Remove the #[no_sanitize] attribute in favor of #[sanitize(xyz = "on|off")]
#142681
Conversation
This change implements the #[sanitize(..)] attribute, which opts to
replace the currently unstable #[no_sanitize]. Essentially the new
attribute works similar as #[no_sanitize], just with more flexible
options regarding where it is applied. E.g. it is possible to turn
a certain sanitizer either on or off:
`#[sanitize(address = "on|off")]`
This attribute now also applies to more places, e.g. it is possible
to turn off a sanitizer for an entire module or impl block:
```rust
\#[sanitize(address = "off")]
mod foo {
fn unsanitized(..) {}
#[sanitize(address = "on")]
fn sanitized(..) {}
}
\#[sanitize(thread = "off")]
impl MyTrait for () {
...
}
```
This attribute is enabled behind the unstable `sanitize` feature.
rustbot
added
A-attributes
|
Some changes occurred in compiler/rustc_codegen_ssa Some changes occurred in compiler/rustc_passes/src/check_attr.rs The rustc-dev-guide subtree was changed. If this PR only touches the dev guide consider submitting a PR directly to rust-lang/rustc-dev-guide otherwise thank you for updating the dev guide with your changes. cc @BoxyUwU, @jieyouxu, @Kobzol
Some changes occurred in src/doc/unstable-book/src/language-features/no-sanitize.md cc @rust-lang/project-exploit-mitigations, @rcvalle Some changes occurred in tests/codegen/sanitizer cc @rcvalle Some changes occurred in tests/ui/sanitizer cc @rcvalle Some changes occurred in compiler/rustc_codegen_ssa/src/codegen_attrs.rs |
|
Thank you very much for your time and work on this, @1c3t3a! Much appreciated. |
This comment has been minimized.
This comment has been minimized.
This removes the #[no_sanitize] attribute, which was behind an unstable feature named no_sanitize. Instead, we introduce the sanitize attribute which is more powerful and allows to be extended in the future (instead of just focusing on turning sanitizers off).
This comment has been minimized.
This comment has been minimized.
…ress To do it the same as how clang disables address sanitizer, we now disable ASAN on sanitize(kernel_address = "off") and KASAN on sanitize(address = "off"). The same was added to clang in https://reviews.llvm.org/D44981.
|
It doesn't matter for me, but should we make this change gradually by supporting both for some time? |
That's possible for sure, I put stuff into different commits for that reason and I can just drop the middle commit to have both exist in parallel. What's the reason for having both at the same time? An easier migration period? |
|
We generally do not make such efforts to migrate usage of nightly features without a specific known good reason to do so. (Let us know of course if there is one, e.g. if this affects RfL in some way.) |
This came up during the sanitizer stabilization (#123617). Instead of a
#[no_sanitize(xyz)]attribute, we would like to have a#[sanitize(xyz = "on|off")]attribute, which is more powerful and allows to be extended in the future (insteadof just focusing on turning sanitizers off). The implementation is done according to what was discussed on Zulip).
The new attribute also works on modules, traits and impl items and thus enables usage as the following:
r? @rcvalle