Add support for full RELRO
This commit adds support for full RELRO, and enables it for the
platforms I know have support for it.
Full RELRO makes the PLT+GOT data read-only on startup, preventing it
from being overwritten.
http://tk-blog.blogspot.com/2009/02/relro-not-so-well-known-memory.htmlFixesrust-lang/rust#29877.
---
I'm not entirely certain if this is the best way to do it, but I figured mimicking the way it's done for PIE seemed like a good start at least. I'm not sure whether we want to have it enabled by default globally and then disabling it explicitly for targets that don't support it though. I'm also not sure whether the `full_relro` function should call `bug!()` or something like it for linkers that don't support it rather than no-opping.
Slew of builtin-attribute gating tests
Slew of builtin-attribute "gating" tests for issue #43106.
Some stray observations:
* I don't know if its a good thing that so many attributes allow inputs which are silently discarded. (I made heavy use of that in writing my tests, but that was more out of curiosity than necessity.)
* The difference between crate-level and non-crate-level behavior is quite significant in some cases. Definitely worth making sure one has tests for both cases. (Not as clear whether it was worthwhile trying the various other AST forms like `fn f()` vs `struct S;`)
* `#[no_builtins]` and `#[no_mangle]` occur twice on the `BUILTIN_ATTRIBUTES` list. Thats almost certainly a bug. (Filed as #43148)
* We are maximally liberal in what we allow for `#[test]` and `#[bench]` when one compiles without `--test`.
* We allow `#[no_mangle]` on arbitrary AST nodes, but only warn about potential misuse on `fn`
* We allow `#[cold]`, `#[must_use]`, `#[windows_subsystem]`, and `#[no_builtins]` on arbitrary AST nodes. I don't know off-hand what the semantics are for e.g. a `#[cold] type T = ...;`
* We allow crate-level `#![inline]`. That's probably a bug since its otherwise restricted to `fn` items
Unify rules about commas in match arms and semicolons in expressions
Original discussion: https://internals.rust-lang.org/t/syntax-of-block-like-expressions-in-match-arms/5025/7.
Currently, rust uses different rules to determine if `,` is needed after an expression in a match arm and if `;` is needed in an expression statement:
```Rust
fn stmt() {
# no need for semicolons
{ () }
if true { () } else { () }
loop {}
while true {}
}
fn match_arm(n: i32) {
match n {
1 => { () } # can omit comma here
2 => if true { () } else { () }, # but all other cases do need commas.
3 => loop { },
4 => while true {},
_ => ()
}
}
```
This seems weird: why would you want to require `,` after and `if`?
This PR unifies the rules. It is backwards compatible because it allows strictly more programs.
float_bits_conv made it into 1.20
It seems that my PR to stabilize the `float_bits_conv` feature got merged before beta branched, which means I'm lucky, and the stabilization makes it into Rust 1.20. As it was against my expectations, the version number has to be corrected from 1.21 to 1.20.
Please also apply this PR to the beta branch.
Fix erroneous reference to Arc instead of Rc in rc::Weak documentation
The docs for `rc::Weak` refer to `Arc` in one place, where they should obviously be referring to `Rc`; presumably this was erroneously copied over from the `arc::Weak` docs.
`std::time::Duration`: improve _precision_ of terminology in docs
Changed wording of docs on `std::time::Duration` for better clarity w.r.t. the contents of the type and the purpose of its methods. (Specifically, removed the use of the word "precision" to describe the fractional part of the `Duration` because "precision" is more properly used to describe how _precise_ a value is, i.e. its granularity in this case.)
Workaround "Quasi-quoting is inefficient" warning in incremental rustbuild introduced in #43252.
After #43252 is merged, building stage0 libcore with `-i` (`--incremental`) flag will cause 17 "Quasi-quoting might make incremental compilation very inefficient: NtExpr(..)" warnings, as in #40946.
```
warning: Quasi-quoting might make incremental compilation very inefficient: NtExpr(..)
--> src/libcore/default.rs:133:21
|
133 | #[doc = $doc]
| ^^^^
...
139 | default_impl! { (), (), "Returns the default value of `()`" }
| ------------------------------------------------------------- in this macro invocation
(× 17)
```
True fix for #40946 will take at least 12 weeks from now to make into the next stage0, so it is quicker to workaround it in libcore instead.
cc @vbrandl @jseyfried
Change Travis CI job order.
