Skip to content

kcfi: only reify trait methods when dyn-compatible #146865

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Oct 7, 2025
Merged

kcfi: only reify trait methods when dyn-compatible #146865

merged 1 commit into from
Oct 7, 2025
+100 −5

Conversation

folkertdev
Copy link
Contributor

@folkertdev folkertdev commented Sep 21, 2025
edited
Loading

fixes #146853

Only generate a ReifyShim for trait method calls if the trait is dyn-compatible.

Until now kcfi would generate a ReifyShim whenever a trait method was cast to a function pointer. But technically the shim is only needed for dyn-compatible traits (where the method might end up in a vtable).

Up to this point that was only slightly inefficient, but in combination with c-variadic trait methods it is wrong. For c-variadic trait methods the generated shim is incorrect, and that is why c-variadic methods make a trait no longer dyn-compatible: we should simply never generate a ReifyShim that is c-variadic.

With this change the documentation on ReifyReason is now actually correct:

If KCFI is enabled, creating a function pointer from a method on a dyn-compatible trait. This includes the case of converting ::call-like methods on closure-likes to function pointers.

cc @maurer @workingjubilee

r? @rcvalle

@folkertdev folkertdev added A-sanitizers Area: Sanitizers for correctness and code quality F-c_variadic `#![feature(c_variadic)]` labels Sep 21, 2025
@rustbot
Copy link
Collaborator

rustbot commented Sep 21, 2025

Some changes occurred in tests/codegen-llvm/sanitizer

cc @rcvalle

Some changes occurred in tests/ui/sanitizer

cc @rcvalle

@rustbot rustbot added PG-exploit-mitigations Project group: Exploit mitigations S-waiting-on-review Status: Awaiting review from the assignee but also interested parties. T-compiler Relevant to the compiler team, which will review and decide on the PR/issue. labels Sep 21, 2025
folkertdev
folkertdev commented Sep 21, 2025
View reviewed changes
@folkertdev folkertdev force-pushed the kcfi-only-reify-dyn-compatible branch from 38c36cd to f419c93 Compare September 22, 2025 08:16
@rust-log-analyzer

This comment has been minimized.

Sign in to view
@folkertdev folkertdev force-pushed the kcfi-only-reify-dyn-compatible branch from f419c93 to f51fb91 Compare September 22, 2025 10:30
@workingjubilee
Copy link
Member

@folkertdev Thanks for fixing this!

@folkertdev
Copy link
Contributor Author

ping @rcvalle, I think you're the only person that can review this really?

@rcvalle
Copy link
Member

rcvalle commented Oct 7, 2025

@folkertdev sorry for the delay. Thank you for you for your time and working on this! Much appreciated.

@rcvalle
Copy link
Member

rcvalle commented Oct 7, 2025

@bors r+

@bors
Copy link
Collaborator

bors commented Oct 7, 2025

📌 Commit f51fb91 has been approved by rcvalle

It is now in the queue for this repository.

@bors bors added S-waiting-on-bors Status: Waiting on bors to run and complete tests. Bors will change the label on completion. and removed S-waiting-on-review Status: Awaiting review from the assignee but also interested parties. labels Oct 7, 2025
Zalathar added a commit to Zalathar/rust that referenced this pull request Oct 7, 2025
@Zalathar
Rollup merge of rust-lang#146865 - folkertdev:kcfi-only-reify-dyn-com…
2d09935 
…patible, r=rcvalle

kcfi: only reify trait methods when dyn-compatible

fixes rust-lang#146853

Only generate a `ReifyShim` for trait method calls if the trait is dyn-compatible.

Until now kcfi would generate a `ReifyShim` whenever a trait method was cast to a function pointer. But technically the shim is only needed for dyn-compatible traits (where the method might end up in a vtable).

Up to this point that was only slightly inefficient, but in combination with c-variadic trait methods it is wrong. For c-variadic trait methods the generated shim is incorrect, and that is why c-variadic methods make a trait no longer dyn-compatible: we should simply never generate a `ReifyShim` that is c-variadic.

