Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add diagnostic for stack allocations of 1 GB or more #119798

Open
wants to merge 8 commits into
base: master
Choose a base branch
from
Open

Add diagnostic for stack allocations of 1 GB or more #119798

wants to merge 8 commits into from
+113 −0

Conversation

iSwapna
Copy link
Contributor

@iSwapna iSwapna commented Jan 10, 2024
edited by cjgillot
Loading

Add diagnostic for stack allocations of 1 GB or more

Zulip conversation [here](Issue 83060 - Regression with large stack arrays (2-4GB))

Do I generate an ICE or issue a warning?

cc #83060

@rustbot
Copy link
Collaborator

rustbot commented Jan 10, 2024

r? @wesleywiser

(rustbot has picked a reviewer for you, use r? to override)

@rustbot rustbot added S-waiting-on-review Status: Awaiting review from the assignee but also interested parties. T-compiler Relevant to the compiler team, which will review and decide on the PR/issue. labels Jan 10, 2024
@rust-log-analyzer

This comment has been minimized.

Sign in to view
@rust-log-analyzer

This comment has been minimized.

Sign in to view
@rust-log-analyzer

This comment has been minimized.

Sign in to view
@rust-log-analyzer

This comment has been minimized.

Sign in to view
@rust-log-analyzer

This comment has been minimized.

Sign in to view
@rust-log-analyzer

This comment has been minimized.

Sign in to view
@iSwapna iSwapna force-pushed the issue-83060-fix branch 2 times, most recently from 9fb4f4f to 91dcd42 Compare January 13, 2024 04:20
@rust-log-analyzer

This comment has been minimized.

Sign in to view
@iSwapna
Copy link
Contributor Author

iSwapna commented Jan 13, 2024
edited
Loading

I have addressed all the comments, but not sure how to add the stdout file for 32 bit :
Testing stage2 compiletest suite=ui mode=ui (x86_64-unknown-linux-gnu -> i686-unknown-linux-gnu)
fails in CI:

failures:

  ---- [ui] tests/ui/codegen/issue-83060-large-stack-size.rs stdout ----
  diff of stderr:

  - warning: Dangerous stack allocation of size: 1 GiB exceeds most architecture limits
  -
  - warning: 1 warning emitted
  -
  -

@iSwapna iSwapna requested a review from kadiwa4 January 13, 2024 06:11
@iSwapna
Copy link
Contributor Author

iSwapna commented Jan 13, 2024

@rustbot review

@iSwapna
Copy link
Contributor Author

iSwapna commented Jan 13, 2024
edited
Loading

I have addressed all the comments, but not sure how to add the stdout file for 32 bit : Testing stage2 compiletest suite=ui mode=ui (x86_64-unknown-linux-gnu -> i686-unknown-linux-gnu) fails in CI:

failures:

  ---- [ui] tests/ui/codegen/issue-83060-large-stack-size.rs stdout ----
  diff of stderr:

  - warning: Dangerous stack allocation of size: 1 GiB exceeds most architecture limits
  -
  - warning: 1 warning emitted
  -
  -

@rust-log-analyzer

This comment has been minimized.

Sign in to view
wesleywiser
wesleywiser reviewed Jan 16, 2024
View reviewed changes
compiler/rustc_codegen_ssa/messages.ftl Outdated Show resolved Hide resolved
compiler/rustc_codegen_ssa/src/mir/mod.rs Outdated Show resolved Hide resolved
compiler/rustc_codegen_ssa/src/mir/mod.rs Outdated Show resolved Hide resolved
@wesleywiser wesleywiser added S-waiting-on-author Status: This is awaiting some action (such as code changes or more information) from the author. and removed S-waiting-on-review Status: Awaiting review from the assignee but also interested parties. labels Jan 22, 2024
@Dylan-DPC
Copy link
Member

@iSwapna any updates on this? thanks

@iSwapna
Copy link
Contributor Author

iSwapna commented Feb 22, 2024

@iSwapna any updates on this? thanks

Sorry, I am taking a class @Stanford CS103, taking every bit of my time outside of work. That's towards wanting a good grounding on CS/compilers as well, to do a better job here!

