Change __rust_no_alloc_shim_is_unstable to be a function #141061
Conversation
rustbot
added
A-testsuite
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
This comment has been minimized.
|
Do you have a link to the problems you are having? |
Yes, sorry, I was intending to add a full write-up to the description once I had done the PR builds to validate that this works with both MinGW and MSVC. I've updated the description now. |
rustbot
added
the
S-waiting-on-review
|
YAML changes were for testing. |
rustbot
removed
the
T-infra
library/alloc/src/alloc.rs
Outdated
| #[rustc_nounwind] | ||
| #[rustc_std_internal_symbol] | ||
| #[cfg(not(bootstrap))] | ||
| fn __rust_no_alloc_shim_is_unstable(); |
There was a problem hiding this comment.
At the very least this symbol name will need to be changed to prevent UB when someone uses the old definition.
There was a problem hiding this comment.
Good point, I'll rename it.
library/alloc/src/alloc.rs
Outdated
| core::ptr::read_volatile(&__rust_no_alloc_shim_is_unstable); | ||
| #[cfg(not(bootstrap))] | ||
| __rust_no_alloc_shim_is_unstable(); |
There was a problem hiding this comment.
Would read_volatile(__rust_no_alloc_shim_is_unstable.addr().cast::<u8>()) (using the unstable FnPtr::addr method) work? Or maybe one of OpenBSD's exploit mitigations would break with that. Do we even care about that?
There was a problem hiding this comment.
That would work for most platforms.
I'm not sure about OpenBSD, but it would certainly cause issues in Xbox kernel-mode, as it loads binaries as Execute-Only (i.e., they are not readable).
Again, I suspect that the volatile read is more expensive than a tail call to empty function as it may generate load-acquire semantics.
I'm not sure if we could get away with just getting the address of the function and not reading from it? Backends might optimize that away though...
There was a problem hiding this comment.
Maybe black_box(__rust_no_alloc_shim_is_unstable as fn())?
There was a problem hiding this comment.
Would read_volatile(__rust_no_alloc_shim_is_unstable.addr().cast::()) (using the unstable FnPtr::addr method) work?
Miri would definitely complain about that.
There was a problem hiding this comment.
Maybe
black_box(__rust_no_alloc_shim_is_unstable as fn())?
Doesn't work: we get the correct behavior where it is required for linking to work, but then the codegen tests fail as the compiler is not able to optimize away allocations.
jieyouxu
added
A-linkage
If the static is exported by one crate and referenced by another, then the compiler knows whether that static will be statically linked or dynamically imported since it can see the dependency chain between the current crate using the static and the declaring crate. If the static is referenced via an |
|
The Miri subtree was changed cc @rust-lang/miri |
This comment has been minimized.
This comment has been minimized.
If the static is defined inside an rlib, and we are currently compiling an rlib, rustc can't know if the static will be statically linked or dynamically imported. Only when we are linking the current rlib into something do we know if the other rlib was statically linked or dynamically linked. |
The warning is only emitted if something marked with |
bors
added
the
S-waiting-on-bors
Change __rust_no_alloc_shim_is_unstable to be a function This fixes a long sequence of issues: 1. A customer reported that building for Arm64EC was broken: rust-lang#138541 2. This was caused by a bug in my original implementation of Arm64EC support, namely that only functions on Arm64EC need to be decorated with `#` but Rust was decorating statics as well. 3. Once I corrected Rust to only decorate functions, I started linking failures where the linker couldn't find statics exported by dylib dependencies. This was caused by the compiler not marking exported statics in the generated DEF file with `DATA`, thus they were being exported as functions not data. 4. Once I corrected the way that the DEF files were being emitted, the linker started failing saying that it couldn't find `__rust_no_alloc_shim_is_unstable`. This is because the MSVC linker requires the declarations of statics imported from other dylibs to be marked with `dllimport` (whereas it will happily link to functions imported from other dylibs whether they are marked `dllimport` or not). 5. I then made a change to ensure that `__rust_no_alloc_shim_is_unstable` was marked as `dllimport`, but the MSVC linker started emitting warnings that `__rust_no_alloc_shim_is_unstable` was marked as `dllimport` but was declared in an obj file. This is a harmless warning which is a performance hint: anything that's marked `dllimport` must be indirected via an `__imp` symbol so I added a linker arg in the target to suppress the warning. 6. A customer then reported a similar warning when using `lld-link` (<rust-lang#140176 (comment)>). I don't think it was an implementation difference between the two linkers but rather that, depending on the obj that the declaration versus uses of `__rust_no_alloc_shim_is_unstable` landed in we would get different warnings, so I suppressed that warning as well: rust-lang#140954. 