With this change the documentation on `ReifyReason` is now actually correct:

>  If KCFI is enabled, creating a function pointer from a method on a dyn-compatible trait. This includes the case of converting `::call`-like methods on closure-likes to function pointers.

cc `@maurer` `@workingjubilee`

r? `@rcvalle`
@Zalathar Zalathar mentioned this pull request Oct 7, 2025
Closed
bors added a commit that referenced this pull request Oct 7, 2025
@bors
Auto merge of #147435 - Zalathar:rollup-i8p1phg, r=Zalathar
c0f63a4 
Rollup of 7 pull requests

Successful merges:

 - #143900 ([rustdoc] Correctly handle `should_panic` doctest attribute and fix `--no-run` test flag on the 2024 edition)
 - #145608 (Prevent downstream `impl DerefMut for Pin<LocalType>`)
 - #146865 (kcfi: only reify trait methods when dyn-compatible)
 - #147390 (Use globals instead of metadata for std::autodiff)
 - #147398 (Fix; correct placement of type inference error for method calls)
 - #147431 (compiletest: Read the whole test file before parsing directives)
 - #147433 (Fix doc comment)

r? `@ghost`
`@rustbot` modify labels: rollup
Zalathar added a commit to Zalathar/rust that referenced this pull request Oct 7, 2025
@Zalathar
Rollup merge of rust-lang#146865 - folkertdev:kcfi-only-reify-dyn-com…
b222013 
…patible, r=rcvalle

kcfi: only reify trait methods when dyn-compatible

fixes rust-lang#146853

Only generate a `ReifyShim` for trait method calls if the trait is dyn-compatible.

Until now kcfi would generate a `ReifyShim` whenever a trait method was cast to a function pointer. But technically the shim is only needed for dyn-compatible traits (where the method might end up in a vtable).

Up to this point that was only slightly inefficient, but in combination with c-variadic trait methods it is wrong. For c-variadic trait methods the generated shim is incorrect, and that is why c-variadic methods make a trait no longer dyn-compatible: we should simply never generate a `ReifyShim` that is c-variadic.

With this change the documentation on `ReifyReason` is now actually correct:

>  If KCFI is enabled, creating a function pointer from a method on a dyn-compatible trait. This includes the case of converting `::call`-like methods on closure-likes to function pointers.

cc ``@maurer`` ``@workingjubilee``

r? ``@rcvalle``
@Zalathar Zalathar mentioned this pull request Oct 7, 2025
Closed
bors added a commit that referenced this pull request Oct 7, 2025
@bors
Auto merge of #147440 - Zalathar:rollup-ncjsxjb, r=Zalathar
57c370a 
Rollup of 8 pull requests

Successful merges:

 - #145608 (Prevent downstream `impl DerefMut for Pin<LocalType>`)
 - #146865 (kcfi: only reify trait methods when dyn-compatible)
 - #147205 (Add a new `wasm32-wasip3` target to Rust)
 - #147390 (Use globals instead of metadata for std::autodiff)
 - #147398 (Fix; correct placement of type inference error for method calls)
 - #147422 (collect-license-metadata: Print a diff of the expected output)
 - #147431 (compiletest: Read the whole test file before parsing directives)
 - #147433 (Fix doc comment)

r? `@ghost`
`@rustbot` modify labels: rollup
bors added a commit that referenced this pull request Oct 7, 2025
@bors
Auto merge of #147440 - Zalathar:rollup-ncjsxjb, r=Zalathar
b7fd7fc 
Rollup of 8 pull requests

Successful merges:

 - #145608 (Prevent downstream `impl DerefMut for Pin<LocalType>`)
 - #146865 (kcfi: only reify trait methods when dyn-compatible)
 - #147205 (Add a new `wasm32-wasip3` target to Rust)
 - #147390 (Use globals instead of metadata for std::autodiff)
 - #147398 (Fix; correct placement of type inference error for method calls)
 - #147422 (collect-license-metadata: Print a diff of the expected output)
 - #147431 (compiletest: Read the whole test file before parsing directives)
 - #147433 (Fix doc comment)

r? `@ghost`
`@rustbot` modify labels: rollup
@matthiaskrgr matthiaskrgr mentioned this pull request Oct 7, 2025
Merged
bors added a commit that referenced this pull request Oct 7, 2025
@bors
Auto merge of #147453 - matthiaskrgr:rollup-z3db8zi, r=matthiaskrgr
f6aa851 
Rollup of 8 pull requests

