: recompile `libc` with `stack-protector=all` enabled, or use `-Z allow-partial-mitigations=stack-protector` to allow creating an artifact that has the mitigation only partially enabled + = help: it is possible to disable `-Z allow-partial-mitigations=stack-protector` via `-Z deny-partial-mitigations=stack-protector` + +error: aborting due to 5 previous errors + diff --git a/tests/ui/allow-partial-mitigations/err-allow-partial-mitigations-1-error.wrong-enable.stderr b/tests/ui/allow-partial-mitigations/err-allow-partial-mitigations-1-error.wrong-enable.stderr new file mode 100644 index 0000000000000..f039dc7acbd09 --- /dev/null +++ b/tests/ui/allow-partial-mitigations/err-allow-partial-mitigations-1-error.wrong-enable.stderr @@ -0,0 +1,47 @@ +error: your program uses the crate `std`, that is not compiled with `stack-protector=all` enabled + --> $DIR/err-allow-partial-mitigations-1-error.rs:15:1 + | +LL | fn main() {} + | ^ + | + = note: recompile `std` with `stack-protector=all` enabled, or use `-Z allow-partial-mitigations=stack-protector` to allow creating an artifact that has the mitigation only partially enabled + = help: it is possible to disable `-Z allow-partial-mitigations=stack-protector` via `-Z deny-partial-mitigations=stack-protector` + +error: your program uses the crate `core`, that is not compiled with `stack-protector=all` enabled + --> $DIR/err-allow-partial-mitigations-1-error.rs:15:1 + | +LL | fn main() {} + | ^ + | + = note: recompile `core` with `stack-protector=all` enabled, or use `-Z allow-partial-mitigations=stack-protector` to allow creating an artifact that has the mitigation only partially enabled + = help: it is possible to disable `-Z allow-partial-mitigations=stack-protector` via `-Z deny-partial-mitigations=stack-protector` + +error: your program uses the crate `alloc`, that is not compiled with `stack-protector=all` enabled + --> $DIR/err-allow-partial-mitigations-1-error.rs:15:1 + | +LL | fn main() {} + | ^ + | + = note: recompile `alloc` with `stack-protector=all` enabled, or use `-Z allow-partial-mitigations=stack-protector` to allow creating an artifact that has the mitigation only partially enabled + = help: it is possible to disable `-Z allow-partial-mitigations=stack-protector` via `-Z deny-partial-mitigations=stack-protector` + +error: your program uses the crate `compiler_builtins`, that is not compiled with `stack-protector=all` enabled + --> $DIR/err-allow-partial-mitigations-1-error.rs:15:1 + | +LL | fn main() {} + | ^ + | + = note: recompile `compiler_builtins` with `stack-protector=all` enabled, or use `-Z allow-partial-mitigations=stack-protector` to allow creating an artifact that has the mitigation only partially enabled + = help: it is possible to disable `-Z allow-partial-mitigations=stack-protector` via `-Z deny-partial-mitigations=stack-protector` + +error: your program uses the crate `libc`, that is not compiled with `stack-protector=all` enabled + --> $DIR/err-allow-partial-mitigations-1-error.rs:15:1 + | +LL | fn main() {} + | ^ + | + = note: recompile `libc` with `stack-protector=all` enabled, or use `-Z allow-partial-mitigations=stack-protector` to allow creating an artifact that has the mitigation only partially enabled + = help: it is possible to disable `-Z allow-partial-mitigations=stack-protector` via `-Z deny-partial-mitigations=stack-protector` + +error: aborting due to 5 previous errors + diff --git a/tests/ui/allow-partial-mitigations/err-allow-partial-mitigations-2-errors.both.stderr b/tests/ui/allow-partial-mitigations/err-allow-partial-mitigations-2-errors.both.stderr new file mode 100644 index 0000000000000..cbbe300365303 --- /dev/null +++ b/tests/ui/allow-partial-mitigations/err-allow-partial-mitigations-2-errors.both.stderr @@ -0,0 +1,92 @@ +error: your program uses the crate `std`, that is not compiled with `stack-protector=all` enabled + --> $DIR/err-allow-partial-mitigations-2-errors.rs:10:1 + | +LL | fn main() {} + | ^ + | + = note: recompile `std` with `stack-protector=all` enabled, or use `-Z allow-partial-mitigations=stack-protector` to