7. Another customer reported that they weren't using the Rust compiler to invoke the linker, thus these warnings were breaking their build: <rust-lang#140176 (comment)>. At that point, my original change was reverted (rust-lang#141024) leaving Arm64EC broken yet again. Taking a step back, a lot of these linker issues arise from the fact that `__rust_no_alloc_shim_is_unstable` is marked as `extern "Rust"` in the standard library and, therefore, assumed to be a foreign item from a different crate BUT the Rust compiler may choose to generate it either in the current crate, some other crate that will be statically linked in OR some other crate that will by dynamically imported. Worse yet, it is impossible while building a given crate to know if `__rust_no_alloc_shim_is_unstable` will statically linked or dynamically imported: it might be that one of its dependent crates is the one with an allocator kind set and thus that crate (which is compiled later) will decide depending if it has any dylib dependencies or not to import `__rust_no_alloc_shim_is_unstable` or generate it. Thus, there is no way to know if the declaration of `__rust_no_alloc_shim_is_unstable` should be marked with `dllimport` or not. There is a simple fix for all this: there is no reason `__rust_no_alloc_shim_is_unstable` must be a static. It needs to be some symbol that must be linked in; thus, it could easily be a function instead. As a function, there is no need to mark it as `dllimport` when dynamically imported which avoids the entire mess above. There may be a perf hit for changing the `volatile load` to be a `tail call`, so I'm happy to change that part back (although I question what the codegen of a `volatile load` would look like, and if the backend is going to try to use load-acquire semantics). Build with this change applied BEFORE rust-lang#140176 was reverted to demonstrate that there are no linking issues with either MSVC or MinGW: <https://github.com/rust-lang/rust/actions/runs/15078657205> Incidentally, I fixed `tests/run-make/no-alloc-shim` to work with MSVC as I needed it to be able to test locally (FYI for rust-lang#128602) r? `@bjorn3` cc `@jieyouxu`
|
@bors r- |
bors
added
S-waiting-on-author
|
@bors r+ |
bors
added
S-waiting-on-bors
Change __rust_no_alloc_shim_is_unstable to be a function This fixes a long sequence of issues: 1. A customer reported that building for Arm64EC was broken: rust-lang#138541 2. This was caused by a bug in my original implementation of Arm64EC support, namely that only functions on Arm64EC need to be decorated with `#` but Rust was decorating statics as well. 3. Once I corrected Rust to only decorate functions, I started linking failures where the linker couldn't find statics exported by dylib dependencies. This was caused by the compiler not marking exported statics in the generated DEF file with `DATA`, thus they were being exported as functions not data. 4. Once I corrected the way that the DEF files were being emitted, the linker started failing saying that it couldn't find `__rust_no_alloc_shim_is_unstable`. This is because the MSVC linker requires the declarations of statics imported from other dylibs to be marked with `dllimport` (whereas it will happily link to functions imported from other dylibs whether they are marked `dllimport` or not). 5. I then made a change to ensure that `__rust_no_alloc_shim_is_unstable` was marked as `dllimport`, but the MSVC linker started emitting warnings that `__rust_no_alloc_shim_is_unstable` was marked as `dllimport` but was declared in an obj file. This is a harmless warning which is a performance hint: anything that's marked `dllimport` must be indirected via an `__imp` symbol so I added a linker arg in the target to suppress the warning. 6. A customer then reported a similar warning when using `lld-link` (<rust-lang#140176 (comment)>). I don't think it was an implementation difference between the two linkers but rather that, depending on the obj that the declaration versus uses of `__rust_no_alloc_shim_is_unstable` landed in we would get different warnings, so I suppressed that warning as well: rust-lang#140954. 7. Another customer reported that they weren't using the Rust compiler to invoke the linker, thus these warnings were breaking their build: <rust-lang#140176 (comment)>. At that point, my original change was reverted (rust-lang#141024) leaving Arm64EC broken yet again. Taking a step back, a lot of these linker issues arise from the fact that `__rust_no_alloc_shim_is_unstable` is marked as `extern "Rust"` in the standard library and, therefore, assumed to be a foreign item from a different crate BUT the Rust compiler may choose to generate it either in the current crate, some other crate that will be statically linked in OR some other crate that will by dynamically imported. Worse yet, it is impossible while building a given crate to know if `__rust_no_alloc_shim_is_unstable` will statically linked or dynamically imported: it might be that one of its dependent crates is the one with an allocator kind set and thus that crate (which is compiled later) will decide depending if it has any dylib dependencies or not to import `__rust_no_alloc_shim_is_unstable` or generate it. Thus, there is no way to know if the declaration of `__rust_no_alloc_shim_is_unstable` should be marked with `dllimport` or not. There is a simple fix for all this: there is no reason `__rust_no_alloc_shim_is_unstable` must be a static. It