From fc500368485bd2ebafea6a37da30f49c8be75aac Mon Sep 17 00:00:00 2001 From: Raoul Strackx Date: Mon, 21 Oct 2019 15:10:32 +0200 Subject: [PATCH 01/16] fixed ac vulnerability --- src/libstd/sys/sgx/abi/entry.S | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/src/libstd/sys/sgx/abi/entry.S b/src/libstd/sys/sgx/abi/entry.S index c35e49b1dc6ea..4f8673a1907d7 100644 --- a/src/libstd/sys/sgx/abi/entry.S +++ b/src/libstd/sys/sgx/abi/entry.S @@ -121,6 +121,16 @@ sgx_entry: fnstcw %gs:tcsls_user_fcw /* reset user state */ cld /* x86-64 ABI requires DF to be unset at function entry/exit */ + +/* making sure AC flag is not set in rflags */ +/* avoid using the 'clac' instruction to be compatible with older compilers */ + push %rcx + pushfq + popq %rcx + and $0xFFFFFFFFFFFBFFFF, %rcx + push %rcx + popfq + /* check for debug buffer pointer */ testb $0xff,DEBUG(%rip) jz .Lskip_debug_init From f6aa64b7b0e2a39708a1baf631f46cf02025cbe9 Mon Sep 17 00:00:00 2001 From: Michael Woerister Date: Thu, 24 Oct 2019 17:13:38 +0200 Subject: [PATCH 02/16] self-profiling: Remove unused methods from profiler. --- src/librustc/util/profiling.rs | 48 ---------------------------------- 1 file changed, 48 deletions(-) diff --git a/src/librustc/util/profiling.rs b/src/librustc/util/profiling.rs index bd02e7f5a14a1..0ca0ac82533b0 100644 --- a/src/librustc/util/profiling.rs +++ b/src/librustc/util/profiling.rs @@ -131,32 +131,6 @@ impl SelfProfilerRef { }) } - /// Start profiling a generic activity. Profiling continues until - /// `generic_activity_end` is called. The RAII-based `generic_activity` - /// usually is the better alternative. - #[inline(always)] - pub fn generic_activity_start(&self, event_id: &str) { - self.non_guard_generic_event( - |profiler| profiler.generic_activity_event_kind, - |profiler| profiler.profiler.alloc_string(event_id), - EventFilter::GENERIC_ACTIVITIES, - TimestampKind::Start, - ); - } - - /// End profiling a generic activity that was started with - /// `generic_activity_start`. The RAII-based `generic_activity` usually is - /// the better alternative. - #[inline(always)] - pub fn generic_activity_end(&self, event_id: &str) { - self.non_guard_generic_event( - |profiler| profiler.generic_activity_event_kind, - |profiler| profiler.profiler.alloc_string(event_id), - EventFilter::GENERIC_ACTIVITIES, - TimestampKind::End, - ); - } - /// Start profiling a query provider. Profiling continues until the /// TimingGuard returned from this call is dropped. #[inline(always)] @@ -238,28 +212,6 @@ impl SelfProfilerRef { TimingGuard::none() })); } - - #[inline(always)] - fn non_guard_generic_event StringId>( - &self, - event_kind: fn(&SelfProfiler) -> StringId, - event_id: F, - event_filter: EventFilter, - timestamp_kind: TimestampKind - ) { - drop(self.exec(event_filter, |profiler| { - let thread_id = thread_id_to_u64(std::thread::current().id()); - - profiler.profiler.record_event( - event_kind(profiler), - event_id(profiler), - thread_id, - timestamp_kind, - ); - - TimingGuard::none() - })); - } } pub struct SelfProfiler { From ee1173a8ffaf51335a4eb7198cd0ce7f508abfd0 Mon Sep 17 00:00:00 2001 From: Michael Woerister Date: Thu, 24 Oct 2019 17:14:38 +0200 Subject: [PATCH 03/16] self-profiling: Update measureme to 0.4.0 and use new RAII-based API. --- Cargo.lock | 4 ++-- src/librustc/Cargo.toml | 2 +- src/librustc/util/profiling.rs | 40 +++++++++------------------------- 3 files changed, 13 insertions(+), 33 deletions(-) diff --git a/Cargo.lock b/Cargo.lock index efcbd7b6794f0..8e0db18e1577f 100644 --- a/Cargo.lock +++ b/Cargo.lock @@ -1954,9 +1954,9 @@ dependencies = [ [[package]] name = "measureme" -version = "0.3.0" +version = "0.4.0" source = "registry+https://github.com/rust-lang/crates.io-index" -checksum = "d09de7dafa3aa334bc806447c7e4de69419723312f4b88b80b561dea66601ce8" +checksum = "cd21b0e6e1af976b269ce062038fe5e1b9ca2f817ab7a3af09ec4210aebf0d30" dependencies = [ "byteorder", "memmap", diff --git a/src/librustc/Cargo.toml b/src/librustc/Cargo.toml index 93274ef0c927c..38631224fd359 100644 --- a/src/librustc/Cargo.toml +++ b/src/librustc/Cargo.toml @@ -37,4 +37,4 @@ byteorder = { version = "1.3" } chalk-engine = { version = "0.9.0", default-features=false } rustc_fs_util = { path = "../librustc_fs_util" } smallvec = { version = "0.6.8", features = ["union", "may_dangle"] } -measureme = "0.3" +measureme = "0.4" diff --git a/src/librustc/util/profiling.rs b/src/librustc/util/profiling.rs index 0ca0ac82533b0..08cd68655aa5c 100644 --- a/src/librustc/util/profiling.rs +++ b/src/librustc/util/profiling.rs @@ -14,9 +14,12 @@ use measureme::{StringId, TimestampKind}; /// MmapSerializatioSink is faster on macOS and Linux /// but FileSerializationSink is faster on Windows #[cfg(not(windows))] -type Profiler = measureme::Profiler; +type SerializationSink = measureme::MmapSerializationSink; #[cfg(windows)] -type Profiler = measureme::Profiler; +type SerializationSink = measureme::FileSerializationSink; + +type Profiler = measureme::Profiler; + #[derive(Clone, Copy, Debug, PartialEq, Eq, Ord, PartialOrd)] pub enum ProfileCategory { @@ -298,14 +301,7 @@ impl SelfProfiler { } #[must_use] -pub struct TimingGuard<'a>(Option>); - -struct TimingGuardInternal<'a> { - raw_profiler: &'a Profiler, - event_id: StringId, - event_kind: StringId, - thread_id: u64, -} +pub struct TimingGuard<'a>(Option>); impl<'a> TimingGuard<'a> { #[inline] @@ -316,14 +312,10 @@ impl<'a> TimingGuard<'a> { ) -> TimingGuard<'a> { let thread_id = thread_id_to_u64(std::thread::current().id()); let raw_profiler = &profiler.profiler; - raw_profiler.record_event(event_kind, event_id, thread_id, TimestampKind::Start); - - TimingGuard(Some(TimingGuardInternal { - raw_profiler, - event_kind, - event_id, - thread_id, - })) + let timing_guard = raw_profiler.start_recording_interval_event(event_kind, + event_id, + thread_id); + TimingGuard(Some(timing_guard)) } #[inline] @@ -331,15 +323,3 @@ impl<'a> TimingGuard<'a> { TimingGuard(None) } } - -impl<'a> Drop for TimingGuardInternal<'a> { - #[inline] - fn drop(&mut self) { - self.raw_profiler.record_event( - self.event_kind, - self.event_id, - self.thread_id, - TimestampKind::End - ); - } -} From 9c083068e31e8eb4d4f1d3f649354408d866574c Mon Sep 17 00:00:00 2001 From: Michael Woerister Date: Thu, 24 Oct 2019 17:37:48 +0200 Subject: [PATCH 04/16] self-profiling: Switch query-blocking measurements to RAII-style API. --- src/librustc/ty/query/plumbing.rs | 14 ++++++++++++-- src/librustc/util/profiling.rs | 26 +++++++------------------- 2 files changed, 19 insertions(+), 21 deletions(-) diff --git a/src/librustc/ty/query/plumbing.rs b/src/librustc/ty/query/plumbing.rs index 41b4883793b54..538154b035ac6 100644 --- a/src/librustc/ty/query/plumbing.rs +++ b/src/librustc/ty/query/plumbing.rs @@ -90,6 +90,10 @@ impl<'a, 'tcx, Q: QueryDescription<'tcx>> JobOwner<'a, 'tcx, Q> { } return TryGetJob::JobCompleted(result); } + + #[cfg(parallel_compiler)] + let query_blocked_prof_timer; + let job = match lock.active.entry((*key).clone()) { Entry::Occupied(entry) => { match *entry.get() { @@ -98,7 +102,9 @@ impl<'a, 'tcx, Q: QueryDescription<'tcx>> JobOwner<'a, 'tcx, Q> { // in another thread has completed. Record how long we wait in the // self-profiler. #[cfg(parallel_compiler)] - tcx.prof.query_blocked_start(Q::NAME); + { + query_blocked_prof_timer = tcx.prof.query_blocked(Q::NAME); + } job.clone() }, @@ -140,7 +146,11 @@ impl<'a, 'tcx, Q: QueryDescription<'tcx>> JobOwner<'a, 'tcx, Q> { #[cfg(parallel_compiler)] { let result = job.r#await(tcx, span); - tcx.prof.query_blocked_end(Q::NAME); + + // This `drop()` is not strictly necessary as the binding + // would go out of scope anyway. But it's good to have an + // explicit marker of how far the measurement goes. + drop(query_blocked_prof_timer); if let Err(cycle) = result { return TryGetJob::Cycle(Q::handle_cycle_error(tcx, cycle)); diff --git a/src/librustc/util/profiling.rs b/src/librustc/util/profiling.rs index 08cd68655aa5c..5a1b7f3aa4cb8 100644 --- a/src/librustc/util/profiling.rs +++ b/src/librustc/util/profiling.rs @@ -156,26 +156,14 @@ impl SelfProfilerRef { } /// Start profiling a query being blocked on a concurrent execution. - /// Profiling