-
Notifications
You must be signed in to change notification settings - Fork 13k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add -Zrandomize-layout
flag to better detect code that rely on unspecified behavior related to memory layout
#77316
Comments
-Zrandomize-layout
flag to better detect code that rely on unspecified behavior related memory layout-Zrandomize-layout
flag to better detect code that rely on unspecified behavior related to memory layout
I think this could be very useful indeed... maybe @eddyb has some ideas for how to best implement this. |
You can make this deterministic by using the We can also do a limited version of this by default, but since it won't change the size, it would only fail at runtime #38550 (comment) |
On Zulip @RalfJung pointed out that I didn't explain why you would want to make this deterministic (or why that's the main difficulty), so here's 3 reasons why this has to be deterministic:
There's two ways to get deterministic per-type-definition "seeds":
You might probably also want a CLI flag to e.g. XOR in a fixed seed as well, even with the latter method, but it would have to be embedded in the type definition (so that it's correct cross-crate without requiring the same flag to passed in order to avoid miscompilation), so it's as much effort as both. |
Randomizing the layout for testing purposes was being suggested starting from the original struct layout RFC (https://github.com/rust-lang/rfcs/blob/master/text/0079-undefined-struct-layout.md#alternatives), it's unfortunate that it's still not implemented. I've found one similar existing issue for this - #38550. |
I think the "easiest" thing that should also give the highest reward is adding uninit bytes at the front of every repr(Rust) struct (obviously under some
we can then extend to: |
I would be glad to help implementing a first iteration of those ideas namely padding bytes at the start of repr(rust) struct. But I am not knowledgeable enough about those parts of the compiler. |
@marmeladema It's pretty much all in If you rely on the same flag to be passed across all the crates, or if you record what the choices were when a certain crate was contained (you could look at how |
Added -Z randomize-layout flag An implementation of rust-lang#77316, it currently randomly shuffles the fields of `repr(rust)` types based on their `DefPathHash` r? `@eddyb`
Added -Z randomize-layout flag An implementation of rust-lang#77316, it currently randomly shuffles the fields of `repr(rust)` types based on their `DefPathHash` r? ``@eddyb``
In order to better detect code that rely on unspecified behavior related to memory layout, it could be useful to have a
-Zrandomize-layout
flag that add some padding bytes at the start of all#[repr(rust)]
structs and unions. It should also add different amounts of padding to different fields.This should help detecting invalid transmutes, or invalid unions.
Zulip thread: https://rust-lang.zulipchat.com/#narrow/stream/122651-general/topic/Transmute.20safety.20question
The text was updated successfully, but these errors were encountered: