sanitizers: Add support for stable sanitizers

Add suppport for specifying stable sanitizers in addition to the
existing supported sanitizers.

Author: rcvalle

compiler/rustc_codegen_llvm/src/abi.rs

@@ -15,7 +15,6 @@ pub(crate) use rustc_middle::ty::layout::{WIDE_PTR_ADDR, WIDE_PTR_EXTRA};
 use rustc_middle::{bug, ty};
 use rustc_session::config;
 pub(crate) use rustc_target::callconv::*;
-use rustc_target::spec::SanitizerSet;
 use smallvec::SmallVec;
 
 use crate::attributes::llfn_attrs_from_instance;
@@ -84,7 +83,7 @@ fn get_attrs<'ll>(this: &ArgAttributes, cx: &CodegenCx<'ll, '_>) -> SmallVec<[&'
                 attrs.push(llattr.create_attr(cx.llcx));
             }
         }
-    } else if cx.tcx.sess.opts.unstable_opts.sanitizer.contains(SanitizerSet::MEMORY) {
+    } else if cx.tcx.sess.is_sanitizer_memory_enabled() {
         // If we're not optimising, *but* memory sanitizer is on, emit noundef, since it affects
         // memory sanitizer's behavior.
 

compiler/rustc_codegen_llvm/src/attributes.rs

@@ -84,7 +84,7 @@ pub(crate) fn sanitize_attrs<'ll>(
     no_sanitize: SanitizerSet,
 ) -> SmallVec<[&'ll Attribute; 4]> {
     let mut attrs = SmallVec::new();
-    let enabled = cx.tcx.sess.opts.unstable_opts.sanitizer - no_sanitize;
+    let enabled = cx.tcx.sess.opts.cg.sanitize - no_sanitize;
     if enabled.contains(SanitizerSet::ADDRESS) || enabled.contains(SanitizerSet::KERNELADDRESS) {
         attrs.push(llvm::AttributeKind::SanitizeAddress.create_attr(cx.llcx));
     }
@@ -217,13 +217,7 @@ fn probestack_attr<'ll>(cx: &CodegenCx<'ll, '_>) -> Option<&'ll Attribute> {
     // Currently stack probes seem somewhat incompatible with the address
     // sanitizer and thread sanitizer. With asan we're already protected from
     // stack overflow anyway so we don't really need stack probes regardless.
-    if cx
-        .sess()
-        .opts
-        .unstable_opts
-        .sanitizer
-        .intersects(SanitizerSet::ADDRESS | SanitizerSet::THREAD)
-    {
+    if cx.sess().is_sanitizer_address_enabled() || cx.sess().is_sanitizer_thread_enabled() {
         return None;
     }
 

compiler/rustc_codegen_ssa/src/back/link.rs

@@ -1321,7 +1321,7 @@ fn add_sanitizer_libraries(
         return;
     }
 
-    let sanitizer = sess.opts.unstable_opts.sanitizer;
+    let sanitizer = sess.opts.cg.sanitize;
     if sanitizer.contains(SanitizerSet::ADDRESS) {
         link_sanitizer_runtime(sess, flavor, linker, "asan");
     }
@@ -2454,11 +2454,7 @@ fn add_order_independent_options(
         && crate_type == CrateType::Executable
         && !matches!(flavor, LinkerFlavor::Gnu(Cc::Yes, _))
     {
-        let prefix = if sess.opts.unstable_opts.sanitizer.contains(SanitizerSet::ADDRESS) {
-            "asan/"
-        } else {
-            ""
-        };
+        let prefix = if sess.is_sanitizer_address_enabled() { "asan/" } else { "" };
         cmd.link_arg(format!("--dynamic-linker={prefix}ld.so.1"));
     }
 

compiler/rustc_codegen_ssa/src/back/symbol_export.rs

@@ -13,7 +13,7 @@ use rustc_middle::query::LocalCrate;
 use rustc_middle::ty::{self, GenericArgKind, GenericArgsRef, Instance, SymbolName, TyCtxt};
 use rustc_middle::util::Providers;
 use rustc_session::config::{CrateType, OomStrategy};
-use rustc_target::spec::{SanitizerSet, TlsModel};
+use rustc_target::spec::TlsModel;
 use tracing::debug;
 
 use crate::base::allocator_kind_for_codegen;
@@ -247,15 +247,15 @@ fn exported_symbols_provider_local(
         }));
     }
 