Successful merges:

 - #146865 (kcfi: only reify trait methods when dyn-compatible)
 - #147205 (Add a new `wasm32-wasip3` target to Rust)
 - #147322 (cg_llvm: Consistently import `llvm::Type` and `llvm::Value`)
 - #147398 (Fix; correct placement of type inference error for method calls)
 - #147410 (Update `S-waiting-on-team` refs to new `S-waiting-on-{team}` labels)
 - #147422 (collect-license-metadata: Print a diff of the expected output)
 - #147431 (compiletest: Read the whole test file before parsing directives)
 - #147433 (Fix doc comment)

Failed merges:

 - #147390 (Use globals instead of metadata for std::autodiff)

r? `@ghost`
`@rustbot` modify labels: rollup
@bors bors merged commit ffba05e into rust-lang:master Oct 7, 2025
10 checks passed
@rustbot rustbot added this to the 1.92.0 milestone Oct 7, 2025
rust-timer added a commit that referenced this pull request Oct 7, 2025
@rust-timer
Unrolled build for #146865
33da95c 
Rollup merge of #146865 - folkertdev:kcfi-only-reify-dyn-compatible, r=rcvalle

kcfi: only reify trait methods when dyn-compatible

fixes #146853

Only generate a `ReifyShim` for trait method calls if the trait is dyn-compatible.

Until now kcfi would generate a `ReifyShim` whenever a trait method was cast to a function pointer. But technically the shim is only needed for dyn-compatible traits (where the method might end up in a vtable).

Up to this point that was only slightly inefficient, but in combination with c-variadic trait methods it is wrong. For c-variadic trait methods the generated shim is incorrect, and that is why c-variadic methods make a trait no longer dyn-compatible: we should simply never generate a `ReifyShim` that is c-variadic.

With this change the documentation on `ReifyReason` is now actually correct:

>  If KCFI is enabled, creating a function pointer from a method on a dyn-compatible trait. This includes the case of converting `::call`-like methods on closure-likes to function pointers.

cc ```@maurer``` ```@workingjubilee```

r? ```@rcvalle```
github-actions bot pushed a commit to model-checking/verify-rust-std that referenced this pull request Oct 9, 2025
@bors
Auto merge of rust-lang#147453 - matthiaskrgr:rollup-z3db8zi, r=matth…
5aede39 
…iaskrgr

Rollup of 8 pull requests

Successful merges:

 - rust-lang#146865 (kcfi: only reify trait methods when dyn-compatible)
 - rust-lang#147205 (Add a new `wasm32-wasip3` target to Rust)
 - rust-lang#147322 (cg_llvm: Consistently import `llvm::Type` and `llvm::Value`)
 - rust-lang#147398 (Fix; correct placement of type inference error for method calls)
 - rust-lang#147410 (Update `S-waiting-on-team` refs to new `S-waiting-on-{team}` labels)
 - rust-lang#147422 (collect-license-metadata: Print a diff of the expected output)
 - rust-lang#147431 (compiletest: Read the whole test file before parsing directives)
 - rust-lang#147433 (Fix doc comment)

Failed merges:

 - rust-lang#147390 (Use globals instead of metadata for std::autodiff)

r? `@ghost`
`@rustbot` modify labels: rollup
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@rcvalle rcvalle

Labels
A-sanitizers Area: Sanitizers for correctness and code quality F-c_variadic `#![feature(c_variadic)]` PG-exploit-mitigations Project group: Exploit mitigations S-waiting-on-bors Status: Waiting on bors to run and complete tests. Bors will change the label on completion. T-compiler Relevant to the compiler team, which will review and decide on the PR/issue.
Projects
None yet
Milestone
1.92.0
Development

Successfully merging this pull request may close these issues.

ICE: codegen ssa: index out of bounds
6 participants
@folkertdev @rustbot @rust-log-analyzer @workingjubilee @rcvalle @bors