continues until `query_blocked_end` is called. + /// Profiling continues until the TimingGuard returned from this call is + /// dropped. #[inline(always)] - pub fn query_blocked_start(&self, query_name: QueryName) { - self.non_guard_query_event( - |profiler| profiler.query_blocked_event_kind, - query_name, - EventFilter::QUERY_BLOCKED, - TimestampKind::Start, - ); - } - - /// End profiling a query being blocked on a concurrent execution. - #[inline(always)] - pub fn query_blocked_end(&self, query_name: QueryName) { - self.non_guard_query_event( - |profiler| profiler.query_blocked_event_kind, - query_name, - EventFilter::QUERY_BLOCKED, - TimestampKind::End, - ); + pub fn query_blocked(&self, query_name: QueryName) -> TimingGuard<'_> { + self.exec(EventFilter::QUERY_BLOCKED, |profiler| { + let event_id = SelfProfiler::get_query_name_string_id(query_name); + TimingGuard::start(profiler, profiler.query_blocked_event_kind, event_id) + }) } /// Start profiling how long it takes to load a query result from the From dcf343689973ef81d674c1df0f21fc9332c73f3f Mon Sep 17 00:00:00 2001 From: Lukas Kalbertodt Date: Fri, 25 Oct 2019 10:50:21 +0200 Subject: [PATCH 05/16] Fill tracking issue number for `array_value_iter` and fix Rust version --- src/libcore/array/iter.rs | 20 ++++++++++---------- src/libcore/array/mod.rs | 2 +- 2 files changed, 11 insertions(+), 11 deletions(-) diff --git a/src/libcore/array/iter.rs b/src/libcore/array/iter.rs index 850a599c6599f..11803238407c8 100644 --- a/src/libcore/array/iter.rs +++ b/src/libcore/array/iter.rs @@ -13,7 +13,7 @@ use super::LengthAtMost32; /// A by-value [array] iterator. /// /// [array]: ../../std/primitive.array.html -#[unstable(feature = "array_value_iter", issue = "0")] +#[unstable(feature = "array_value_iter", issue = "65798")] pub struct IntoIter where [T; N]: LengthAtMost32, @@ -49,7 +49,7 @@ where /// *Note*: this method might never get stabilized and/or removed in the /// future as there will likely be another, preferred way of obtaining this /// iterator (either via `IntoIterator` for arrays or via another way). - #[unstable(feature = "array_value_iter", issue = "0")] + #[unstable(feature = "array_value_iter", issue = "65798")] pub fn new(array: [T; N]) -> Self { // The transmute here is actually safe. The docs of `MaybeUninit` // promise: @@ -95,7 +95,7 @@ where } -#[stable(feature = "array_value_iter_impls", since = "1.38.0")] +#[stable(feature = "array_value_iter_impls", since = "1.40.0")] impl Iterator for IntoIter where [T; N]: LengthAtMost32, @@ -141,7 +141,7 @@ where } } -#[stable(feature = "array_value_iter_impls", since = "1.38.0")] +#[stable(feature = "array_value_iter_impls", since = "1.40.0")] impl DoubleEndedIterator for IntoIter where [T; N]: LengthAtMost32, @@ -176,7 +176,7 @@ where } } -#[stable(feature = "array_value_iter_impls", since = "1.38.0")] +#[stable(feature = "array_value_iter_impls", since = "1.40.0")] impl Drop for IntoIter where [T; N]: LengthAtMost32, @@ -189,7 +189,7 @@ where } } -#[stable(feature = "array_value_iter_impls", since = "1.38.0")] +#[stable(feature = "array_value_iter_impls", since = "1.40.0")] impl ExactSizeIterator for IntoIter where [T; N]: LengthAtMost32, @@ -204,7 +204,7 @@ where } } -#[stable(feature = "array_value_iter_impls", since = "1.38.0")] +#[stable(feature = "array_value_iter_impls", since = "1.40.0")] impl FusedIterator for IntoIter where [T; N]: LengthAtMost32, @@ -214,13 +214,13 @@ where // elements (that will still be yielded) is the length of the range `alive`. // This range is decremented in length in either `next` or `next_back`. It is // always decremented by 1 in those methods, but only if `Some(_)` is returned. -#[stable(feature = "array_value_iter_impls", since = "1.38.0")] +#[stable(feature = "array_value_iter_impls", since = "1.40.0")] unsafe impl TrustedLen for IntoIter where [T; N]: LengthAtMost32, {} -#[stable(feature = "array_value_iter_impls", since = "1.38.0")] +#[stable(feature = "array_value_iter_impls", since = "1.40.0")] impl Clone for IntoIter where [T; N]: LengthAtMost32, @@ -251,7 +251,7 @@ where } } -#[stable(feature = "array_value_iter_impls", since = "1.38.0")] +#[stable(feature = "array_value_iter_impls", since = "1.40.0")] impl fmt::Debug for IntoIter where [T; N]: LengthAtMost32, diff --git a/src/libcore/array/mod.rs b/src/libcore/array/mod.rs index 120658e9a4343..e1ec8b795d04c 100644 --- a/src/libcore/array/mod.rs +++ b/src/libcore/array/mod.rs @@ -18,7 +18,7 @@ use crate::slice::{Iter, IterMut}; mod iter; #[cfg(not(bootstrap))] -#[unstable(feature = "array_value_iter", issue = "0")] +#[unstable(feature = "array_value_iter", issue = "65798")] pub use iter::IntoIter; /// Utility trait implemented only on arrays of fixed size From 4936f96d42eeaa65e4b169113796f29c8c769f39 Mon Sep 17 00:00:00 2001 From: Mara Bos Date: Fri, 25 Oct 2019 14:07:08 +0200 Subject: [PATCH 06/16] Add [T]::as_ptr_range() and [T]::as_mut_ptr_range(). See https://github.com/rust-lang/rfcs/pull/2791 for motivation. --- src/libcore/slice/mod.rs | 61 +++++++++++++++++++++++++++++++++++++++- 1 file changed, 60 insertions(+), 1 deletion(-) diff --git a/src/libcore/slice/mod.rs b/src/libcore/slice/mod.rs index 4e79ea812044b..0770b0c6f9016 100644 --- a/src/libcore/slice/mod.rs +++ b/src/libcore/slice/mod.rs @@ -28,7 +28,7 @@ use crate::fmt; use crate::intrinsics::{assume, exact_div, unchecked_sub, is_aligned_and_not_null}; use crate::isize; use crate::iter::*; -use crate::ops::{FnMut, self}; +use crate::ops::{FnMut, Range, self}; use crate::option::Option; use crate::option::Option::{None, Some}; use crate::result::Result; @@ -407,6 +407,65 @@ impl [T] { self as *mut [T] as *mut T } + /// Returns the two raw pointers spanning the slice. + /// + /// The returned range is half-open, which means that the end pointer + /// points *one past* the last element of the slice. This way, an empty + /// slice is represented by two equal pointers, and the difference between + /// the two pointers represents the size of the size. + /// + /// See [`as_ptr`] for warnings on using these pointers. The end pointer + /// requires extra caution, as it does not point to a valid element in the + /// slice. + /// + /// This function is useful for interacting with foreign interfaces which + /// use two pointers to refer to a range of elements in memory, as is + /// common in C++. + /// + /// It can also be useful to check if a reference or pointer to an element + /// refers to an element of this slice: + /// + /// ``` + /// let a = [1,2,3]; + /// let x = &a[1]; + /// let y = &5; + /// assert!(a.as_ptr_range().contains(x)); + /// assert!(!a.as_ptr_range().contains(y)); + /// ``` + /// + /// [`as_ptr`]: #method.as_ptr + #[unstable(feature = "slice_ptr_range", issue = "0")] + #[inline] + pub fn as_ptr_range(&self) -> Range<*const T> { + let start = self.as_ptr(); + let end = unsafe { start.add(self.len()) }; + start..end + } + + /// Returns the two unsafe mutable pointers spanning the slice. + /// + /// The returned range is half-open, which means that the end pointer + /// points *one past* the last element of the slice. This way, an empty + /// slice is represented by two equal pointers, and the difference between + /// the two pointers represents the size of the size. + /// + /// See [`as_mut_ptr`] for warnings on using these pointers. The end + /// pointer requires extra caution, as it does not point to a valid element + /// in the slice. + /// + /// This function is useful for interacting with foreign interfaces which + /// use two pointers to refer to a range of elements in memory, as is + /// common in C++. + /// + /// [`as_mut_ptr`]: #method.as_mut_ptr + #[unstable(feature = "slice_ptr_range", issue = "0")] + #[inline] + pub fn as_mut_ptr_range(&mut self) -> Range<*mut T> { + let start = self.as_mut_ptr(); + let end = unsafe { start.add(self.len()) }; + start..end + } + /// Swaps two elements in the slice. /// /// # Arguments From f1b69b0a871a5d78504c0dc197e0ebb477de653c Mon Sep 17 00:00:00 2001 From: Mara Bos Date: Fri, 25 Oct 2019 14:33:07 +0200 Subject: [PATCH 07/16] Add slice_ptr_range tracking issue number. --- src/libcore/slice/mod.rs | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/libcore/slice/mod.rs