-    if tcx.sess.opts.unstable_opts.sanitizer.contains(SanitizerSet::MEMORY) {
+    if tcx.sess.is_sanitizer_memory_enabled() {
         let mut msan_weak_symbols = Vec::new();
 
         // Similar to profiling, preserve weak msan symbol during LTO.
-        if tcx.sess.opts.unstable_opts.sanitizer_recover.contains(SanitizerSet::MEMORY) {
+        if tcx.sess.is_sanitizer_memory_recover_enabled() {
             msan_weak_symbols.push("__msan_keep_going");
         }
 
-        if tcx.sess.opts.unstable_opts.sanitizer_memory_track_origins != 0 {
+        if tcx.sess.is_sanitizer_memory_track_origins_enabled() {
             msan_weak_symbols.push("__msan_track_origins");
         }
 

compiler/rustc_codegen_ssa/src/back/write.rs

@@ -184,7 +184,7 @@ impl ModuleConfig {
             debug_info_for_profiling: sess.opts.unstable_opts.debug_info_for_profiling,
             instrument_coverage: if_regular!(sess.instrument_coverage(), false),
 
-            sanitizer: if_regular!(sess.opts.unstable_opts.sanitizer, SanitizerSet::empty()),
+            sanitizer: if_regular!(sess.opts.cg.sanitize, SanitizerSet::empty()),
             sanitizer_dataflow_abilist: if_regular!(
                 sess.opts.unstable_opts.sanitizer_dataflow_abilist.clone(),
                 Vec::new()

compiler/rustc_interface/src/tests.rs

@@ -634,6 +634,7 @@ fn test_codegen_options_tracking_hash() {
     tracked!(profile_use, Some(PathBuf::from("abc")));
     tracked!(relocation_model, Some(RelocModel::Pic));
     tracked!(relro_level, Some(RelroLevel::Full));
+    tracked!(sanitize, SanitizerSet::ADDRESS);
     tracked!(soft_float, true);
     tracked!(split_debuginfo, Some(SplitDebuginfo::Packed));
     tracked!(symbol_mangling_version, Some(SymbolManglingVersion::V0));
@@ -836,7 +837,6 @@ fn test_unstable_options_tracking_hash() {
     tracked!(regparm, Some(3));
     tracked!(relax_elf_relocations, Some(true));
     tracked!(remap_cwd_prefix, Some(PathBuf::from("abc")));
-    tracked!(sanitizer, SanitizerSet::ADDRESS);
     tracked!(sanitizer_cfi_canonical_jump_tables, None);
     tracked!(sanitizer_cfi_generalize_pointers, Some(true));
     tracked!(sanitizer_cfi_normalize_integers, Some(true));

compiler/rustc_metadata/src/native_libs.rs

@@ -61,7 +61,7 @@ pub fn walk_native_lib_search_dirs<R>(
         || sess.target.os == "linux"
         || sess.target.os == "fuchsia"
         || sess.target.is_like_aix
-        || sess.target.is_like_osx && !sess.opts.unstable_opts.sanitizer.is_empty()
+        || sess.target.is_like_osx && !sess.opts.cg.sanitize.is_empty()
     {
         f(&sess.target_tlib_path.dir, false)?;
     }

compiler/rustc_session/messages.ftl

@@ -3,7 +3,7 @@ session_branch_protection_requires_aarch64 = `-Zbranch-protection` is only suppo
 
 session_cannot_enable_crt_static_linux = sanitizer is incompatible with statically linked libc, disable it using `-C target-feature=-crt-static`
 
-session_cannot_mix_and_match_sanitizers = `-Zsanitizer={$first}` is incompatible with `-Zsanitizer={$second}`
+session_cannot_mix_and_match_sanitizers = `-Csanitize={$first}` is incompatible with `-Csanitize={$second}`
 
 session_cli_feature_diagnostic_help =
     add `-Zcrate-attr="feature({$feature})"` to the command-line options to enable
@@ -88,15 +88,15 @@ session_profile_sample_use_file_does_not_exist = file `{$path}` passed to `-C pr
 
 session_profile_use_file_does_not_exist = file `{$path}` passed to `-C profile-use` does not exist
 
-session_sanitizer_cfi_canonical_jump_tables_requires_cfi = `-Zsanitizer-cfi-canonical-jump-tables` requires `-Zsanitizer=cfi`
+session_sanitizer_cfi_canonical_jump_tables_requires_cfi = `-Zsanitizer-cfi-canonical-jump-tables` requires `-Csanitize=cfi`
 