allow creating an artifact that has the mitigation only partially enabled + = help: it is possible to disable `-Z allow-partial-mitigations=stack-protector` via `-Z deny-partial-mitigations=stack-protector` + +error: your program uses the crate `std`, that is not compiled with `control-flow-guard` enabled + --> $DIR/err-allow-partial-mitigations-2-errors.rs:10:1 + | +LL | fn main() {} + | ^ + | + = note: recompile `std` with `control-flow-guard` enabled, or use `-Z allow-partial-mitigations=control-flow-guard` to allow creating an artifact that has the mitigation only partially enabled + = help: it is possible to disable `-Z allow-partial-mitigations=control-flow-guard` via `-Z deny-partial-mitigations=control-flow-guard` + +error: your program uses the crate `core`, that is not compiled with `stack-protector=all` enabled + --> $DIR/err-allow-partial-mitigations-2-errors.rs:10:1 + | +LL | fn main() {} + | ^ + | + = note: recompile `core` with `stack-protector=all` enabled, or use `-Z allow-partial-mitigations=stack-protector` to allow creating an artifact that has the mitigation only partially enabled + = help: it is possible to disable `-Z allow-partial-mitigations=stack-protector` via `-Z deny-partial-mitigations=stack-protector` + +error: your program uses the crate `core`, that is not compiled with `control-flow-guard` enabled + --> $DIR/err-allow-partial-mitigations-2-errors.rs:10:1 + | +LL | fn main() {} + | ^ + | + = note: recompile `core` with `control-flow-guard` enabled, or use `-Z allow-partial-mitigations=control-flow-guard` to allow creating an artifact that has the mitigation only partially enabled + = help: it is possible to disable `-Z allow-partial-mitigations=control-flow-guard` via `-Z deny-partial-mitigations=control-flow-guard` + +error: your program uses the crate `alloc`, that is not compiled with `stack-protector=all` enabled + --> $DIR/err-allow-partial-mitigations-2-errors.rs:10:1 + | +LL | fn main() {} + | ^ + | + = note: recompile `alloc` with `stack-protector=all` enabled, or use `-Z allow-partial-mitigations=stack-protector` to allow creating an artifact that has the mitigation only partially enabled + = help: it is possible to disable `-Z allow-partial-mitigations=stack-protector` via `-Z deny-partial-mitigations=stack-protector` + +error: your program uses the crate `alloc`, that is not compiled with `control-flow-guard` enabled + --> $DIR/err-allow-partial-mitigations-2-errors.rs:10:1 + | +LL | fn main() {} + | ^ + | + = note: recompile `alloc` with `control-flow-guard` enabled, or use `-Z allow-partial-mitigations=control-flow-guard` to allow creating an artifact that has the mitigation only partially enabled + = help: it is possible to disable `-Z allow-partial-mitigations=control-flow-guard` via `-Z deny-partial-mitigations=control-flow-guard` + +error: your program uses the crate `compiler_builtins`, that is not compiled with `stack-protector=all` enabled + --> $DIR/err-allow-partial-mitigations-2-errors.rs:10:1 + | +LL | fn main() {} + | ^ + | + = note: recompile `compiler_builtins` with `stack-protector=all` enabled, or use `-Z allow-partial-mitigations=stack-protector` to allow creating an artifact that has the mitigation only partially enabled + = help: it is possible to disable `-Z allow-partial-mitigations=stack-protector` via `-Z deny-partial-mitigations=stack-protector` + +error: your program uses the crate `compiler_builtins`, that is not compiled with `control-flow-guard` enabled + --> $DIR/err-allow-partial-mitigations-2-errors.rs:10:1 + | +LL | fn main() {} + | ^ + | + = note: recompile `compiler_builtins` with `control-flow-guard` enabled, or use `-Z allow-partial-mitigations=control-flow-guard` to allow creating an artifact that has the mitigation only partially enabled + = help: it is possible to disable `-Z allow-partial-mitigations=control-flow-guard` via `-Z deny-partial-mitigations=control-flow-guard` + +error: your program uses the crate `libc`, that is not compiled with `stack-protector=all` enabled + --> $DIR/err-allow-partial-mitigations-2-errors.rs:10:1 + | +LL | fn main() {} + | ^ + | + = note: recompile `libc` with `stack-protector=all` enabled, or use `-Z allow-partial-mitigations=stack-protector` to allow creating an artifact that has the mitigation only partially enabled + = help: it is possible to disable `-Z allow-partial-mitigations=stack-protector` via `-Z deny-partial-mitigations=stack-protector` + +error: your program uses the crate `libc`, that is not compiled with `control-flow-guard` enabled + --> $DIR/err-allow-partial-mitigations-2-errors.rs:10:1 + | +LL | fn main() {} + | ^ + | + = note: recompile `libc` with `control-flow-guard` enabled, or use `-Z allow-partial-mitigations=control-flow-guard` to allow creating an artifact that has the mitigation only partially enabled + = help: it is possible to disable `-Z allow-partial-mitigations=control-flow-guard` via `-Z deny-partial-mitigations=control-flow-guard` + +error: aborting due to 10 previous errors + diff --git a/tests/ui/allow-partial-mitigations/err-allow-partial-mitigations-2-errors.enable-separately-disable-together.stderr b/tests/ui/allow-partial-mitigations/err-allow-partial-mitigations-2-errors.enable-separately-disable-together.stderr new file mode 100644 index 0000000000000..cbbe300365303 --- /dev/null +++ b/tests/ui/allow-partial-mitigations/err-allow-partial-mitigations-2-errors.enable-separately-disable-together.stderr @@ -0,0 +1,92 @@ +error: your program uses the crate `std`, that is not compiled with `stack-protector=all` enabled + --> $DIR/err-allow-partial-mitigations-2-errors.rs:10:1 + | +LL | fn main() {} + | ^ + | + = note: recompile `std` with `stack-protector=all` enabled, or use `-Z allow-partial-mitigations=stack-protector` to allow creating an artifact that has the mitigation only partially enabled + = help: it is possible to disable `-Z allow-partial-mitigations=stack-protector` via `-Z deny-partial-mitigations=stack-protector` + +error: your program uses the crate `std`, that is not compiled with `control-flow-guard` enabled + --> $DIR/err-allow-partial-mitigations-2-errors.rs:10:1 + | +LL | fn main() {} + | ^ + | + = note: recompile `std` with `control-flow-guard` enabled, or use `-Z allow-partial-mitigations=control-flow-guard` to allow creating an artifact that has the mitigation only partially enabled + = help: it is possible to disable `-Z allow-partial-mitigations=control-flow-guard` via `-Z deny-partial-mitigations=control-flow-guard` + +error: your program uses the crate `core`, that is not compiled with `stack-protector=all` enabled + --> $DIR/err-allow-partial-mitigations-2-errors.rs:10:1 + | +LL | fn main() {} + | ^ + | + = note: recompile `core` with `stack-protector=all` enabled, or use `-Z allow-partial-mitigations=stack-protector` to allow creating an artifact that has the mitigation only partially enabled + = help: it is possible to disable `-Z allow-partial-mitigations=stack-protector` via `-Z deny-partial-mitigations=stack-protector` + +error: your program uses the crate `core`, that is not compiled with `control-flow-guard` enabled + --> $DIR/err-allow-partial-mitigations-2-errors.rs:10:1 + | +LL | fn main() {} + | ^ + | + = note: recompile `core` with `control-flow-guard` enabled, or use `-Z allow-partial-mitigations=control-flow-guard` to allow creating an artifact that has the mitigation only partially enabled + = help: it is possible to disable `-Z allow-partial-mitigations=control-flow-guard` via `-Z deny-partial-mitigations=control-flow-guard` + +error: your program uses the crate `alloc`, that is not compiled with `stack-protector=all` enabled + --> $DIR/err-allow-partial-mitigations-2-errors.rs:10:1 + | +LL | fn main() {} + | ^ + | + = note: recompile `alloc` with `stack-protector=all` enabled, or use `-Z allow-partial-mitigations=stack-protector` to allow creating an artifact that has the mitigation only partially enabled + = help: it is possible to disable `-Z allow-partial-mitigations=stack-protector` via `-Z deny-partial-mitigations=stack-protector` + +error: your program uses the crate `alloc`, that