Skip to content

Implement -Z allow-partial-mitigations (RFC 3855) #149357

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 3 commits into
base: main
Choose a base branch
from
Open

Implement -Z allow-partial-mitigations (RFC 3855) #149357

wants to merge 3 commits into from

Conversation

@arielb1
Copy link
Contributor

@arielb1 arielb1 commented Nov 26, 2025

This implements -Z allow-partial-mitigations as an unstable option, currently with support for control-flow-guard and stack-protector.

As a difference from the RFC, we have -Z allow-partial-mitigations=!foo rather than -Z deny-partial-mitigations=foo, since I couldn't find an easy way to have an allow/deny pair of flags where the latter flag wins.

To allow for stabilization, this is only enabled starting from the next edition. Maybe a better policy is possible (bikeshed).

r? @rcvalle

@rustbot
Copy link
Collaborator

rustbot commented Nov 26, 2025

These commits modify compiler targets.
(See the Target Tier Policy.)

@rustbot rustbot added S-waiting-on-review Status: Awaiting review from the assignee but also interested parties. T-compiler Relevant to the compiler team, which will review and decide on the PR/issue. labels Nov 26, 2025
@arielb1 arielb1 mentioned this pull request Nov 26, 2025
Open
@rust-log-analyzer

This comment has been minimized.

Sign in to view
@ojeda ojeda mentioned this pull request Nov 26, 2025
Open
63 tasks
@arielb1 arielb1 force-pushed the enforce-partial-mitigations branch from b34534b to 1fefdbe Compare November 26, 2025 19:28
Urgau
Urgau reviewed Nov 26, 2025
View reviewed changes
compiler/rustc_metadata/messages.ftl Outdated
metadata_mitigation_less_strict_in_dependency =
your program uses the crate `{$extern_crate}`, that is not protected by `{$mitigation_name}{$mitigation_level}`
.note = Recompile that crate with the mitigation enabled, or use `-Z allow-partial-mitigations={$mitigation_name}` to allow creating an artifact that has the mitigation only partially enabled
Copy link
Member

@Urgau Urgau Nov 26, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Diagnostics must always start with a lowercase letter.

Suggested change
.note = Recompile that crate with the mitigation enabled, or use `-Z allow-partial-mitigations={$mitigation_name}` to allow creating an artifact that has the mitigation only partially enabled
.note = recompile that `{$extern_crate}` with the mitigation enabled, or use `-Z allow-partial-mitigations={$mitigation_name}` to allow creating an artifact that has the mitigation only partially enabled

compiler/rustc_metadata/messages.ftl Outdated
metadata_mitigation_less_strict_in_dependency =
your program uses the crate `{$extern_crate}`, that is not protected by `{$mitigation_name}{$mitigation_level}`
.note = Recompile that crate with the mitigation enabled, or use `-Z allow-partial-mitigations={$mitigation_name}` to allow creating an artifact that has the mitigation only partially enabled
.help = It is possible to disable `-Z allow-partial-mitigations={$mitigation_name}` via `-Z allow-partial-mitigations=!{$mitigation_name}`
Copy link
Member

@Urgau Urgau Nov 26, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
.help = It is possible to disable `-Z allow-partial-mitigations={$mitigation_name}` via `-Z allow-partial-mitigations=!{$mitigation_name}`
.help = it is possible to disable `-Z allow-partial-mitigations={$mitigation_name}` via `-Z allow-partial-mitigations=!{$mitigation_name}`

@Urgau
Copy link
Member

Urgau commented Nov 26, 2025

To allow for stabilization, this is only enabled starting from the next edition. Maybe a better policy is possible (bikeshed).

I don't think we currently have any command line arguments who is edition depended, that would be a first.

@arielb1
Copy link
Contributor Author

arielb1 commented Nov 26, 2025
edited
Loading

I don't think we currently have any command line arguments who is edition depended, that would be a first.

The behavior for -C control-flow-guard is in the RFC. Tho that RFC is not approved yet.

I do think we want to eventually make -C control-flow-guard enforcing, and I think we have to do that across an edition boundary.

teor2345
teor2345 reviewed Nov 26, 2025
View reviewed changes
compiler/rustc_session/src/options.rs
Some(s) => {
for sub in s.split(',') {
let (sub, enabled) =
if sub.starts_with('!') { (&sub[1..], false) } else { (sub, true) };
Copy link
Contributor

@teor2345 teor2345 Nov 26, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Using ! for negation on the command-line is non-standard. It might also cause shell command parsing issues, because ! is a history search and insert metacharacter in some common shells.

The standard CLI negation prefix is no-, I suggest we use that instead.

The dev guide says to avoid no- for boolean flags, but I don't think that applies to more complex options:

rust/src/doc/rustc-dev-guide/src/cli.md

Lines 15 to 16 in 1be6b13

- Avoid flags with the `no-` prefix. Instead, use the [`parse_bool`] function,
such as `-C embed-bitcode=no`.

Copy link
Contributor Author

@arielb1 arielb1 Nov 26, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I basically put ! as a placeholder. Let's wait with it for a little bit of time until we figure out what to do.

@arielb1 arielb1 force-pushed the enforce-partial-mitigations branch from c72b434 to 2f2a134 Compare November 27, 2025 15:15
Ariel Ben-Yehuda added 3 commits November 27, 2025 15:33
Implement -Z allow-partial-mitigations (RFC 3855)
3463551 
This implements `-Z allow-partial-mitigations` as an unstable option,
currently with support for control-flow-guard and stack-protector.

As a difference from the RFC, we have `-Z allow-partial-mitigations=!foo`
rather than `-Z deny-partial-mitigations=foo`, since I couldn't find an easy
way to have an allow/deny pair of flags where the latter flag wins.

To allow for stabilization, this is only enabled starting from the next edition. Maybe a
better policy is possible (bikeshed).
address review comments
383ca61
allow denying mitigations in earlier editions
99913dd
@arielb1 arielb1 force-pushed the enforce-partial-mitigations branch from 2f2a134 to 99913dd Compare November 27, 2025 16:09
@rustbot
Copy link
Collaborator

rustbot commented Nov 27, 2025

This PR was rebased onto a different main commit. Here's a range-diff highlighting what actually changed.

Rebasing is a normal part of keeping PRs up to date, so no action is needed—this note is just to help reviewers.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Urgau Urgau Urgau left review comments

+1 more reviewer

@teor2345 teor2345 teor2345 left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

@rcvalle rcvalle

Labels

S-waiting-on-review Status: Awaiting review from the assignee but also interested parties. T-compiler Relevant to the compiler team, which will review and decide on the PR/issue.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

6 participants

@arielb1 @rustbot @rust-log-analyzer @Urgau @teor2345 @rcvalle