-session_sanitizer_cfi_generalize_pointers_requires_cfi = `-Zsanitizer-cfi-generalize-pointers` requires `-Zsanitizer=cfi` or `-Zsanitizer=kcfi`
+session_sanitizer_cfi_generalize_pointers_requires_cfi = `-Zsanitizer-cfi-generalize-pointers` requires `-Csanitize=cfi` or `-Csanitize=kcfi`
 
-session_sanitizer_cfi_normalize_integers_requires_cfi = `-Zsanitizer-cfi-normalize-integers` requires `-Zsanitizer=cfi` or `-Zsanitizer=kcfi`
+session_sanitizer_cfi_normalize_integers_requires_cfi = `-Zsanitizer-cfi-normalize-integers` requires `-Csanitize=cfi` or `-Csanitize=kcfi`
 
-session_sanitizer_cfi_requires_lto = `-Zsanitizer=cfi` requires `-Clto` or `-Clinker-plugin-lto`
+session_sanitizer_cfi_requires_lto = `-Csanitize=cfi` requires `-Clto` or `-Clinker-plugin-lto`
 
-session_sanitizer_cfi_requires_single_codegen_unit = `-Zsanitizer=cfi` with `-Clto` requires `-Ccodegen-units=1`
+session_sanitizer_cfi_requires_single_codegen_unit = `-Csanitize=cfi` with `-Clto` requires `-Ccodegen-units=1`
 
 session_sanitizer_kcfi_requires_panic_abort = `-Z sanitizer=kcfi` requires `-C panic=abort`
 

compiler/rustc_session/src/config/cfg.rs

@@ -210,7 +210,7 @@ pub(crate) fn default_configuration(sess: &Session) -> Cfg {
         ins_sym!(sym::relocation_model, sess.target.relocation_model.desc_symbol());
     }
 
-    for mut s in sess.opts.unstable_opts.sanitizer {
+    for mut s in sess.opts.cg.sanitize {
         // KASAN is still ASAN under the hood, so it uses the same attribute.
         if s == SanitizerSet::KERNELADDRESS {
             s = SanitizerSet::ADDRESS;

compiler/rustc_session/src/options.rs

@@ -811,25 +811,14 @@ pub mod parse {
     }
 
     pub(crate) fn parse_sanitizers(slot: &mut SanitizerSet, v: Option<&str>) -> bool {
-        if let Some(v) = v {
-            for s in v.split(',') {
-                *slot |= match s {
-                    "address" => SanitizerSet::ADDRESS,
-                    "cfi" => SanitizerSet::CFI,
-                    "dataflow" => SanitizerSet::DATAFLOW,
-                    "kcfi" => SanitizerSet::KCFI,
-                    "kernel-address" => SanitizerSet::KERNELADDRESS,
-                    "leak" => SanitizerSet::LEAK,
-                    "memory" => SanitizerSet::MEMORY,
-                    "memtag" => SanitizerSet::MEMTAG,
-                    "shadow-call-stack" => SanitizerSet::SHADOWCALLSTACK,
-                    "thread" => SanitizerSet::THREAD,
-                    "hwaddress" => SanitizerSet::HWADDRESS,
-                    "safestack" => SanitizerSet::SAFESTACK,
-                    _ => return false,
-                }
+        if let Some(s) = v {
+            let sanitizer_set = SanitizerSet::from_comma_list(s);
+            if sanitizer_set.is_ok() {
+                *slot |= sanitizer_set.unwrap();
+                true
+            } else {
+                false
             }
-            true
         } else {
             false
         }
@@ -1635,6 +1624,8 @@ options! {
         "output remarks for these optimization passes (space separated, or \"all\")"),
     rpath: bool = (false, parse_bool, [UNTRACKED],
         "set rpath values in libs/exes (default: no)"),
+    sanitize: SanitizerSet = (SanitizerSet::empty(), parse_sanitizers, [TRACKED],
+        "use one or multiple sanitizers"),
     save_temps: bool = (false, parse_bool, [UNTRACKED],
         "save all temporary output files during compilation (default: no)"),
     soft_float: bool = (false, parse_bool, [TRACKED],
@@ -2003,8 +1994,6 @@ options! {
     remark_dir: Option<PathBuf> = (None, parse_opt_pathbuf, [UNTRACKED],
         "directory into which to write optimization remarks (if not specified, they will be \
 written to standard error output)"),
-    sanitizer: SanitizerSet = (SanitizerSet::empty(), parse_sanitizers, [TRACKED],
-        "use a sanitizer"),
     sanitizer_cfi_canonical_jump_tables: Option<bool> = (Some(true), parse_opt_bool, [TRACKED],
         "enable canonical jump tables (default: yes)"),
     sanitizer_cfi_generalize_pointers: Option<bool> = (None, parse_opt_bool, [TRACKED],

compiler/rustc_session/src/session.rs

@@ -360,8 +360,12 @@ impl Session {
         self.opts.unstable_opts.coverage_options.no_mir_spans
     }
 