b/src/libcore/slice/mod.rs index 0770b0c6f9016..0a115ce84caad 100644 --- a/src/libcore/slice/mod.rs +++ b/src/libcore/slice/mod.rs @@ -434,7 +434,7 @@ impl [T] { /// ``` /// /// [`as_ptr`]: #method.as_ptr - #[unstable(feature = "slice_ptr_range", issue = "0")] + #[unstable(feature = "slice_ptr_range", issue = "65807")] #[inline] pub fn as_ptr_range(&self) -> Range<*const T> { let start = self.as_ptr(); @@ -458,7 +458,7 @@ impl [T] { /// common in C++. /// /// [`as_mut_ptr`]: #method.as_mut_ptr - #[unstable(feature = "slice_ptr_range", issue = "0")] + #[unstable(feature = "slice_ptr_range", issue = "65807")] #[inline] pub fn as_mut_ptr_range(&mut self) -> Range<*mut T> { let start = self.as_mut_ptr(); From d257c20a1dc97631f6c1cf4a22f32ed80f23e4f1 Mon Sep 17 00:00:00 2001 From: Raoul Strackx Date: Fri, 25 Oct 2019 15:27:48 +0200 Subject: [PATCH 08/16] removed unnecessary push --- src/libstd/sys/sgx/abi/entry.S | 1 - 1 file changed, 1 deletion(-) diff --git a/src/libstd/sys/sgx/abi/entry.S b/src/libstd/sys/sgx/abi/entry.S index 4f8673a1907d7..08aee89fe03de 100644 --- a/src/libstd/sys/sgx/abi/entry.S +++ b/src/libstd/sys/sgx/abi/entry.S @@ -124,7 +124,6 @@ sgx_entry: /* making sure AC flag is not set in rflags */ /* avoid using the 'clac' instruction to be compatible with older compilers */ - push %rcx pushfq popq %rcx and $0xFFFFFFFFFFFBFFFF, %rcx From 34f5d5923f3dff832fbc62a61a062643d78e4c03 Mon Sep 17 00:00:00 2001 From: Raoul Strackx Date: Fri, 25 Oct 2019 15:44:07 +0200 Subject: [PATCH 09/16] cleaning up code --- src/libstd/sys/sgx/abi/entry.S | 13 ++++--------- 1 file changed, 4 insertions(+), 9 deletions(-) diff --git a/src/libstd/sys/sgx/abi/entry.S b/src/libstd/sys/sgx/abi/entry.S index 08aee89fe03de..f5d9c4338deb5 100644 --- a/src/libstd/sys/sgx/abi/entry.S +++ b/src/libstd/sys/sgx/abi/entry.S @@ -119,16 +119,11 @@ sgx_entry: mov %rbx,%gs:tcsls_tcs_addr stmxcsr %gs:tcsls_user_mxcsr fnstcw %gs:tcsls_user_fcw -/* reset user state */ - cld /* x86-64 ABI requires DF to be unset at function entry/exit */ -/* making sure AC flag is not set in rflags */ -/* avoid using the 'clac' instruction to be compatible with older compilers */ - pushfq - popq %rcx - and $0xFFFFFFFFFFFBFFFF, %rcx - push %rcx - popfq +/* reset user state */ +/* - DF flag: x86-64 ABI requires DF to be unset at function entry/exit */ +/* - AC flag: AEX on misaligned memory accesses leaks side channel info */ + andq $~0x40400, (%rsp) /* check for debug buffer pointer */ testb $0xff,DEBUG(%rip) From de9b660a40728d4c4213f2ec7a1c99a9bc352023 Mon Sep 17 00:00:00 2001 From: Mara Bos Date: Fri, 25 Oct 2019 15:21:00 +0200 Subject: [PATCH 10/16] Explain why pointer::add in slice::as_ptr_range is safe. --- src/libcore/slice/mod.rs | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/src/libcore/slice/mod.rs b/src/libcore/slice/mod.rs index 0a115ce84caad..185913a47f1a2 100644 --- a/src/libcore/slice/mod.rs +++ b/src/libcore/slice/mod.rs @@ -437,6 +437,23 @@ impl [T] { #[unstable(feature = "slice_ptr_range", issue = "65807")] #[inline] pub fn as_ptr_range(&self) -> Range<*const T> { + // The `add` here is safe, because: + // + // - Both pointers are part of the same object, as pointing directly + // past the object also counts. + // + // - The size of the slice is never larger than isize::MAX bytes, as + // noted here: + // - https://github.com/rust-lang/unsafe-code-guidelines/issues/102#issuecomment-473340447 + // - https://doc.rust-lang.org/reference/behavior-considered-undefined.html + // - https://doc.rust-lang.org/core/slice/fn.from_raw_parts.html#safety + // (This doesn't seem normative yet, but the very same assumption is + // made in many places, including the Index implementation of slices.) + // + // - There is no wrapping around involved, as slices do not wrap past + // the end of the address space. + // + // See the documentation of pointer::add. let start = self.as_ptr(); let end = unsafe { start.add(self.len()) }; start..end @@ -461,6 +478,7 @@ impl [T] { #[unstable(feature = "slice_ptr_range", issue = "65807")] #[inline] pub fn as_mut_ptr_range(&mut