Added initial configuration for BSAN.

Specified bsan branch of LLVM submodule.

Added Borrow sanitizer options to frontend.

Added additional configuration flags for BSAN.

Updated llvm submodule and ensured that retags are allowed in subsequent MIR passes.

Updated LLVM project.

Author: icmccorm

.github/workflows/sync.yml

@@ -0,0 +1,27 @@
+name: sync
+on: workflow_dispatch
+permissions:
+  contents: read
+  pages: write
+  id-token: write
+defaults:
+  run:
+    shell: bash
+concurrency:
+  group: "sync"
+  cancel-in-progress: true
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Identity
+        run: |
+          git config --global user.name "github-actions[bot]"
+          git config --global user.email "github-actions[bot]@users.noreply.github.com"
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+      - name: Rebase
+        run: src/ci/scripts/sync.sh
+      - name: Build
+        run: ./x.py build --stage 1 library

.gitmodules

@@ -54,4 +54,4 @@
 [submodule "src/gcc"]
 	path = src/gcc
 	url = https://github.com/rust-lang/gcc.git
-	shallow = true
+	shallow = true

Cargo.lock

@@ -290,6 +290,10 @@ dependencies = [
  "generic-array",
 ]
 
+[[package]]
+name = "bsan"
+version = "0.1.0"
+
 [[package]]
 name = "bstr"
 version = "1.10.0"

Cargo.toml

@@ -7,6 +7,7 @@ members = [
   "src/rustc-std-workspace/rustc-std-workspace-alloc",
   "src/rustc-std-workspace/rustc-std-workspace-std",
   "src/rustdoc-json-types",
+  "src/tools/bsan",
   "src/tools/build_helper",
   "src/tools/cargotest",
   "src/tools/clippy",

compiler/rustc_borrowck/src/lib.rs

@@ -36,13 +36,13 @@ use rustc_middle::mir::*;
 use rustc_middle::query::Providers;
 use rustc_middle::ty::{self, ParamEnv, RegionVid, TyCtxt, TypingMode};
 use rustc_middle::{bug, span_bug};
-use rustc_mir_dataflow::Analysis;
 use rustc_mir_dataflow::impls::{
     EverInitializedPlaces, MaybeInitializedPlaces, MaybeUninitializedPlaces,
 };
 use rustc_mir_dataflow::move_paths::{
     InitIndex, InitLocation, LookupResult, MoveData, MoveOutIndex, MovePathIndex,
 };
+use rustc_mir_dataflow::Analysis;
 use rustc_session::lint::builtin::UNUSED_MUT;
 use rustc_span::{Span, Symbol};
 use smallvec::SmallVec;
@@ -656,8 +656,12 @@ impl<'a, 'tcx, R> rustc_mir_dataflow::ResultsVisitor<'a, 'tcx, R>
                     state,
                 );
             }
+            StatementKind::Retag { .. } => {
+                if !self.infcx.tcx.sess.emit_retags() {
+                    bug!("Statement not allowed in this MIR phase")
+                }
+            }
             StatementKind::Nop
-            | StatementKind::Retag { .. }
             | StatementKind::Deinit(..)
             | StatementKind::SetDiscriminant { .. } => {
                 bug!("Statement not allowed in this MIR phase")
@@ -1771,11 +1775,11 @@ impl<'a, 'tcx> MirBorrowckCtxt<'a, '_, 'tcx> {
                 mpi,
             );
         } // Only query longest prefix with a MovePath, not further
-        // ancestors; dataflow recurs on children when parents
-        // move (to support partial (re)inits).
-        //
-        // (I.e., querying parents breaks scenario 7; but may want
-        // to do such a query based on partial-init feature-gate.)
+          // ancestors; dataflow recurs on children when parents
+          // move (to support partial (re)inits).
+          //
+          // (I.e., querying parents breaks scenario 7; but may want
+          // to do such a query based on partial-init feature-gate.)
     }
 