+    pub fn is_sanitizer_address_enabled(&self) -> bool {
+        self.opts.cg.sanitize.contains(SanitizerSet::ADDRESS)
+    }
+
     pub fn is_sanitizer_cfi_enabled(&self) -> bool {
-        self.opts.unstable_opts.sanitizer.contains(SanitizerSet::CFI)
+        self.opts.cg.sanitize.contains(SanitizerSet::CFI)
     }
 
     pub fn is_sanitizer_cfi_canonical_jump_tables_disabled(&self) -> bool {
@@ -380,8 +384,32 @@ impl Session {
         self.opts.unstable_opts.sanitizer_cfi_normalize_integers == Some(true)
     }
 
+    pub fn is_sanitizer_hwaddress_enabled(&self) -> bool {
+        self.opts.cg.sanitize.contains(SanitizerSet::HWADDRESS)
+    }
+
     pub fn is_sanitizer_kcfi_enabled(&self) -> bool {
-        self.opts.unstable_opts.sanitizer.contains(SanitizerSet::KCFI)
+        self.opts.cg.sanitize.contains(SanitizerSet::KCFI)
+    }
+
+    pub fn is_sanitizer_kernel_address_enabled(&self) -> bool {
+        self.opts.cg.sanitize.contains(SanitizerSet::KERNELADDRESS)
+    }
+
+    pub fn is_sanitizer_memory_enabled(&self) -> bool {
+        self.opts.cg.sanitize.contains(SanitizerSet::MEMORY)
+    }
+
+    pub fn is_sanitizer_memory_recover_enabled(&self) -> bool {
+        self.opts.unstable_opts.sanitizer_recover.contains(SanitizerSet::MEMORY)
+    }
+
+    pub fn is_sanitizer_memory_track_origins_enabled(&self) -> bool {
+        self.opts.unstable_opts.sanitizer_memory_track_origins != 0
+    }
+
+    pub fn is_sanitizer_thread_enabled(&self) -> bool {
+        self.opts.cg.sanitize.contains(SanitizerSet::THREAD)
     }
 
     pub fn is_split_lto_unit_enabled(&self) -> bool {
@@ -563,7 +591,10 @@ impl Session {
         // AddressSanitizer and KernelAddressSanitizer uses lifetimes to detect use after scope bugs.
         // MemorySanitizer uses lifetimes to detect use of uninitialized stack variables.
         // HWAddressSanitizer will use lifetimes to detect use after scope bugs in the future.
-        || self.opts.unstable_opts.sanitizer.intersects(SanitizerSet::ADDRESS | SanitizerSet::KERNELADDRESS | SanitizerSet::MEMORY | SanitizerSet::HWADDRESS)
+        || self.is_sanitizer_address_enabled()
+        || self.is_sanitizer_kernel_address_enabled()
+        || self.is_sanitizer_memory_enabled()
+        || self.is_sanitizer_hwaddress_enabled()
     }
 
     pub fn diagnostic_width(&self) -> usize {
@@ -691,7 +722,7 @@ impl Session {
             let more_names = self.opts.output_types.contains_key(&OutputType::LlvmAssembly)
                 || self.opts.output_types.contains_key(&OutputType::Bitcode)
                 // AddressSanitizer and MemorySanitizer use alloca name when reporting an issue.
-                || self.opts.unstable_opts.sanitizer.intersects(SanitizerSet::ADDRESS | SanitizerSet::MEMORY);
+                || self.is_sanitizer_address_enabled() || self.is_sanitizer_memory_enabled();
             !more_names
         }
     }
@@ -1136,14 +1167,19 @@ fn validate_commandline_args_with_session_available(sess: &Session) {
         }
     }
 