self) -> Range<*mut T> { + // See as_ptr_range() above for why `add` here is safe. let start = self.as_mut_ptr(); let end = unsafe { start.add(self.len()) }; start..end From 5aafa98562a3bd472ae7934f0d192b9cfcb36254 Mon Sep 17 00:00:00 2001 From: Raoul Strackx Date: Fri, 25 Oct 2019 16:06:13 +0200 Subject: [PATCH 11/16] forgot pushfq/popqfq: fixed --- src/libstd/sys/sgx/abi/entry.S | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/libstd/sys/sgx/abi/entry.S b/src/libstd/sys/sgx/abi/entry.S index f5d9c4338deb5..cd26c7ca200b0 100644 --- a/src/libstd/sys/sgx/abi/entry.S +++ b/src/libstd/sys/sgx/abi/entry.S @@ -123,7 +123,9 @@ sgx_entry: /* reset user state */ /* - DF flag: x86-64 ABI requires DF to be unset at function entry/exit */ /* - AC flag: AEX on misaligned memory accesses leaks side channel info */ + pushfq andq $~0x40400, (%rsp) + popfq /* check for debug buffer pointer */ testb $0xff,DEBUG(%rip) From 0d21d257c9691983fd51e7d5d9ace4de8933114c Mon Sep 17 00:00:00 2001 From: Jake Goulding Date: Tue, 22 Oct 2019 13:54:09 -0400 Subject: [PATCH 12/16] Remove unneeded pointer casting --- src/liballoc/string.rs | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/src/liballoc/string.rs b/src/liballoc/string.rs index 639124e26cc20..108c91fba1ff8 100644 --- a/src/liballoc/string.rs +++ b/src/liballoc/string.rs @@ -194,9 +194,9 @@ use crate::vec::Vec; /// ``` /// use std::mem; /// -/// let story = String::from("Once upon a time..."); +/// let mut story = String::from("Once upon a time..."); /// -/// let ptr = story.as_ptr(); +/// let ptr = story.as_mut_ptr(); /// let len = story.len(); /// let capacity = story.capacity(); /// @@ -209,7 +209,7 @@ use crate::vec::Vec; /// // We can re-build a String out of ptr, len, and capacity. This is all /// // unsafe because we are responsible for making sure the components are /// // valid: -/// let s = unsafe { String::from_raw_parts(ptr as *mut _, len, capacity) } ; +/// let s = unsafe { String::from_raw_parts(ptr, len, capacity) } ; /// /// assert_eq!(String::from("Once upon a time..."), s); /// ``` @@ -676,14 +676,14 @@ impl String { /// use std::mem; /// /// unsafe { - /// let s = String::from("hello"); - /// let ptr = s.as_ptr(); + /// let mut s = String::from("hello"); + /// let ptr = s.as_mut_ptr(); /// let len = s.len(); /// let capacity = s.capacity(); /// /// mem::forget(s); /// - /// let s = String::from_raw_parts(ptr as *mut _, len, capacity); + /// let s = String::from_raw_parts(ptr, len, capacity); /// /// assert_eq!(String::from("hello"), s); /// } From dce8fabc62ed393152c53c65c492c8f3ae324eda Mon Sep 17 00:00:00 2001 From: Jake Goulding Date: Tue, 22 Oct 2019 15:40:22 -0400 Subject: [PATCH 13/16] Use ManuallyDrop in examples for {Vec,String}::from_raw_parts --- src/liballoc/string.rs | 16 +++++++++------- src/liballoc/vec.rs | 10 +++++----- 2 files changed, 14 insertions(+), 12 deletions(-) diff --git a/src/liballoc/string.rs b/src/liballoc/string.rs index 108c91fba1ff8..1d0faeccecf1d 100644 --- a/src/liballoc/string.rs +++ b/src/liballoc/string.rs @@ -194,7 +194,10 @@ use crate::vec::Vec; /// ``` /// use std::mem; /// -/// let mut story = String::from("Once upon a time..."); +/// let story = String::from("Once upon a time..."); +/// +/// // Prevent automatically dropping the String's data +/// let mut story = mem::ManuallyDrop::new(story); /// /// let ptr = story.as_mut_ptr(); /// let len = story.len(); @@ -203,9 +206,6 @@ use crate::vec::Vec; /// // story has nineteen bytes /// assert_eq!(19, len); /// -/// // Now that we have our parts, we throw the story away. -/// mem::forget(story); -/// /// // We can re-build a String out of ptr, len, and capacity. This is all /// // unsafe because we are responsible for making sure the components are /// // valid: @@ -676,13 +676,15 @@ impl String { /// use std::mem; /// /// unsafe { - /// let mut s = String::from("hello"); + /// let s = String::from("hello"); + /// + /// // Prevent automatically dropping the String's data + /// let mut s = mem::ManuallyDrop::new(s); + /// /// let ptr = s.as_mut_ptr(); /// let len = s.len(); /// let capacity = s.capacity(); /// - /// mem::forget(s); - /// /// let s = String::from_raw_parts(ptr, len, capacity); /// /// assert_eq!