     /// Subslices correspond to multiple move paths, so we iterate through the

compiler/rustc_borrowck/src/type_check/mod.rs

@@ -1258,10 +1258,14 @@ impl<'a, 'tcx> TypeChecker<'a, 'tcx> {
                     "Unexpected NonDivergingIntrinsic::CopyNonOverlapping, should only appear after lowering_intrinsics",
                 ),
             },
+            StatementKind::Retag { .. } => {
+                if !self.infcx.tcx.sess.emit_retags() {
+                    bug!("Statement not allowed in this MIR phase")
+                }
+            },
             StatementKind::FakeRead(..)
             | StatementKind::StorageLive(..)
             | StatementKind::StorageDead(..)
-            | StatementKind::Retag { .. }
             | StatementKind::Coverage(..)
             | StatementKind::ConstEvalCounter
             | StatementKind::PlaceMention(..)

compiler/rustc_codegen_llvm/src/attributes.rs

@@ -114,6 +114,9 @@ pub(crate) fn sanitize_attrs<'ll>(
     if enabled.contains(SanitizerSet::SAFESTACK) {
         attrs.push(llvm::AttributeKind::SanitizeSafeStack.create_attr(cx.llcx));
     }
+    if enabled.contains(SanitizerSet::BORROW) {
+        attrs.push(llvm::AttributeKind::SanitizeBorrow.create_attr(cx.llcx));
+    }
     attrs
 }
 

compiler/rustc_codegen_llvm/src/back/write.rs

@@ -553,6 +553,7 @@ pub(crate) unsafe fn llvm_optimize(
             sanitize_kernel_address_recover: config
                 .sanitizer_recover
                 .contains(SanitizerSet::KERNELADDRESS),
+            sanitize_borrow: config.sanitizer.contains(SanitizerSet::BORROW),
         })
     } else {
         None

compiler/rustc_codegen_llvm/src/llvm/ffi.rs

@@ -252,6 +252,7 @@ pub enum AttributeKind {
     FnRetThunkExtern = 41,
     Writable = 42,
     DeadOnUnwind = 43,
+    SanitizeBorrow = 44,
 }
 
 /// LLVMIntPredicate
@@ -541,6 +542,7 @@ pub struct SanitizerOptions {
     pub sanitize_hwaddress_recover: bool,
     pub sanitize_kernel_address: bool,
     pub sanitize_kernel_address_recover: bool,
+    pub sanitize_borrow: bool,
 }
 
 /// LLVMRelocMode

compiler/rustc_codegen_llvm/src/retag.rs

@@ -1315,6 +1315,9 @@ fn add_sanitizer_libraries(
     if sanitizer.contains(SanitizerSet::ADDRESS) {
         link_sanitizer_runtime(sess, flavor, linker, "asan");
     }
+    if sanitizer.contains(SanitizerSet::BORROW) {
+        link_sanitizer_runtime(sess, flavor, linker, "bsan");
+    }
     if sanitizer.contains(SanitizerSet::DATAFLOW) {
         link_sanitizer_runtime(sess, flavor, linker, "dfsan");
     }

compiler/rustc_codegen_ssa/src/back/link.rs

@@ -337,6 +337,10 @@ fn codegen_fn_attrs(tcx: TyCtxt<'_>, did: LocalDefId) -> CodegenFnAttrs {
                                 codegen_fn_attrs.no_sanitize |=
                                     SanitizerSet::ADDRESS | SanitizerSet::KERNELADDRESS
                             }
+                            sym::borrow => {
+                                codegen_fn_attrs.no_sanitize |=
+                                    SanitizerSet::BORROW
+                            }
                             sym::cfi => codegen_fn_attrs.no_sanitize |= SanitizerSet::CFI,
                             sym::kcfi => codegen_fn_attrs.no_sanitize |= SanitizerSet::KCFI,
                             sym::memory => codegen_fn_attrs.no_sanitize |= SanitizerSet::MEMORY,

compiler/rustc_codegen_ssa/src/codegen_attrs.rs

@@ -87,8 +87,9 @@ impl<'a, 'tcx, Bx: BuilderMethods<'a, 'tcx>> FunctionCx<'a, 'tcx, Bx> {
                 let src = src_val.immediate();
                 bx.memcpy(dst, align, src, align, bytes, crate::MemFlags::empty());
             }
+
+            mir::StatementKind::Retag { .. } => if self.cx.sess().emit_retags() {},
             mir::StatementKind::FakeRead(..)
-            | mir::StatementKind::Retag { .. }
             | mir::StatementKind::AscribeUserType(..)
             | mir::StatementKind::ConstEvalCounter
             | mir::StatementKind::PlaceMention(..)