-    // Sanitizers can only be used on platforms that we know have working sanitizer codegen.
-    let supported_sanitizers = sess.target.options.supported_sanitizers;
-    let mut unsupported_sanitizers = sess.opts.unstable_opts.sanitizer - supported_sanitizers;
+    let supported_sanitizers = if sess.unstable_options() {
+        sess.target.options.supported_sanitizers | sess.target.options.stable_sanitizers
+    } else {
+        sess.target.options.stable_sanitizers
+    };
+    let mut unsupported_sanitizers = sess.opts.cg.sanitize - supported_sanitizers;
+
     // Niche: if `fixed-x18`, or effectively switching on `reserved-x18` flag, is enabled
     // we should allow Shadow Call Stack sanitizer.
     if sess.opts.unstable_opts.fixed_x18 && sess.target.arch == "aarch64" {
         unsupported_sanitizers -= SanitizerSet::SHADOWCALLSTACK;
     }
+
     match unsupported_sanitizers.into_iter().count() {
         0 => {}
         1 => {
@@ -1158,18 +1194,15 @@ fn validate_commandline_args_with_session_available(sess: &Session) {
     }
 
     // Cannot mix and match mutually-exclusive sanitizers.
-    if let Some((first, second)) = sess.opts.unstable_opts.sanitizer.mutually_exclusive() {
+    if let Some((first, second)) = sess.opts.cg.sanitize.mutually_exclusive() {
         sess.dcx().emit_err(errors::CannotMixAndMatchSanitizers {
             first: first.to_string(),
             second: second.to_string(),
         });
     }
 
     // Cannot enable crt-static with sanitizers on Linux
-    if sess.crt_static(None)
-        && !sess.opts.unstable_opts.sanitizer.is_empty()
-        && !sess.target.is_like_msvc
-    {
+    if sess.crt_static(None) && !sess.opts.cg.sanitize.is_empty() && !sess.target.is_like_msvc {
         sess.dcx().emit_err(errors::CannotEnableCrtStaticLinux);
     }
 

compiler/rustc_target/src/spec/json.rs

@@ -6,6 +6,7 @@ use serde_json::Value;
 
 use super::{Target, TargetKind, TargetOptions, TargetWarnings};
 use crate::json::{Json, ToJson};
+use crate::spec::SanitizerSet;
 
 impl Target {
     /// Loads a target descriptor from a JSON object.
@@ -313,32 +314,15 @@ impl Target {
             } );
             ($key_name:ident, SanitizerSet) => ( {
                 let name = (stringify!($key_name)).replace("_", "-");
-                if let Some(o) = obj.remove(&name) {
-                    if let Some(a) = o.as_array() {
-                        for s in a {
-                            use super::SanitizerSet;
-                            base.$key_name |= match s.as_str() {
-                                Some("address") => SanitizerSet::ADDRESS,
-                                Some("cfi") => SanitizerSet::CFI,
-                                Some("dataflow") => SanitizerSet::DATAFLOW,
-                                Some("kcfi") => SanitizerSet::KCFI,
-                                Some("kernel-address") => SanitizerSet::KERNELADDRESS,
-                                Some("leak") => SanitizerSet::LEAK,
-                                Some("memory") => SanitizerSet::MEMORY,
-                                Some("memtag") => SanitizerSet::MEMTAG,
-                                Some("safestack") => SanitizerSet::SAFESTACK,
-                                Some("shadow-call-stack") => SanitizerSet::SHADOWCALLSTACK,
-                                Some("thread") => SanitizerSet::THREAD,
-                                Some("hwaddress") => SanitizerSet::HWADDRESS,
-                                Some(s) => return Err(format!("unknown sanitizer {}", s)),
-                                _ => return Err(format!("not a string: {:?}", s)),
-                            };
-                        }
-                    } else {
-                        incorrect_type.push(name)
-                    }
-                }
-                Ok::<(), String>(())
+                obj.remove(&name).and_then(|o| match SanitizerSet::from_json(&o) {
+                    Ok(v) => {
+                        base.$key_name = v;
+                        Some(Ok(()))
+                    },
+                    Err(s) => Some(Err(
+                        format!("`{:?}` is not a valid value for `{}`: {}", o, name, s)
+                    )),
+                }).unwrap_or(Ok(()))
             } );
             ($key_name:ident, link_self_contained_components) => ( {
                 // Skeleton of what needs to be parsed:
@@ -607,6 +591,7 @@ impl Target {
         key!(split_debuginfo, SplitDebuginfo)?;
         key!(supported_split_debuginfo, fallible_list)?;
         key!(supported_sanitizers, SanitizerSet)?;
+        key!(stable_sanitizers, SanitizerSet)?;
         key!(generate_arange_section, bool);
         key!(supports_stack_protector, bool);
         key!(small_data_threshold_support, SmallDataThresholdSupport)?;