is not compiled with `control-flow-guard` enabled + --> $DIR/err-allow-partial-mitigations-2-errors.rs:10:1 + | +LL | fn main() {} + | ^ + | + = note: recompile `alloc` with `control-flow-guard` enabled, or use `-Z allow-partial-mitigations=control-flow-guard` to allow creating an artifact that has the mitigation only partially enabled + = help: it is possible to disable `-Z allow-partial-mitigations=control-flow-guard` via `-Z deny-partial-mitigations=control-flow-guard` + +error: your program uses the crate `compiler_builtins`, that is not compiled with `stack-protector=all` enabled + --> $DIR/err-allow-partial-mitigations-2-errors.rs:10:1 + | +LL | fn main() {} + | ^ + | + = note: recompile `compiler_builtins` with `stack-protector=all` enabled, or use `-Z allow-partial-mitigations=stack-protector` to allow creating an artifact that has the mitigation only partially enabled + = help: it is possible to disable `-Z allow-partial-mitigations=stack-protector` via `-Z deny-partial-mitigations=stack-protector` + +error: your program uses the crate `compiler_builtins`, that is not compiled with `control-flow-guard` enabled + --> $DIR/err-allow-partial-mitigations-2-errors.rs:10:1 + | +LL | fn main() {} + | ^ + | + = note: recompile `compiler_builtins` with `control-flow-guard` enabled, or use `-Z allow-partial-mitigations=control-flow-guard` to allow creating an artifact that has the mitigation only partially enabled + = help: it is possible to disable `-Z allow-partial-mitigations=control-flow-guard` via `-Z deny-partial-mitigations=control-flow-guard` + +error: your program uses the crate `libc`, that is not compiled with `stack-protector=all` enabled + --> $DIR/err-allow-partial-mitigations-2-errors.rs:10:1 + | +LL | fn main() {} + | ^ + | + = note: recompile `libc` with `stack-protector=all` enabled, or use `-Z allow-partial-mitigations=stack-protector` to allow creating an artifact that has the mitigation only partially enabled + = help: it is possible to disable `-Z allow-partial-mitigations=stack-protector` via `-Z deny-partial-mitigations=stack-protector` + +error: your program uses the crate `libc`, that is not compiled with `control-flow-guard` enabled + --> $DIR/err-allow-partial-mitigations-2-errors.rs:10:1 + | +LL | fn main() {} + | ^ + | + = note: recompile `libc` with `control-flow-guard` enabled, or use `-Z allow-partial-mitigations=control-flow-guard` to allow creating an artifact that has the mitigation only partially enabled + = help: it is possible to disable `-Z allow-partial-mitigations=control-flow-guard` via `-Z deny-partial-mitigations=control-flow-guard` + +error: aborting due to 10 previous errors + diff --git a/tests/ui/allow-partial-mitigations/err-allow-partial-mitigations-2-errors.rs b/tests/ui/allow-partial-mitigations/err-allow-partial-mitigations-2-errors.rs new file mode 100644 index 0000000000000..2ce4172023aad --- /dev/null +++ b/tests/ui/allow-partial-mitigations/err-allow-partial-mitigations-2-errors.rs @@ -0,0 +1,20 @@ +// ignore-tidy-linelength +//@ revisions: both enable-separately-disable-together +//@ check-fail +//@ ignore-nvptx64 stack protector is not supported +//@ ignore-wasm32-unknown-unknown stack protector is not supported +//@ edition:future +//@ [both] compile-flags: -Z unstable-options -C control-flow-guard=on -Z stack-protector=all +//@ [enable-separately-disable-together] compile-flags: -Z unstable-options -Z allow-partial-mitigations=stack-protector -Z allow-partial-mitigations=control-flow-guard -Z deny-partial-mitigations=control-flow-guard,stack-protector -C control-flow-guard=on -Z stack-protector=all + +fn main() {} +//~^ ERROR that is not compiled with +//~| ERROR that is not compiled with +//~| ERROR that is not compiled with +//~| ERROR that is not compiled with +//~| ERROR that is not compiled with +//~| ERROR that is not compiled with +//~| ERROR that is not compiled with +//~| ERROR that is not compiled with +//~| ERROR that is not compiled with +//~| ERROR that is not compiled with diff --git a/tests/ui/allow-partial-mitigations/err-allow-partial-mitigations-bad-cli.rs