PR feedback: minicore, LLVMRustConstPtrAuth and in-code docs

Author: jchlanda

compiler/rustc_codegen_llvm/src/context.rs

@@ -851,6 +851,18 @@ impl<'ll, 'tcx> MiscCodegenMethods<'tcx> for CodegenCx<'ll, 'tcx> {
     }
 
     fn get_fn_addr(&self, instance: Instance<'tcx>, pac: Option<PacMetadata>) -> &'ll Value {
+        // When pointer authentication metadata is provided, `get_fn_addr` will
+        // attempt to sign the pointer using LLVM's `ConstPtrAuth` constant
+        // expression.
+        //
+        // FIXME(jchlanda) Currently, all function addresses requested from
+        // within LLVM codegen are signed. This behavior is too broad, resulting
+        // in the logic being applied to function values, not just pointers
+        // (addresses).
+        //
+        // See the discussion in the rust-lang issue:
+        // <https://github.com/rust-lang/rust/issues/152532>, and comment in
+        // builder's `ptrauth_operand_bundle`.
         let llfn = get_fn(self, instance);
         match pac {
             Some(pac) => common::maybe_sign_fn_ptr(self, instance, llfn, pac),

compiler/rustc_codegen_llvm/src/llvm/ffi.rs

@@ -2586,9 +2586,9 @@ unsafe extern "C" {
     ) -> &'ll Value;
 
     pub(crate) fn LLVMRustConstPtrAuth(
-        ptr: *mut Value,
+        ptr: *const Value,
         key: u32,
         disc: u64,
-        addr_diversity: *mut Value,
-    ) -> *mut Value;
+        addr_diversity: *const Value,
+    ) -> *const Value;
 }

compiler/rustc_codegen_llvm/src/llvm/mod.rs

@@ -484,10 +484,8 @@ pub(crate) fn const_ptr_auth<'ll>(
     addr_diversity: Option<&'ll Value>,
 ) -> &'ll Value {
     unsafe {
-        let addr_div_ptr = addr_diversity.map_or(std::ptr::null_mut(), |v| v as *const _ as *mut _);
-
-        let result = LLVMRustConstPtrAuth(ptr as *const _ as *mut _, key, disc, addr_div_ptr);
-
+        let addr_div_ptr = addr_diversity.map_or(std::ptr::null(), |v| v as *const Value);
+        let result = LLVMRustConstPtrAuth(ptr as *const Value, key, disc, addr_div_ptr);
         &*result
     }
 }

compiler/rustc_codegen_ssa/src/traits/misc.rs

@@ -7,8 +7,10 @@ use rustc_session::Session;
 use super::BackendTypes;
 
 /// Strategy for incorporating address-based diversity into PAC computation.
+#[derive(Default)]
 pub enum AddressDiversity {
     /// No address diversity is applied.
+    #[default]
     None,
     /// Use the actual memory address for diversification.
     Real,
@@ -17,12 +19,6 @@ pub enum AddressDiversity {
     Synthetic(u64),
 }
 
-impl Default for AddressDiversity {
-    fn default() -> Self {
-        AddressDiversity::None
-    }
-}
-
 /// Metadata used for pointer authentication.
 pub struct PacMetadata {
     /// The PAC key to use.

tests/assembly-llvm/targets/targets-aarch64_unknown_linux_pauthtest.rs

@@ -1,39 +1,43 @@
+//@ add-minicore
 //@ assembly-output: emit-asm
 //@ only-aarch64-unknown-linux-pauthtest
 //@ revisions: aarch64_unknown_linux_pauthtest
 //@ [aarch64_unknown_linux_pauthtest] compile-flags: --target=aarch64-unknown-linux-pauthtest
 //@ [aarch64_unknown_linux_pauthtest] needs-llvm-components: aarch64
 
+#![feature(no_core, lang_items)]
 #![no_std]
+#![no_core]
 #![crate_type = "lib"]
 
+extern crate minicore;
+
 #[no_mangle]
 #[inline(never)]
-pub extern "C" fn add(a: i32, b: i32) -> i32 {
-    a + b
+pub extern "C" fn c_func(a: i32) -> i32 {
+    a
 }
 
 #[no_mangle]
 #[inline(never)]
-fn call_through(f: extern "C" fn(i32, i32) -> i32, x: i32) -> i32 {
-    f(x, 1)
+fn call_through(f: extern "C" fn(i32) -> i32, x: i32) -> i32 {
+    f(x)
 }
 
 #[no_mangle]
 #[inline(never)]
-pub fn call_add(x: i32) -> i32 {
-    call_through(add, x)
+pub fn call_c_func(x: i32) -> i32 {
+    call_through(c_func, x)
 }
 
 // CHECK-LABEL: call_through:
 // CHECK:       mov     [[PTR:x[0-9]+]], x0
 // CHECK:       mov     w0, w1
-// CHECK:       mov     w1, #1
 // CHECK:       braaz   [[PTR]]
 