There was a CI failure (fluent related) which I have not got an answer on how to address, the Zulip discussion is here: Issue 83060 - Regression with large stack arrays (2-4GB)

If I could get an answer on how to address the CI issue, I can take care of this in a couple of weeks (after impending midterm)

@Dylan-DPC
Copy link
Member

Sure, Thanks for the update. Just wanted to know if you are still working on it and have any updates. You should get a reply on zulip else you can bump it i guess

@iSwapna
Copy link
Contributor Author

iSwapna commented Feb 22, 2024

Sure, Thanks for the update. Just wanted to know if you are still working on it and have any updates. You should get a reply on zulip else you can bump it i guess

will do! Thank you for checking!

@rust-log-analyzer

This comment has been minimized.

Sign in to view
@cjgillot cjgillot changed the title Issue 83060 fix Add diagnostic for stack allocations of 1 GB or more Oct 4, 2024
@rustbot
Copy link
Collaborator

rustbot commented Oct 26, 2024

Some changes occurred in tests/ui/sanitizer

cc @rust-lang/project-exploit-mitigations, @rcvalle

@rustbot rustbot added the PG-exploit-mitigations Project group: Exploit mitigations label Oct 26, 2024
@iSwapna iSwapna requested a review from estebank October 26, 2024 09:06
@rust-log-analyzer

This comment has been minimized.

Sign in to view
@rust-log-analyzer

This comment has been minimized.

Sign in to view
@rust-log-analyzer

This comment has been minimized.

Sign in to view
@iSwapna
Add span_bug for locals larger than 1GB
48975e3 
use ilog2
Update compiler/rustc_codegen_ssa/messages.ftl
Co-authored-by: Michael Goulet <[email protected]>
Run test only on 64 bit
@iSwapna
Lint instead of warn
1dbc746
@iSwapna
tidy
3cb7556
@iSwapna
mingw fix
9953a42
@iSwapna
tidy!
5d77f9b
@iSwapna
fix doctest
91c22d1
@iSwapna
text for doc
a0338cf
@rust-log-analyzer

This comment has been minimized.

Sign in to view
@rust-log-analyzer
Copy link
Collaborator

The job x86_64-gnu-llvm-18 failed! Check out the build log: (web) (plain)

Click to see the possible cause of the failure (guessed by this bot) 
------
 > importing cache manifest from ghcr.io/rust-lang/rust-ci-cache:c32c805632780b5c1de330e3f44561b336c2efe163bc0990acb392390157a8e1d9f855d75914a239aa40c49d77f4a837247d05d2f8d46f554b98e1f46712a3e3:
------
##[endgroup]
Setting extra environment values for docker:  --env ENABLE_GCC_CODEGEN=1 --env GCC_EXEC_PREFIX=/usr/lib/gcc/
[CI_JOB_NAME=x86_64-gnu-llvm-18]
debug: `DISABLE_CI_RUSTC_IF_INCOMPATIBLE` configured.
---
sccache: Starting the server...
##[group]Configure the build
configure: processing command line
configure: 
configure: build.configure-args := ['--build=x86_64-unknown-linux-gnu', '--llvm-root=/usr/lib/llvm-18', '--enable-llvm-link-shared', '--set', 'rust.randomize-layout=true', '--set', 'rust.thin-lto-import-instr-limit=10', '--enable-verbose-configure', '--enable-sccache', '--disable-manage-submodules', '--enable-locked-deps', '--enable-cargo-native-static', '--set', 'rust.codegen-units-std=1', '--set', 'dist.compression-profile=balanced', '--dist-compression-formats=xz', '--set', 'rust.lld=false', '--disable-dist-src', '--release-channel=nightly', '--enable-debug-assertions', '--enable-overflow-checks', '--enable-llvm-assertions', '--set', 'rust.verify-llvm-ir', '--set', 'rust.codegen-backends=llvm,cranelift,gcc', '--set', 'llvm.static-libstdcpp', '--enable-new-symbol-mangling']
configure: target.x86_64-unknown-linux-gnu.llvm-config := /usr/lib/llvm-18/bin/llvm-config
configure: llvm.link-shared     := True
configure: rust.randomize-layout := True
configure: rust.thin-lto-import-instr-limit := 10
---
  Downloaded boml v0.3.1
   Compiling boml v0.3.1
   Compiling y v0.1.0 (/checkout/compiler/rustc_codegen_gcc/build_system)
    Finished `release` profile [optimized] target(s) in 3.79s
     Running `/checkout/obj/build/x86_64-unknown-linux-gnu/stage1-codegen/x86_64-unknown-linux-gnu/release/y test --use-system-gcc --use-backend gcc --out-dir /checkout/obj/build/x86_64-unknown-linux-gnu/stage1-tools/cg_gcc --release --mini-tests --std-tests`
Using system GCC
[BUILD] example
[AOT] mini_core_hello_world
/checkout/obj/build/x86_64-unknown-linux-gnu/stage1-tools/cg_gcc/mini_core_hello_world
abc
---