b/tests/ui/allow-partial-mitigations/err-allow-partial-mitigations-bad-cli.rs new file mode 100644 index 0000000000000..0f45830b9b64f --- /dev/null +++ b/tests/ui/allow-partial-mitigations/err-allow-partial-mitigations-bad-cli.rs @@ -0,0 +1,12 @@ +// ignore-tidy-linelength +//@ check-fail +//@ ignore-nvptx64 stack protector is not supported +//@ ignore-wasm32-unknown-unknown stack protector is not supported +//@ edition:future +//@ compile-flags: -Z unstable-options -Z deny-partial-mitigations=garbage + +// have a test that the list of mitigations is generated correctly + +//~? ERROR incorrect value `garbage` for unstable option `deny-partial-mitigations` - comma-separated list of mitigation kinds (available: + +fn main() {} diff --git a/tests/ui/allow-partial-mitigations/err-allow-partial-mitigations-bad-cli.stderr b/tests/ui/allow-partial-mitigations/err-allow-partial-mitigations-bad-cli.stderr new file mode 100644 index 0000000000000..9af53a1689aec --- /dev/null +++ b/tests/ui/allow-partial-mitigations/err-allow-partial-mitigations-bad-cli.stderr @@ -0,0 +1,2 @@ +error: incorrect value `garbage` for unstable option `deny-partial-mitigations` - comma-separated list of mitigation kinds (available: `stack-protector`, `control-flow-guard`) was expected + diff --git a/tests/ui/allow-partial-mitigations/err-allow-partial-mitigations-current-edition.rs b/tests/ui/allow-partial-mitigations/err-allow-partial-mitigations-current-edition.rs new file mode 100644 index 0000000000000..5ed5edf63ece2 --- /dev/null +++ b/tests/ui/allow-partial-mitigations/err-allow-partial-mitigations-current-edition.rs @@ -0,0 +1,17 @@ +// ignore-tidy-linelength +//@ check-fail +//@ ignore-nvptx64 stack protector is not supported +//@ ignore-wasm32-unknown-unknown stack protector is not supported +//@ edition: 2024 +//@ compile-flags: -C control-flow-guard=on -Z deny-partial-mitigations=control-flow-guard + +// check that in edition 2024, it is still possible to explicitly +// disallow partial mitigations (in edition=future, they are +// disallowed by default) + +fn main() {} +//~^ ERROR that is not compiled with +//~| ERROR that is not compiled with +//~| ERROR that is not compiled with +//~| ERROR that is not compiled with +//~| ERROR that is not compiled with diff --git a/tests/ui/allow-partial-mitigations/err-allow-partial-mitigations-current-edition.stderr b/tests/ui/allow-partial-mitigations/err-allow-partial-mitigations-current-edition.stderr new file mode 100644 index 0000000000000..02e9154986791 --- /dev/null +++ b/tests/ui/allow-partial-mitigations/err-allow-partial-mitigations-current-edition.stderr @@ -0,0 +1,47 @@ +error: your program uses the crate `std`, that is not compiled with `control-flow-guard` enabled + --> $DIR/err-allow-partial-mitigations-current-edition.rs:12:1 + | +LL | fn main() {} + | ^ + | + = note: recompile `std` with `control-flow-guard` enabled, or use `-Z allow-partial-mitigations=control-flow-guard` to allow creating an artifact that has the mitigation only partially enabled + = help: it is possible to disable `-Z allow-partial-mitigations=control-flow-guard` via `-Z deny-partial-mitigations=control-flow-guard` + +error: your program uses the crate `core`, that is not compiled with `control-flow-guard` enabled + --> $DIR/err-allow-partial-mitigations-current-edition.rs:12:1 + | +LL | fn main() {} + | ^ + | + = note: recompile `core` with `control-flow-guard` enabled, or use `-Z allow-partial-mitigations=control-flow-guard` to allow creating an artifact that has the mitigation only partially enabled + = help: it is possible to disable `-Z allow-partial-mitigations=control-flow-guard` via `-Z deny-partial-mitigations=control-flow-guard` + +error: your program uses the crate `alloc`, that is not compiled with `control-flow-guard` enabled + --> $DIR/err-allow-partial-mitigations-current-edition.rs:12:1 + | +LL | fn main() {} + | ^ + | + = note: recompile `alloc` with `control-flow-guard` enabled, or use `-Z allow-partial-mitigations=control-flow-guard` to allow