-// CHECK-LABEL: call_add:
-// CHECK:       adrp    [[GOT_REG:x[0-9]+]], :got:add
-// CHECK:       ldr     [[GOT_REG]], [[[GOT_REG]], :got_lo12:add]
+// CHECK-LABEL: call_c_func:
+// CHECK:       adrp    [[GOT_REG:x[0-9]+]], :got:c_func
+// CHECK:       ldr     [[GOT_REG]], [[[GOT_REG]], :got_lo12:c_func]
 // CHECK:       paciza  [[FN_REG:x[0-9]+]]
 // CHECK:       mov     w1, w0
 // CHECK:       mov     x0, [[FN_REG]]

tests/auxiliary/minicore.rs

@@ -282,12 +282,16 @@ impl<T, const N: usize> Sync for [T; N] {}
 
 // Function pointers are treated as `Sync` to match real `core` behavior.
 //
-// We intentionally only cover the zero-argument form since tests using this minicore
-// are simplified to `fn() -> R` / `extern "C" fn() -> R` to avoid arity-specific
-// complexity. See: tests/codegen-llvm/pauth-extern-weak-global.rs for the use case.
+// Minicore provides only the minimal set of impls required by tests. Rather
+// than exhaustively covering all possible function pointer signatures,
+// additional impls should be added as needed.
 impl<R> Sync for fn() -> R {}
+impl<R> Sync for extern "C" fn() -> R {}
 impl<R> Sync for unsafe extern "C" fn() -> R {}
 
+impl<A, R> Sync for extern "C" fn(A) -> R {}
+impl<A, R> Sync for unsafe extern "C" fn(A) -> R {}
+
 #[lang = "drop_in_place"]
 fn drop_in_place<T>(_: *mut T) {}
 
@@ -355,6 +359,16 @@ pub mod ptr {
     }
 }
 
+pub mod hint {
+    #[inline]
+    pub fn black_box<T>(dummy: T) -> T {
+        #[rustc_intrinsic]
+        fn black_box<T>(dummy: T) -> T;
+
+        unsafe { black_box(dummy) }
+    }
+}
+
 #[lang = "c_void"]
 #[repr(u8)]
 pub enum c_void {

tests/codegen-llvm/pauth/pauth-extern-c-direct-indirect-call.rs

@@ -1,3 +1,4 @@
+//@ add-minicore
 // ignore-tidy-linelength
 //@ only-aarch64-unknown-linux-pauthtest
 //@ revisions: O0_PAUTH O3_PAUTH
@@ -9,11 +10,17 @@
 
 // Make sure that direct extern "C" calls are not handled by pointer authentication operand bundle
 // logic.
-use std::ffi::c_void;
-use std::hint::black_box;
+#![feature(no_core, lang_items)]
+#![no_std]
+#![no_core]
+#![crate_type = "lib"]
+
+extern crate minicore;
+use minicore::hint::black_box;
+use minicore::*;
 
 extern "C" {
-    fn rand() -> i32;
+    fn rand() -> bool;
     fn add(a: i32, b: i32) -> i32;
     fn sub(a: i32, b: i32) -> i32;
 
@@ -43,9 +50,9 @@ fn test_indirect_call() {
 
     // Also test calling via conditional pointer
     unsafe {
-        // O0_PAUTH: call {{.*}}i32 ptrauth (ptr @rand, i32 0)({{.*}}) #{{[0-9]+}} [ "ptrauth"(i32 0, i64 0) ]
-        // O3_PAUTH: call {{.*}}i32  @rand() #
-        let use_add = rand() % 2 == 0;
+        // O0_PAUTH: call {{.*}}i1 ptrauth (ptr @rand, i32 0)({{.*}}) #{{[0-9]+}} [ "ptrauth"(i32 0, i64 0) ]
+        // O3_PAUTH: call {{.*}}i1  @rand() #
+        let use_add = rand();
         // O0_PAUTH: store ptr ptrauth (ptr @sub, i32 0), ptr %[[FP_O0:[a-zA-Z0-9_.]+]]
         // O0_PAUTH: store ptr ptrauth (ptr @add, i32 0), ptr %[[FP_O0]]{{.*}}
         // O0_PAUTH: %[[LOAD_FP_O0:[a-zA-Z0-9_.]+]] = load ptr, ptr %[[FP_O0]]{{.*}}
@@ -61,7 +68,7 @@ fn test_indirect_call() {
     }
 }
 
-// CHECK-LABE: test_direct_call
+// CHECK-LABEL: test_direct_call
 #[inline(never)]
 fn test_direct_call() {
     unsafe {
@@ -78,7 +85,7 @@ fn test_direct_call() {
     }
 }
 
-fn main() {
+pub fn entry() {
     test_indirect_call();
     test_direct_call();
 }

tests/codegen-llvm/pauth/pauth-init-fini.rs

@@ -1,3 +1,4 @@
+//@ add-minicore
 // ignore-tidy-linelength
 //@ only-aarch64-unknown-linux-pauthtest
 //@ revisions: O0_PAUTH O3_PAUTH
@@ -9,8 +10,13 @@
 
 // Make sure that init/fini metadata uses correct discriminator: 0xd9d4/55764
 
+#![feature(no_core, lang_items)]
+#![no_std]
+#![no_core]
 #![crate_type = "lib"]
-#![feature(linkage)]
+
+extern crate minicore;
+use minicore::*;
 
 // O0_PAUTH: @{{[0-9A-Za-z_]+}}GLOBAL_INIT = constant ptr ptrauth (ptr @{{[0-9A-Za-z_]+}}init_fn, i32 0, i64 55764, ptr inttoptr (i64 1 to ptr)), section ".init_array.90"
 // O3_PAUTH: @{{[0-9A-Za-z_]+}}GLOBAL_INIT = constant ptr ptrauth (ptr @{{[0-9A-Za-z_]+}}init_fn, i32 0, i64 55764, ptr inttoptr (i64 1 to ptr)), section ".init_array.90"