Implement -Z allow-partial-mitigations (RFC 3855)
#149357
Conversation
|
These commits modify compiler targets. |
rustbot
added
S-waiting-on-review
This comment has been minimized.
This comment has been minimized.
arielb1
force-pushed
the
enforce-partial-mitigations
branch
from
b34534b to
1fefdbe
Compare
compiler/rustc_metadata/messages.ftl
Outdated
| metadata_mitigation_less_strict_in_dependency = | ||
| your program uses the crate `{$extern_crate}`, that is not protected by `{$mitigation_name}{$mitigation_level}` | ||
| .note = Recompile that crate with the mitigation enabled, or use `-Z allow-partial-mitigations={$mitigation_name}` to allow creating an artifact that has the mitigation only partially enabled |
There was a problem hiding this comment.
Diagnostics must always start with a lowercase letter.
| .note = Recompile that crate with the mitigation enabled, or use `-Z allow-partial-mitigations={$mitigation_name}` to allow creating an artifact that has the mitigation only partially enabled | |
| .note = recompile that `{$extern_crate}` with the mitigation enabled, or use `-Z allow-partial-mitigations={$mitigation_name}` to allow creating an artifact that has the mitigation only partially enabled |
compiler/rustc_metadata/messages.ftl
Outdated
| metadata_mitigation_less_strict_in_dependency = | ||
| your program uses the crate `{$extern_crate}`, that is not protected by `{$mitigation_name}{$mitigation_level}` | ||
| .note = Recompile that crate with the mitigation enabled, or use `-Z allow-partial-mitigations={$mitigation_name}` to allow creating an artifact that has the mitigation only partially enabled | ||
| .help = It is possible to disable `-Z allow-partial-mitigations={$mitigation_name}` via `-Z allow-partial-mitigations=!{$mitigation_name}` |
There was a problem hiding this comment.
| .help = It is possible to disable `-Z allow-partial-mitigations={$mitigation_name}` via `-Z allow-partial-mitigations=!{$mitigation_name}` | |
| .help = it is possible to disable `-Z allow-partial-mitigations={$mitigation_name}` via `-Z allow-partial-mitigations=!{$mitigation_name}` |
I don't think we currently have any command line arguments who is edition depended, that would be a first. |
The behavior for I do think we want to eventually make |
| Some(s) => { | ||
| for sub in s.split(',') { | ||
| let (sub, enabled) = | ||
| if sub.starts_with('!') { (&sub[1..], false) } else { (sub, true) }; |
There was a problem hiding this comment.
Using ! for negation on the command-line is non-standard. It might also cause shell command parsing issues, because ! is a history search and insert metacharacter in some common shells.
The standard CLI negation prefix is no-, I suggest we use that instead.
The dev guide says to avoid no- for boolean flags, but I don't think that applies to more complex options:
rust/src/doc/rustc-dev-guide/src/cli.md
Lines 15 to 16 in 1be6b13
There was a problem hiding this comment.
I basically put ! as a placeholder. Let's wait with it for a little bit of time until we figure out what to do.
There was a problem hiding this comment.
I'd suggest further investigating the possibility of using -Z deny-partial-mitigations=foo instead as described in the RFC.
arielb1
force-pushed
the
enforce-partial-mitigations
branch
2 times, most recently
from
2f2a134 to
99913dd
Compare
This comment has been minimized.
This comment has been minimized.
compiler/rustc_metadata/messages.ftl
Outdated
| could not find native static library `{$libname}`, perhaps an -L flag is missing? | ||
| metadata_mitigation_less_strict_in_dependency = | ||
| your program uses the crate `{$extern_crate}`, that is not protected by `{$mitigation_name}{$mitigation_level}` |
There was a problem hiding this comment.
| your program uses the crate `{$extern_crate}`, that is not protected by `{$mitigation_name}{$mitigation_level}` | |
| your program uses the crate `{$extern_crate}`, that is not compiled with `{$mitigation_name}{$mitigation_level}` enabled |
compiler/rustc_metadata/messages.ftl
Outdated
| metadata_mitigation_less_strict_in_dependency = | ||
| your program uses the crate `{$extern_crate}`, that is not protected by `{$mitigation_name}{$mitigation_level}` | ||
| .note = recompile `{$extern_crate}` with the mitigation enabled, or use `-Z allow-partial-mitigations={$mitigation_name}` to allow creating an artifact that has the mitigation only partially enabled |
There was a problem hiding this comment.
| .note = recompile `{$extern_crate}` with the mitigation enabled, or use `-Z allow-partial-mitigations={$mitigation_name}` to allow creating an artifact that has the mitigation only partially enabled | |
| .note = recompile `{$extern_crate}` with `{$mitigation_name}{$mitigation_level}` enabled, or use `-Z allow-partial-mitigations={$mitigation_name}` to allow creating an executable file that has the mitigation only partially enabled |
| pub(crate) type TargetModifiers = Vec<TargetModifier>; | ||
|
|
||
| /// Enforced Mitigations | ||
| pub(crate) type EnforcedMitigations = Vec<EnforcedMitigation>; |
There was a problem hiding this comment.
Would it be easier to have a list of allowed partial mitigations instead (with all mitigations being enforced by default)?
There was a problem hiding this comment.
Would it be easier to have a list of allowed partial mitigations instead (with all mitigations being enforced by default)?
An "enforced mitigation" is (to me) the name of a mitigation that is enforced according to RFC 3855. Maybe we should call it "EnforcableMitigation"?
In metadata, you need to have the list of enforced mitigations that the dependency crate has enabled.
There was a problem hiding this comment.
What I'm wondering isn't about the naming itself but about a safer default (i.e., all mitigations enforced by default) so we would have an allowlist of mitigations that could be applied partially.
There was a problem hiding this comment.
What I'm wondering isn't about the naming itself but about a safer default (i.e., all mitigations enforced by default) so we would have an allowlist of mitigations that could be applied partially.
You have to define something as a "mitigation". The way you do it is by putting it in the "enforcable mitigation" list.
There is no programmatic list of "mitigations" other than the enforcable mitigation list
There was a problem hiding this comment.
How about something more descriptive like DeniedPartialMitigations? Then you could either have an AllowedPartialMitigations or remove a mitigation from this list when --deny-partial-mitigations is used.
Alternatively, you could have a main Mitigations list defined somewhere in the compiler (or a way to mark an option as a mitigation), and just use an AllowedPartialMitigations list.
There was a problem hiding this comment.
EnforcedMitigations is the list of enforced mitigations that are enabled for a crate
if an enforced mitigation is enabled on a crate, and not enabled on a dependency, and is not explicitly "-C allow-partial-mitigation"-d, this causes an error
The "enforced_mitigations! {" list contains the main source of what is considered an "enforced mitigation"
I am not sure it should be tied to flags directly, because you can have stuff like e.g. having both -C stack-protector and -Z stack-protector being the same mitigation
rustbot
added
S-waiting-on-author
|
Reminder, once the PR becomes ready for a review, use |
|
Found a way to make @rustbot ready |
rustbot
added
S-waiting-on-review
arielb1
force-pushed
the
enforce-partial-mitigations
branch
from
2fabf16 to
e561031
Compare
This comment has been minimized.
This comment has been minimized.
arielb1
force-pushed
the
enforce-partial-mitigations
branch
from
e561031 to
2c3f3b3
Compare
This comment has been minimized.
This comment has been minimized.
This implements `-Z allow-partial-mitigations` as an unstable option, currently with support for control-flow-guard and stack-protector. As a difference from the RFC, we have `-Z allow-partial-mitigations=!foo` rather than `-Z deny-partial-mitigations=foo`, since I couldn't find an easy way to have an allow/deny pair of flags where the latter flag wins. To allow for stabilization, this is only enabled starting from the next edition. Maybe a better policy is possible (bikeshed).
arielb1
force-pushed
the
enforce-partial-mitigations
branch
from
2c3f3b3 to
33012b6
Compare
|
This PR was rebased onto a different main commit. Here's a range-diff highlighting what actually changed. Rebasing is a normal part of keeping PRs up to date, so no action is needed—this note is just to help reviewers. |
|
Addressed rebase problems |
6 participants
This implements
-Z allow-partial-mitigationsas an unstable option, currently with support for control-flow-guard and stack-protector.As a difference from the RFC, we have
-Z allow-partial-mitigations=!foorather than-Z deny-partial-mitigations=foo, since I couldn't find an easy way to have an allow/deny pair of flags where the latter flag wins.To allow for stabilization, this is only enabled starting from the next edition. Maybe a better policy is possible (bikeshed).
r? @rcvalle