creating an artifact that has the mitigation only partially enabled + = help: it is possible to disable `-Z allow-partial-mitigations=control-flow-guard` via `-Z deny-partial-mitigations=control-flow-guard` + +error: your program uses the crate `compiler_builtins`, that is not compiled with `control-flow-guard` enabled + --> $DIR/err-allow-partial-mitigations-current-edition.rs:12:1 + | +LL | fn main() {} + | ^ + | + = note: recompile `compiler_builtins` with `control-flow-guard` enabled, or use `-Z allow-partial-mitigations=control-flow-guard` to allow creating an artifact that has the mitigation only partially enabled + = help: it is possible to disable `-Z allow-partial-mitigations=control-flow-guard` via `-Z deny-partial-mitigations=control-flow-guard` + +error: your program uses the crate `libc`, that is not compiled with `control-flow-guard` enabled + --> $DIR/err-allow-partial-mitigations-current-edition.rs:12:1 + | +LL | fn main() {} + | ^ + | + = note: recompile `libc` with `control-flow-guard` enabled, or use `-Z allow-partial-mitigations=control-flow-guard` to allow creating an artifact that has the mitigation only partially enabled + = help: it is possible to disable `-Z allow-partial-mitigations=control-flow-guard` via `-Z deny-partial-mitigations=control-flow-guard` + +error: aborting due to 5 previous errors + diff --git a/tests/ui/allow-partial-mitigations/ok-allow-partial-mitigations-current-edition.rs b/tests/ui/allow-partial-mitigations/ok-allow-partial-mitigations-current-edition.rs new file mode 100644 index 0000000000000..6a9c297698b63 --- /dev/null +++ b/tests/ui/allow-partial-mitigations/ok-allow-partial-mitigations-current-edition.rs @@ -0,0 +1,13 @@ +// ignore-tidy-linelength +//@ revisions: no-deny deny-first +//@ check-pass +//@ ignore-nvptx64 stack protector is not supported +//@ ignore-wasm32-unknown-unknown stack protector is not supported +//@ edition: 2024 +//@ [deny-first] compile-flags: -Z deny-partial-mitigations=control-flow-guard -C control-flow-guard=on +//@ [no-deny] compile-flags: -C control-flow-guard=on + +// check that the `-C control-flow-guard=on` overrides the `-Z deny-partial-mitigations=control-flow-guard`, +// which in edition 2024 leads to partial mitigations being allowed + +fn main() {} diff --git a/tests/ui/allow-partial-mitigations/ok-allow-partial-mitigations-minicore.rs b/tests/ui/allow-partial-mitigations/ok-allow-partial-mitigations-minicore.rs new file mode 100644 index 0000000000000..bc8aaa3cb2e61 --- /dev/null +++ b/tests/ui/allow-partial-mitigations/ok-allow-partial-mitigations-minicore.rs @@ -0,0 +1,18 @@ +// ignore-tidy-linelength +//@ check-pass +//@ add-minicore +//@ edition:future +//@ revisions: default deny +//@[default] compile-flags: -Z unstable-options -Z stack-protector=all +//@[deny] compile-flags: -Z deny-partial-mitigations=stack-protector -Z unstable-options -Z stack-protector=all + +// ^ enables stack-protector for both minicore and this crate + +#![crate_type = "lib"] +#![feature(no_core)] +#![no_std] +#![no_core] + +extern crate minicore; + +pub fn foo() {} diff --git a/tests/ui/allow-partial-mitigations/ok-allow-partial-mitigations.rs b/tests/ui/allow-partial-mitigations/ok-allow-partial-mitigations.rs new file mode 100644 index 0000000000000..804873f397516 --- /dev/null +++ b/tests/ui/allow-partial-mitigations/ok-allow-partial-mitigations.rs @@ -0,0 +1,11 @@ +// ignore-tidy-linelength +//@ revisions: sp both disable-enable +//@ check-pass +//@ edition:future +//@ ignore-nvptx64 stack protector is not supported +//@ ignore-wasm32-unknown-unknown stack protector is not supported +//@ [both] compile-flags: -Z unstable-options -Z stack-protector=all -C control-flow-guard=on -Z allow-partial-mitigations=stack-protector,control-flow-guard +//@ [sp] compile-flags: -Z unstable-options -Z stack-protector=all -Z allow-partial-mitigations=stack-protector +//@ [disable-enable] compile-flags: -Z unstable-options -Z deny-partial-mitigations=stack-protector -Z stack-protector=all -Z allow-partial-mitigations=stack-protector + +fn main() {}