[eRFC] add -Z emit-stack-sizes
# What
This PR exposes LLVM's ability to report the stack usage of each function through the unstable /
experimental `-Z emit-stack-sizes` flag.
# Motivation
The end goal is to enable whole program analysis of stack usage to prove absence of stack overflows
at compile time. Such property is important in systems that lack a MMU / MPU and where stack
overflows can corrupt memory. And in systems that have protection against stack overflows such proof
can be used to opt out of runtime checks (e.g. stack probes or the MPU).
Such analysis requires the call graph of the program, which can be obtained from MIR, and the stack
usage of each function in the program. Precise information about the later later can only be
obtained from LLVM as it depends on the optimization level and optimization options like LTO.
This PR does **not** attempt to add the ability to perform such whole program analysis to rustc;
it simply does the minimal amount of work to enable such analysis to be implemented out of tree.
# Implementation
This PR exposes a way to set LLVM's `EmitStackSizeSection` option from the command line. The option
is documented [here]; the documentation is copied below for convenience and posteriority:
[here]: https://llvm.org/docs/CodeGenerator.html#emitting-function-stack-size-information
> A section containing metadata on function stack sizes will be emitted when
> TargetLoweringObjectFile::StackSizesSection is not null, and TargetOptions::EmitStackSizeSection
> is set (-stack-size-section). The section will contain an array of pairs of function symbol values
> (pointer size) and stack sizes (unsigned LEB128). The stack size values only include the space
> allocated in the function prologue. Functions with dynamic stack allocations are not included.
Where the LLVM feature is not available (e.g. LLVM version < 6.0) or can't be applied (e.g. the
output format doesn't support sections e.g. .wasm files) the flag does nothing -- i.e. no error or
warning is emitted.
# Example usage
``` console
$ cargo new --bin hello && cd $_
$ cat >src/main.rs <<'EOF'
use std::{mem, ptr};
fn main() {
registers();
stack();
}
#[inline(never)]
fn registers() {
unsafe {
// values loaded into registers
ptr::read_volatile(&(0u64, 1u64));
}
}
#[inline(never)]
fn stack() {
unsafe {
// array allocated on the stack
let array: [i32; 4] = mem::uninitialized();
for elem in &array {
ptr::read_volatile(&elem);
}
}
}
EOF
$ # we need a custom linking step to preserve the .stack_sizes section
$ # (see unresolved questions for a solution that doesn't require custom linking)
$ cat > keep-stack-sizes.x <<'EOF'
SECTIONS
{
.stack_sizes :
{
KEEP(*(.stack_sizes));
}
}
EOF
$ cargo rustc --release -- \
-Z emit-stack-sizes \
-C link-arg=-Wl,-Tkeep-stack-sizes.x \
-C link-arg=-N
$ size -A target/release/hello | grep stack_sizes
.stack_sizes 117 185136
```
Then a tool like [`stack-sizes`] can be used to print the information in human readable format
[`stack-sizes`]: https://github.com/japaric/stack-sizes/#stack-sizes
``` console
$ stack-sizes target/release/hello
address size name
0x000000000004b0 0 core::array::<impl core::iter::traits::IntoIterator for &'a [T; _]>::into_iter::ha50e6661c0ec84aa
0x000000000004c0 8 std::rt::lang_start::ha02aea783e0e1b3e
0x000000000004f0 8 std::rt::lang_start::{{closure}}::h5115b527d5244952
0x00000000000500 8 core::ops::function::FnOnce::call_once::h6bfa1076da82b0fb
0x00000000000510 0 core::ptr::drop_in_place::hb4de82e57787bc70
0x00000000000520 8 hello::main::h08bb6cec0556bd66
0x00000000000530 0 hello::registers::h9d058a5d765ec1d2
0x00000000000540 24 hello::stack::h88c8cb66adfdc6f3
0x00000000000580 8 main
0x000000000005b0 0 __rust_alloc
0x000000000005c0 0 __rust_dealloc
0x000000000005d0 0 __rust_realloc
0x000000000005e0 0 __rust_alloc_zeroed
```
# Stability
Like `-Z sanitize` this is a re-export of an LLVM feature. To me knowledge, we don't have a policy
about stabilization of such features as they are incompatible with, or demand extra implementation
effort from, alternative backends (e.g. cranelift). As such this feature will remain experimental /
unstable for the foreseeable future.
# Unresolved questions
## Section name
Should we rename the `.stack_sizes` section to `.debug_stacksizes`?
With the former name linkers will strip the section unless told otherwise using a linker script,
which means getting this information requires both knowledge about linker scripts and a custom
linker invocation (see example above).
If we use the `.debug_stacksizes` name (I believe) linkers will always keep the section, which means
`-Z emit-stack-sizes` is the only thing required to get the stack usage information.
# ~TODOs~
~Investigate why this doesn't work with the `thumb` targets. I get the LLVM error shown below:~
``` console
$ cargo new --lib foo && cd $_
$ echo '#![no_std] pub fn foo() {}' > src/lib.rs
$ cargo rustc --target thumbv7m-none-eabi -- -Z emit-stack-sizes
LLVM ERROR: unsupported relocation on symbol
```
~which sounds like it might be related to the `relocation-model` option. Maybe `relocation-model =
static` is not supported for some reason?~
This fixed itself after the LLVM upgrade.
---
r? @nikomatsakis
cc @rust-lang/compiler @perlindgren @whitequark
projects / rust.git / commitdiff