failures:

---- compiler/rustc_lint_defs/src/builtin.rs - builtin::DANGEROUS_STACK_ALLOCATION (line 718) stdout ----
warning: allocation of size: 1 GiB  exceeds most system architecture limits
  |
  |
4 |     let mut x: [u8; CAP>>1] = [0; CAP>>1];
  |
  = note: `#[warn(dangerous_stack_allocation)]` on by default

warning: 1 warning emitted
warning: 1 warning emitted

Test executable failed (signal: 6 (SIGABRT) (core dumped)).
stderr:

thread '<unknown>' has overflowed its stack
fatal runtime error: stack overflow
---
    compiler/rustc_lint_defs/src/builtin.rs - builtin::DANGEROUS_STACK_ALLOCATION (line 718)

test result: FAILED. 116 passed; 1 failed; 24 ignored; 0 measured; 0 filtered out; finished in 1.14s

error: doctest failed, to rerun pass `-p rustc_lint_defs --doc`
  local time: Sat Nov  2 19:11:17 UTC 2024
  network time: Sat, 02 Nov 2024 19:11:17 GMT
##[error]Process completed with exit code 1.
Post job cleanup.

@bors
Copy link
Contributor

bors commented Nov 4, 2024

☔ The latest upstream changes (presumably #132581) made this pull request unmergeable. Please resolve the merge conflicts.

@iSwapna
Copy link
Contributor Author

iSwapna commented Nov 22, 2024

@estebank I will get back to this after exams - late Dec. Do let me know your comments.
Best,
Swapna

estebank
estebank reviewed Nov 22, 2024
View reviewed changes
compiler/rustc_codegen_ssa/src/mir/mod.rs
decl.source_info.span,
|lint| {
lint.primary_message(format!(
"allocation of size: {:.2} {} exceeds most system architecture limits",
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
"allocation of size: {:.2} {} exceeds most system architecture limits",
"allocation of {:.2} {} exceeds most system architecture limits",

compiler/rustc_codegen_ssa/src/mir/mod.rs
Comment on lines +321 to +327
/// Formats a number of bytes into a human readable SI-prefixed size.
/// Returns a tuple of `(quantity, units)`.
pub fn human_readable_bytes(bytes: u64) -> (u64, &'static str) {
static UNITS: [&str; 7] = ["B", "KiB", "MiB", "GiB", "TiB", "PiB", "EiB"];
let i = ((bytes.checked_ilog2().unwrap_or(0) / 10) as usize).min(UNITS.len() - 1);
(bytes >> (10 * i), UNITS[i])
}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could have sworn that we did this already, but alas it is in cargo 😅

compiler/rustc_lint_defs/src/builtin.rs
Comment on lines +750 to +751
/// Large arras may cause stack overflow due to the limited size of the
/// stack on most platforms.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
/// Large arras may cause stack overflow due to the limited size of the
/// stack on most platforms.
/// Large arrays may cause stack overflow due to the limited size of the
/// stack on most platforms.

We should probably extend this to be more explicit about which platforms this is an issue in (no need to be exhaustive).

compiler/rustc_lint_defs/src/builtin.rs
/// stack on most platforms.
pub DANGEROUS_STACK_ALLOCATION,
Warn,
"Detects dangerous stack allocations at the limit of most architectures"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
"Detects dangerous stack allocations at the limit of most architectures"
"detects dangerously large stack allocations at the limit of most architectures"

compiler/rustc_codegen_ssa/src/mir/mod.rs
@@ -29,6 +31,8 @@ use self::debuginfo::{FunctionDebugContext, PerLocalVarDebugInfo};
use self::operand::{OperandRef, OperandValue};
use self::place::PlaceRef;

const MIN_DANGEROUS_SIZE: u64 = 1024 * 1024 * 1024 * 1; // 1 GB
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
const MIN_DANGEROUS_SIZE: u64 = 1024 * 1024 * 1024 * 1; // 1 GB
const MIN_DANGEROUS_ALLOC_SIZE: u64 = 1024 * 1024 * 1024 * 1; // 1 GB

