Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add the -Z randomize-layout flag #457

Closed
1 of 3 tasks
Kixiron opened this issue Aug 26, 2021 · 3 comments
Closed
1 of 3 tasks

Add the -Z randomize-layout flag #457

Kixiron opened this issue Aug 26, 2021 · 3 comments
Labels
major-change A proposal to make a major change to rustc major-change-accepted A major change proposal that was accepted T-compiler Add this label so rfcbot knows to poll the compiler team

Comments

@Kixiron
Copy link
Member

Kixiron commented Aug 26, 2021

Proposal

Adds the -Z randomize-layout flag and infrastructure required for it. The randomize layout flag randomizes/shuffles/otherwise makes unpredictable the layout of repr(Rust) types, which do not have a specified layout. This is to aid in debugging programs, detecting undefined behavior and running crater experiments. This does not affect any types with specified layouts, such as #[repr(C)] or #[repr(transparent)] types. This is strictly an opt-in flag and will not affect current stable code unless the end user explicitly uses the -Z randomize-layout flag with a nightly compiler.

Mentors or Reviewers

@eddyb

Process

The main points of the Major Change Process are as follows:

  • File an issue describing the proposal.
  • A compiler team member or contributor who is knowledgeable in the area can second by writing @rustbot second.
    • Finding a "second" suffices for internal changes. If however, you are proposing a new public-facing feature, such as a -C flag, then full team check-off is required.
    • Compiler team members can initiate a check-off via @rfcbot fcp merge on either the MCP or the PR.
  • Once an MCP is seconded, the Final Comment Period begins. If no objections are raised after 10 days, the MCP is considered approved.

You can read more about Major Change Proposals on forge.

Comments

This issue is not meant to be used for technical discussion. There is a Zulip stream for that. Use this issue to leave procedural comments, such as volunteering to review, indicating that you second the proposal (or third, etc), or raising a concern that you would like to be addressed.

@Kixiron Kixiron added major-change A proposal to make a major change to rustc T-compiler Add this label so rfcbot knows to poll the compiler team labels Aug 26, 2021
@rustbot
Copy link
Collaborator

rustbot commented Aug 26, 2021

This issue is not meant to be used for technical discussion. There is a Zulip stream for that. Use this issue to leave procedural comments, such as volunteering to review, indicating that you second the proposal (or third, etc), or raising a concern that you would like to be addressed.

cc @rust-lang/compiler @rust-lang/compiler-contributors

@rustbot rustbot added the to-announce Announce this issue on triage meeting label Aug 26, 2021
@eddyb
Copy link
Member

eddyb commented Aug 26, 2021

@rustbot second

@rustbot rustbot added the final-comment-period The FCP has started, most (if not all) team members are in agreement label Aug 26, 2021
@apiraino apiraino removed the to-announce Announce this issue on triage meeting label Sep 2, 2021
@apiraino
Copy link
Contributor

apiraino commented Sep 9, 2021

@rustbot label -final-comment-period +major-change-accepted

@apiraino apiraino closed this as completed Sep 9, 2021
@rustbot rustbot added major-change-accepted A major change proposal that was accepted to-announce Announce this issue on triage meeting and removed final-comment-period The FCP has started, most (if not all) team members are in agreement labels Sep 9, 2021
@apiraino apiraino removed the to-announce Announce this issue on triage meeting label Sep 9, 2021
matthiaskrgr added a commit to matthiaskrgr/rust that referenced this issue Dec 18, 2021
Add user seed to `-Z randomize-layout`

Allows users of -`Z randomize-layout` to provide `-Z layout-seed=<seed>` in order to further randomizing type layout randomization. Extension of [compiler-team/rust-lang#457](rust-lang/compiler-team#457), allows users to change struct layouts without changing code and hoping that item path hashes change, aiding in detecting layout errors
hawkw added a commit to hawkw/mycelium that referenced this issue Jun 19, 2022
`cordyceps` and `maitake` currently contain code that perform
layout-dependent casts (in this case, casting a ptr to struct to a ptr
to the struct's first subfield), which would be UB if those structs
were not `#[repr(C)]`.

the `-Zrandomize-layout` flag tells the Rust compiler to randomize the
layout of all `#[repr(Rust)]` structs (see rust-lang/compiler-team#457
for details). if we ever perform a layout-dependent cast on a struct
that is not `#[repr(C)]` (or `#[repr(transparent)]`), layout
randomization would break that cast. enabling this flag while running
the Miri tests will help to catch any bugs introduced by accidentally
performing such a cast on a non-layout-dependent type.

i also made some changes to the `bin/miri` script. this was primarily to
add comments on the individual flags that are added to `$MIRIFLAGS`, so
that we can remember what they're doing when we look back at the script.
the actual behavior should be identical, but the values added to
`$MIRIFLAGS` are now declared in an array so that each flag can have a
comment.

Closes #229

Signed-off-by: Eliza Weisman <[email protected]>
hawkw added a commit to hawkw/mycelium that referenced this issue Jun 19, 2022
`cordyceps` and `maitake` currently contain code that perform
layout-dependent casts (in this case, casting a ptr to struct to a ptr
to the struct's first subfield), which would be UB if those structs
were not `#[repr(C)]`.

the `-Zrandomize-layout` flag tells the Rust compiler to randomize the
layout of all `#[repr(Rust)]` structs (see rust-lang/compiler-team#457
for details). if we ever perform a layout-dependent cast on a struct
that is not `#[repr(C)]` (or `#[repr(transparent)]`), layout
randomization would break that cast. enabling this flag while running
the Miri tests will help to catch any bugs introduced by accidentally
performing such a cast on a non-layout-dependent type.

i also made some changes to the `bin/miri` script. this was primarily to
add comments on the individual flags that are added to `$MIRIFLAGS`, so
that we can remember what they're doing when we look back at the script.
the actual behavior should be identical, but the values added to
`$MIRIFLAGS` are now declared in an array so that each flag can have a
comment.

Closes #229

Signed-off-by: Eliza Weisman <[email protected]>
hawkw added a commit to hawkw/mycelium that referenced this issue Jun 21, 2022
`cordyceps` and `maitake` currently contain code that perform
layout-dependent casts (in this case, casting a ptr to struct to a ptr
to the struct's first subfield), which would be UB if those structs
were not `#[repr(C)]`.

the `-Zrandomize-layout` flag tells the Rust compiler to randomize the
layout of all `#[repr(Rust)]` structs (see rust-lang/compiler-team#457
for details). if we ever perform a layout-dependent cast on a struct
that is not `#[repr(C)]` (or `#[repr(transparent)]`), layout
randomization would break that cast. enabling this flag while running
the Miri tests will help to catch any bugs introduced by accidentally
performing such a cast on a non-layout-dependent type.

i also made some changes to the `bin/miri` script. this was primarily to
add comments on the individual flags that are added to `$MIRIFLAGS`, so
that we can remember what they're doing when we look back at the script.
the actual behavior should be identical, but the values added to
`$MIRIFLAGS` are now declared in an array so that each flag can have a
comment.

Closes #229

Signed-off-by: Eliza Weisman <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
major-change A proposal to make a major change to rustc major-change-accepted A major change proposal that was accepted T-compiler Add this label so rfcbot knows to poll the compiler team
Projects
None yet
Development

No branches or pull requests

4 participants