needs to be some symbol that must be linked in; thus, it could easily be a function instead. As a function, there is no need to mark it as `dllimport` when dynamically imported which avoids the entire mess above. There may be a perf hit for changing the `volatile load` to be a `tail call`, so I'm happy to change that part back (although I question what the codegen of a `volatile load` would look like, and if the backend is going to try to use load-acquire semantics). Build with this change applied BEFORE rust-lang#140176 was reverted to demonstrate that there are no linking issues with either MSVC or MinGW: <https://github.com/rust-lang/rust/actions/runs/15078657205> Incidentally, I fixed `tests/run-make/no-alloc-shim` to work with MSVC as I needed it to be able to test locally (FYI for rust-lang#128602) r? `@bjorn3` cc `@jieyouxu`
Rollup of 13 pull requests Successful merges: - #134442 (Specify the behavior of `file!`) - #134841 (Look at proc-macro attributes when encountering unknown attribute) - #140372 (Exhaustively handle parsed attributes in CheckAttr) - #140766 (Stabilize keylocker) - #141061 (Change __rust_no_alloc_shim_is_unstable to be a function) - #142042 (Make E0621 missing lifetime suggestion verbose) - #142101 (core::ptr: deduplicate more method docs) - #142176 (tests: Split dont-shuffle-bswaps along opt-levels and arches) - #142258 (platform-support.md: Mention specific Linux kernel version or later) - #142260 (Miri subtree update) - #142262 (Mark `core::slice::memchr` as `#[doc(hidden)]`) - #142272 (tests: Change ABIs in tests to more future-resilient ones) - #142275 (rustdoc: Refractor `clean_ty_generics`) r? `@ghost` `@rustbot` modify labels: rollup
Change __rust_no_alloc_shim_is_unstable to be a function This fixes a long sequence of issues: 1. A customer reported that building for Arm64EC was broken: rust-lang#138541 2. This was caused by a bug in my original implementation of Arm64EC support, namely that only functions on Arm64EC need to be decorated with `#` but Rust was decorating statics as well. 3. Once I corrected Rust to only decorate functions, I started linking failures where the linker couldn't find statics exported by dylib dependencies. This was caused by the compiler not marking exported statics in the generated DEF file with `DATA`, thus they were being exported as functions not data. 4. Once I corrected the way that the DEF files were being emitted, the linker started failing saying that it couldn't find `__rust_no_alloc_shim_is_unstable`. This is because the MSVC linker requires the declarations of statics imported from other dylibs to be marked with `dllimport` (whereas it will happily link to functions imported from other dylibs whether they are marked `dllimport` or not). 5. I then made a change to ensure that `__rust_no_alloc_shim_is_unstable` was marked as `dllimport`, but the MSVC linker started emitting warnings that `__rust_no_alloc_shim_is_unstable` was marked as `dllimport` but was declared in an obj file. This is a harmless warning which is a performance hint: anything that's marked `dllimport` must be indirected via an `__imp` symbol so I added a linker arg in the target to suppress the warning. 6. A customer then reported a similar warning when using `lld-link` (<rust-lang#140176 (comment)>). I don't think it was an implementation difference between the two linkers but rather that, depending on the obj that the declaration versus uses of `__rust_no_alloc_shim_is_unstable` landed in we would get different warnings, so I suppressed that warning as well: rust-lang#140954. 7. Another customer reported that they weren't using the Rust compiler to invoke the linker, thus these warnings were breaking their build: <rust-lang#140176 (comment)>. At that point, my original change was reverted (rust-lang#141024) leaving Arm64EC broken yet again. Taking a step back, a lot of these linker issues arise from the fact that `__rust_no_alloc_shim_is_unstable` is marked as `extern "Rust"` in the standard library and, therefore, assumed to be a foreign item from a different crate BUT the Rust compiler may choose to generate it either in the current crate, some other crate that will be statically linked in OR some other crate that will by dynamically imported. Worse yet, it is impossible while building a given crate to know if `__rust_no_alloc_shim_is_unstable` will statically linked or dynamically imported: it might be that one of its dependent crates is the one with an allocator kind set and thus that crate (which is compiled later) will decide depending if it has any dylib dependencies or not to import `__rust_no_alloc_shim_is_unstable` or generate it. Thus, there is no way to know if the declaration of `__rust_no_alloc_shim_is_unstable` should be marked with `dllimport` or not. There is a simple fix for all this: there is no reason `__rust_no_alloc_shim_is_unstable` must be a static. It needs to be some symbol that must be linked in; thus, it could easily be a function instead. As a function, there is no need to mark it as `dllimport` when dynamically imported which avoids the entire mess above. There may be a perf hit for changing the `volatile load` to be a `tail call`, so I'm happy to change that part back (although I question what the codegen of a `volatile load` would look like, and if the backend is going to try to use load-acquire semantics). Build with this change applied BEFORE rust-lang#140176 was reverted to demonstrate that there are no linking issues with either MSVC or MinGW: <https://github.com/rust-lang/rust/actions/runs/15078657205> Incidentally, I fixed `tests/run-make/no-alloc-shim` to work with MSVC as I needed it to be able to test locally (FYI for rust-lang#128602) r? ``@bjorn3`` cc ``@jieyouxu``