(String::from("hello"), s); diff --git a/src/liballoc/vec.rs b/src/liballoc/vec.rs index 6350b189c5faa..c8fb897123475 100644 --- a/src/liballoc/vec.rs +++ b/src/liballoc/vec.rs @@ -389,7 +389,11 @@ impl Vec { /// use std::ptr; /// use std::mem; /// - /// let mut v = vec![1, 2, 3]; + /// let v = vec![1, 2, 3]; + /// + /// // Prevent running `v`'s destructor so we are in complete control + /// // of the allocation. + /// let mut v = mem::ManuallyDrop::new(v); /// /// // Pull out the various important pieces of information about `v` /// let p = v.as_mut_ptr(); @@ -397,10 +401,6 @@ impl Vec { /// let cap = v.capacity(); /// /// unsafe { - /// // Cast `v` into the void: no destructor run, so we are in - /// // complete control of the allocation to which `p` points. - /// mem::forget(v); - /// /// // Overwrite memory with 4, 5, 6 /// for i in 0..len as isize { /// ptr::write(p.offset(i), 4 + i); From 6600cf604091a99bba990d41b93885b40c02a97d Mon Sep 17 00:00:00 2001 From: Jake Goulding Date: Tue, 22 Oct 2019 12:48:52 -0400 Subject: [PATCH 14/16] Add {String,Vec}::into_raw_parts --- src/liballoc/string.rs | 33 +++++++++++++++++++++++++++++++++ src/liballoc/vec.rs | 39 +++++++++++++++++++++++++++++++++++++++ src/libcore/intrinsics.rs | 1 + 3 files changed, 73 insertions(+) diff --git a/src/liballoc/string.rs b/src/liballoc/string.rs index 1d0faeccecf1d..d9927c642b2d8 100644 --- a/src/liballoc/string.rs +++ b/src/liballoc/string.rs @@ -196,6 +196,7 @@ use crate::vec::Vec; /// /// let story = String::from("Once upon a time..."); /// +// FIXME Update this when vec_into_raw_parts is stabilized /// // Prevent automatically dropping the String's data /// let mut story = mem::ManuallyDrop::new(story); /// @@ -647,6 +648,37 @@ impl String { decode_utf16(v.iter().cloned()).map(|r| r.unwrap_or(REPLACEMENT_CHARACTER)).collect() } + /// Decomposes a `String` into its raw components. + /// + /// Returns the raw pointer to the underlying data, the length of + /// the string (in bytes), and the allocated capacity of the data + /// (in bytes). These are the same arguments in the same order as + /// the arguments to [`from_raw_parts`]. + /// + /// After calling this function, the caller is responsible for the + /// memory previously managed by the `String`. The only way to do + /// this is to convert the raw pointer, length, and capacity back + /// into a `String` with the [`from_raw_parts`] function, allowing + /// the destructor to perform the cleanup. + /// + /// [`from_raw_parts`]: #method.from_raw_parts + /// + /// # Examples + /// + /// ``` + /// #![feature(vec_into_raw_parts)] + /// let s = String::from("hello"); + /// + /// let (ptr, len, cap) = s.into_raw_parts(); + /// + /// let rebuilt = unsafe { String::from_raw_parts(ptr, len, cap) }; + /// assert_eq!(rebuilt, "hello"); + /// ``` + #[unstable(feature = "vec_into_raw_parts", reason = "new API", issue = "65816")] + pub fn into_raw_parts(self) -> (*mut u8, usize, usize) { + self.vec.into_raw_parts() + } + /// Creates a new `String` from a length, capacity, and pointer. /// /// # Safety @@ -678,6 +710,7 @@ impl String { /// unsafe { /// let s = String::from("hello"); /// + // FIXME Update this when vec_into_raw_parts is stabilized /// // Prevent automatically dropping the String's data /// let mut s = mem::ManuallyDrop::new(s); /// diff --git a/src/liballoc/vec.rs b/src/liballoc/vec.rs index c8fb897123475..641f9eafa8d23 100644 --- a/src/liballoc/vec.rs +++ b/src/liballoc/vec.rs @@ -358,6 +358,44 @@ impl Vec { } } + /// Decomposes a `Vec` into its raw components. + /// + /// Returns the raw pointer to the underlying data, the length of + /// the vector (in elements), and the allocated capacity of the + /// data (in elements). These are the same arguments in the same + /// order as the arguments to [`from_raw_parts`]. + /// + /// After calling this function, the caller is responsible for the + /// memory previously managed by the `Vec`. The only way to do + /// this is to