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not to change, but to discuss: would making this lower than 1GB be worth it, so that people that we can guide people that are not hitting the limits, but are on their way to do so get some early warning?

compiler/rustc_codegen_ssa/src/mir/mod.rs
@@ -234,6 +238,21 @@ pub fn codegen_mir<'a, 'tcx, Bx: BuilderMethods<'a, 'tcx>>(
let layout = start_bx.layout_of(fx.monomorphize(decl.ty));
assert!(!layout.ty.has_erasable_regions());

if layout.size.bytes() >= MIN_DANGEROUS_SIZE {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
if layout.size.bytes() >= MIN_DANGEROUS_SIZE {
if layout.size.bytes() >= MIN_DANGEROUS_ALLOC_SIZE {

compiler/rustc_codegen_ssa/src/errors.rs
Comment on lines +432 to +438
#[derive(Diagnostic)]
#[diag(codegen_ssa_dangerous_stack_allocation)]
pub struct DangerousStackAllocation {
#[primary_span]
pub span: Span,
pub output: String,
}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This and the ftl change are no longer used, right?

compiler/rustc_codegen_ssa/src/mir/mod.rs
lint::builtin::DANGEROUS_STACK_ALLOCATION,
CRATE_HIR_ID,
decl.source_info.span,
|lint| {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We could add more context, like in the lint description, about some common platform limits.

compiler/rustc_lint_defs/src/builtin.rs
Comment on lines +740 to +746
/// warning: allocation of size: 1 GiB exceeds most system architecture limits
/// --> $DIR/large-stack-size-issue-83060.rs:7:9
/// |
/// LL | let mut x: [u8; CAP>>1] = [0; CAP>>1];
/// | ^^^^^
/// |
/// = note: `#[warn(dangerous_stack_allocation)]` on by default
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This will likely fail because of the textual formatting not being correctly left aligned.

estebank
estebank reviewed Nov 22, 2024
View reviewed changes
compiler/rustc_lint_defs/src/builtin.rs
Comment on lines +740 to +746
/// warning: allocation of size: 1 GiB exceeds most system architecture limits
/// --> $DIR/large-stack-size-issue-83060.rs:7:9
/// |
/// LL | let mut x: [u8; CAP>>1] = [0; CAP>>1];
/// | ^^^^^
/// |
/// = note: `#[warn(dangerous_stack_allocation)]` on by default
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
/// warning: allocation of size: 1 GiB exceeds most system architecture limits
/// --> $DIR/large-stack-size-issue-83060.rs:7:9
/// |
/// LL | let mut x: [u8; CAP>>1] = [0; CAP>>1];
/// | ^^^^^
/// |
/// = note: `#[warn(dangerous_stack_allocation)]` on by default
/// warning: allocation of size: 1 GiB exceeds most system architecture limits
/// --> $DIR/large-stack-size-issue-83060.rs:7:9
/// |
/// LL | let mut x: [u8; CAP>>1] = [0; CAP>>1];
/// | ^^^^^
/// |
/// = note: `#[warn(dangerous_stack_allocation)]` on by default

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@estebank estebank estebank left review comments

@kadiwa4 kadiwa4 Awaiting requested review from kadiwa4

@wesleywiser wesleywiser Awaiting requested review from wesleywiser

@pnkfelix pnkfelix Awaiting requested review from pnkfelix

@compiler-errors compiler-errors Awaiting requested review from compiler-errors

@cjgillot cjgillot Awaiting requested review from cjgillot

@workingjubilee workingjubilee Awaiting requested review from workingjubilee

Assignees

@cjgillot cjgillot

Labels
PG-exploit-mitigations Project group: Exploit mitigations S-waiting-on-review Status: Awaiting review from the assignee but also interested parties. T-compiler Relevant to the compiler team, which will review and decide on the PR/issue.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.