Rollup of 12 pull requests Successful merges: - #134442 (Specify the behavior of `file!`) - #134841 (Look at proc-macro attributes when encountering unknown attribute) - #140372 (Exhaustively handle parsed attributes in CheckAttr) - #140766 (Stabilize keylocker) - #141061 (Change __rust_no_alloc_shim_is_unstable to be a function) - #142042 (Make E0621 missing lifetime suggestion verbose) - #142101 (core::ptr: deduplicate more method docs) - #142258 (platform-support.md: Mention specific Linux kernel version or later) - #142260 (Miri subtree update) - #142262 (Mark `core::slice::memchr` as `#[doc(hidden)]`) - #142272 (tests: Change ABIs in tests to more future-resilient ones) - #142275 (rustdoc: Refractor `clean_ty_generics`) r? `@ghost` `@rustbot` modify labels: rollup
bors
added
S-waiting-on-author
|
@bjorn3 could you please help me understand how this test was passing before? It's a linker failure in the Was the load previously being optimized out? Seems like some of the other tests would have caught that... |
|
Oh, interesting, the symbol has a |
|
I suspect this sanitizer mangles the names of functions, but not of globals. I think the issue here is that the version script for libstd.so only exported the non- |
|
Ugh, ok, so we need to generate the shim if the crate that would generate the shim has different sanitizers enabled? Or are there some sanitizers that don't change mangling? |
|
@rcvalle how is the dataflow sanitizer supposed to handle the case where the standard library is compiled without it enabled, but the main executable is compiled with it enabled. Is that supposed to work or does the minimal test that you added work by accident before this PR? And if it is supposed to work, is there a way to predict when the symbol mangling happens such that we can change the version script accordingly? |
|
Looks like we could apply the |
This fixes a long sequence of issues:
arm64ec-pc-windows-msvc#138541#but Rust was decorating statics as well.DATA, thus they were being exported as functions not data.__rust_no_alloc_shim_is_unstable. This is because the MSVC linker requires the declarations of statics imported from other dylibs to be marked withdllimport(whereas it will happily link to functions imported from other dylibs whether they are markeddllimportor not).__rust_no_alloc_shim_is_unstablewas marked asdllimport, but the MSVC linker started emitting warnings that__rust_no_alloc_shim_is_unstablewas marked asdllimportbut was declared in an obj file. This is a harmless warning which is a performance hint: anything that's markeddllimportmust be indirected via an__impsymbol so I added a linker arg in the target to suppress the warning.lld-link(Fix linking statics on Arm64EC #140176 (comment)). I don't think it was an implementation difference between the two linkers but rather that, depending on the obj that the declaration versus uses of__rust_no_alloc_shim_is_unstablelanded in we would get different warnings, so I suppressed that warning as well: [win] Ignore MSVC linker warning 4217 #140954.Taking a step back, a lot of these linker issues arise from the fact that
__rust_no_alloc_shim_is_unstableis marked asextern "Rust"in the standard library and, therefore, assumed to be a foreign item from a different crate BUT the Rust compiler may choose to generate it either in the current crate, some other crate that will be statically linked in OR some other crate that will by dynamically imported.Worse yet, it is impossible while building a given crate to know if
__rust_no_alloc_shim_is_unstablewill statically linked or dynamically imported: it might be that one of its dependent crates is the one with an allocator kind set and thus that crate (which is compiled later) will decide depending if it has any dylib dependencies or not to import__rust_no_alloc_shim_is_unstableor generate it. Thus, there is no way to know if the declaration of__rust_no_alloc_shim_is_unstableshould be marked withdllimportor not.There is a simple fix for all this: there is no reason
__rust_no_alloc_shim_is_unstablemust be a static. It needs to be some symbol that must be linked in; thus, it could easily be a function instead. As a function, there is no need to mark it asdllimportwhen dynamically imported which avoids the entire mess above.There may be a perf hit for changing the
volatile loadto be atail call, so I'm happy to change that part back (although I question what the codegen of avolatile loadwould look like, and if the backend is going to try to use load-acquire semantics).Build with this change applied BEFORE #140176 was reverted to demonstrate that there are no linking issues with either MSVC or MinGW: https://github.com/rust-lang/rust/actions/runs/15078657205
Incidentally, I fixed
tests/run-make/no-alloc-shimto work with MSVC as I needed it to be able to test locally (FYI for #128602)r? @bjorn3
cc @jieyouxu