convert the raw pointer, length, and capacity back + /// into a `Vec` with the [`from_raw_parts`] function, allowing + /// the destructor to perform the cleanup. + /// + /// [`from_raw_parts`]: #method.from_raw_parts + /// + /// # Examples + /// + /// ``` + /// #![feature(vec_into_raw_parts)] + /// let v: Vec = vec![-1, 0, 1]; + /// + /// let (ptr, len, cap) = v.into_raw_parts(); + /// + /// let rebuilt = unsafe { + /// // We can now make changes to the components, such as + /// // transmuting the raw pointer to a compatible type. + /// let ptr = ptr as *mut u32; + /// + /// Vec::from_raw_parts(ptr, len, cap) + /// }; + /// assert_eq!(rebuilt, [4294967295, 0, 1]); + /// ``` + #[unstable(feature = "vec_into_raw_parts", reason = "new API", issue = "65816")] + pub fn into_raw_parts(self) -> (*mut T, usize, usize) { + let mut me = mem::ManuallyDrop::new(self); + (me.as_mut_ptr(), me.len(), me.capacity()) + } + /// Creates a `Vec` directly from the raw components of another vector. /// /// # Safety @@ -391,6 +429,7 @@ impl Vec { /// /// let v = vec![1, 2, 3]; /// + // FIXME Update this when vec_into_raw_parts is stabilized /// // Prevent running `v`'s destructor so we are in complete control /// // of the allocation. /// let mut v = mem::ManuallyDrop::new(v); diff --git a/src/libcore/intrinsics.rs b/src/libcore/intrinsics.rs index b240d059114eb..4655d39fb8f1f 100644 --- a/src/libcore/intrinsics.rs +++ b/src/libcore/intrinsics.rs @@ -874,6 +874,7 @@ extern "rust-intrinsic" { /// // the original inner type (`&i32`) to the converted inner type /// // (`Option<&i32>`), so read the nomicon pages linked above. /// let v_from_raw = unsafe { + // FIXME Update this when vec_into_raw_parts is stabilized /// // Ensure the original vector is not dropped. /// let mut v_clone = std::mem::ManuallyDrop::new(v_clone); /// Vec::from_raw_parts(v_clone.as_mut_ptr() as *mut Option<&i32>, From dfcfca28ad1321aff82503ebfffd40cf6476a7a2 Mon Sep 17 00:00:00 2001 From: Mazdak Farrokhzad Date: Thu, 24 Oct 2019 03:21:23 +0200 Subject: [PATCH 15/16] Take out an insurance policy in case `iter.size_hint()` lies, underreporting the number of elements. --- src/librustc/ty/context.rs | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/src/librustc/ty/context.rs b/src/librustc/ty/context.rs index f958a7e357b39..0f7d5d9a25e61 100644 --- a/src/librustc/ty/context.rs +++ b/src/librustc/ty/context.rs @@ -2930,14 +2930,18 @@ impl InternIteratorElement for Result { // lower bounds from `size_hint` agree they are correct. Ok(match iter.size_hint() { (1, Some(1)) => { - f(&[iter.next().unwrap()?]) + let t0 = iter.next().unwrap()?; + assert!(iter.next().is_none()); + f(&[t0]) } (2, Some(2)) => { let t0 = iter.next().unwrap()?; let t1 = iter.next().unwrap()?; + assert!(iter.next().is_none()); f(&[t0, t1]) } (0, Some(0)) => { + assert!(iter.next().is_none()); f(&[]) } _ => { From 381c4425b7d0f428df6576f085ea03b1d42e06af Mon Sep 17 00:00:00 2001 From: Mara Bos Date: Fri, 25 Oct 2019 17:22:03 +0200 Subject: [PATCH 16/16] Fix slice::as_ptr_range doctest. --- src/libcore/slice/mod.rs | 17 ++++++++++------- 1 file changed, 10 insertions(+), 7 deletions(-) diff --git a/src/libcore/slice/mod.rs b/src/libcore/slice/mod.rs index 185913a47f1a2..cdada1252d2bf 100644 --- a/src/libcore/slice/mod.rs +++ b/src/libcore/slice/mod.rs @@ -422,15 +422,18 @@ impl [T] { /// use two pointers to refer to a range of elements in memory, as is /// common in C++. /// - /// It can also be useful to check if a reference or pointer to an element - /// refers to an element of this slice: + /// It can also be useful to check if a pointer to an element refers to an + /// element of this slice: /// /// ``` - /// let a = [1,2,3]; - /// let x = &a[1]; - /// let y = &5; - /// assert!(a.as_ptr_range().contains(x)); - /// assert!(!a.as_ptr_range().contains(y)); + /// #![feature(slice_ptr_range)] + /// + /// let a = [1, 2, 3]; + /// let x = &a[1] as *const _; + /// let y = &5 as *const _; + /// + /// assert!(a.as_ptr_range().contains(&x)); + /// assert!(!a.as_ptr_range().contains(&y)); /// ``` /// /// [`as_ptr`]: #method.as_ptr