Reorder the job matrix to take advantage of the order how Travis CI starts them in rust-lang/rust. Plus other refactoring of `.travis.yml`.
1. Move the `$ALLOW_PR` image to the top, so pull requests will start testing as immediately after the build is started. Previously the `$ALLOW_PR` image starts 6 minutes after the build was scheduled.
2. Move the slow macOS images near the top, so they share more time with the rest of the faster Linux builds, which should shorten total test time (actually not much, about 7 minutes at most if this change does work).
3. Merged the `install` section of both Linux and macOS to make the `env:` section a bit shorter, and enable change 4 below.
4. Do not download or install anything if `$SKIP_BUILD == true`, which further reduces chance of spurious failure in the PR-CI stage (avoid the red cross appearing even if CI passed).
(IMO `$SKIP_BUILD` should not even exist: those irrelevant jobs should not start at all, but that would require travis-ci/travis-ci#2778 which has been rejected)
Update docs on Error struct. #29355
This adds a pretty contrived example of the usage of fmt::Error. I am
very open to suggestions for a better one.
I have also highlighted the fmt::Error vs std::error::Error.
r? @steveklabnik
Support generic lifetime arguments in method calls
Fixes https://github.com/rust-lang/rust/issues/42403
Fixes https://github.com/rust-lang/rust/issues/42115
Lifetimes in a method call `x.f::<'a, 'b, T, U>()` are treated exactly like lifetimes in the equivalent UFCS call `X::f::<'a, 'b, T, U>`.
In addition, if the method has late bound lifetime parameters (explicit or implicit), then explicitly specifying lifetime arguments is not permitted (guarded by a compatibility lint).
[breaking-change] because previously lifetimes in method calls were accepted unconditionally.
r? @eddyb
Reorder the job matrix to take advantage of the order how Travis CI starts
them in rust-lang/rust. Plus other refactoring of `.travis.yml`.
1. Move the `$ALLOW_PR` image to the top, so users' PRs will start testing
immediately. Previously the `$ALLOW_PR` image starts 6 minutes after the
build was scheduled.
2. Move the slow macOS images near the top, so they share more time with
the rest of the faster Linux builds, which should shorten total test
time (actually not much, about 7 minutes at most if this change does
work).
3. Merged the `install` section of both Linux and macOS to make the `env:`
section a bit shorter, and enable change 4 below.
4. Do not download or install anything if `$SKIP_BUILD == true`, which
further reduces chance of spurious failure in the PR-CI stage (avoid the
red cross appearing even if CI passed).
travis: Make a few `curl` invocations more resilient
Use the `-f` flag to indicate that, for example, a 500 response code is to be
considered a failure, triggering the normal retry logic. Also ignore errors
where we check the date from google.com, as a failure there shouldn't fail the
build.
Use the `-f` flag to indicate that, for example, a 500 response code is to be
considered a failure, triggering the normal retry logic. Also ignore errors
where we check the date from google.com, as a failure there shouldn't fail the
build.
Fix treatment of lifetimes defined in nested types during detection of late bound regions in signatures.
Do not replace substs with inference variables when "cannot specify lifetime arguments explicitly..." is reported as a lint.
After #43252 is merged, building stage0 libcore with -i (--incremental)
flag will cause 17 "Quasi-quoting might make incremental compilation very
inefficient: NtExpr(..)" warnings, as in #40946.
Fixing the warning in #40946 will take 12 weeks from now to make into the
next stage0, so it is quicker to workaround it in libcore instead.
Add support for dylibs with Address Sanitizer
Many applications use address sanitizer to assert correct behaviour of their programs. When using Rust with C, it's much more important to assert correct programs with tools like asan/lsan due to the unsafe nature of the access across an ffi boundary. However, previously only rust bin types could use asan. This posed a challenge for existing C applications that link or dlopen .so when the C application is compiled with asan.
This PR enables asan to be linked to the dylib and cdylib crate type. We alter the test to check the proc-macro crate does not work with -Z sanitizer=address. Finally, we add a test that compiles a shared object in rust, then another rust program links it and demonstrates a crash through the call to the library.
This PR is nearly complete, but I do require advice on the change to fix the -lasan that currently exists in the dylib test. This is required because the link statement is not being added correctly to the rustc build when -Z sanitizer=address is added (and I'm not 100% sure why)
Thanks,
Now there's a way to add suggestions that hide the suggested code when
presented inline, to avoid weird wording when short code snippets are
added at the end.