compiler/rustc_codegen_ssa/src/mir/statement.rs

@@ -0,0 +1,9 @@
+/*
+use crate::traits::BackendTypes;
+
+pub trait BSANMethods<'tcx>: BackendTypes {
+    /// Take an inline assembly expression and splat it out via LLVM
+    fn track_operand(&mut self);
+}
+
+ */

compiler/rustc_codegen_ssa/src/traits/bsan.rs

@@ -14,6 +14,7 @@
 mod abi;
 mod asm;
 mod backend;
+mod bsan;
 mod builder;
 mod consts;
 mod coverageinfo;

compiler/rustc_codegen_ssa/src/traits/mod.rs

@@ -98,6 +98,7 @@ enum LLVMRustAttribute {
   FnRetThunkExtern = 41,
   Writable = 42,
   DeadOnUnwind = 43,
+  SanitizeBorrow = 44,
 };
 
 typedef struct OpaqueRustString *RustStringRef;

compiler/rustc_llvm/llvm-wrapper/LLVMWrapper.h

@@ -36,6 +36,7 @@
 #include "llvm/Transforms/IPO/LowerTypeTests.h"
 #include "llvm/Transforms/IPO/ThinLTOBitcodeWriter.h"
 #include "llvm/Transforms/Instrumentation/AddressSanitizer.h"
+#include "llvm/Transforms/Instrumentation/BorrowSanitizer.h"
 #include "llvm/Transforms/Instrumentation/DataFlowSanitizer.h"
 #include "llvm/Transforms/Utils/AddDiscriminators.h"
 #include "llvm/Transforms/Utils/FunctionImportUtils.h"
@@ -671,6 +672,7 @@ struct LLVMRustSanitizerOptions {
   bool SanitizeHWAddressRecover;
   bool SanitizeKernelAddress;
   bool SanitizeKernelAddressRecover;
+  bool SanitizeBorrow;
 };
 
 extern "C" LLVMRustResult LLVMRustOptimize(
@@ -914,6 +916,13 @@ extern "C" LLVMRustResult LLVMRustOptimize(
             MPM.addPass(HWAddressSanitizerPass(opts));
           });
     }
+    if (SanitizerOptions->SanitizeBorrow) {
+      OptimizerLastEPCallbacks.push_back(
+          [SanitizerOptions](ModulePassManager &MPM, OptimizationLevel Level) {
+            BorrowSanitizerOptions opts;
+            MPM.addPass(BorrowSanitizerPass(opts));
+          });
+    }
   }
 
   ModulePassManager MPM;

compiler/rustc_llvm/llvm-wrapper/PassWrapper.cpp

@@ -302,7 +302,10 @@ static Attribute::AttrKind fromRust(LLVMRustAttribute Kind) {
     return Attribute::Writable;
   case DeadOnUnwind:
     return Attribute::DeadOnUnwind;
+  case SanitizeBorrow:
+    return Attribute::SanitizeBorrow;
   }
+  
   report_fatal_error("bad AttributeKind");
 }
 

compiler/rustc_llvm/llvm-wrapper/RustWrapper.cpp

@@ -7,7 +7,6 @@
 use rustc_hir::LangItem;
 use rustc_middle::mir::*;
 use rustc_middle::ty::{self, Ty, TyCtxt};
-
 pub(super) struct AddRetag;
 
 /// Determine whether this type may contain a reference (or box), and thus needs retagging.
@@ -50,7 +49,7 @@ fn may_contain_reference<'tcx>(ty: Ty<'tcx>, depth: u32, tcx: TyCtxt<'tcx>) -> b
 
 impl<'tcx> crate::MirPass<'tcx> for AddRetag {
     fn is_enabled(&self, sess: &rustc_session::Session) -> bool {
-        sess.opts.unstable_opts.mir_emit_retag
+        sess.emit_retags()
     }
 
     fn run_pass(&self, tcx: TyCtxt<'tcx>, body: &mut Body<'tcx>) {

compiler/rustc_mir_transform/src/add_retag.rs

@@ -245,7 +245,7 @@ fn build_drop_shim<'tcx>(tcx: TyCtxt<'tcx>, def_id: DefId, ty: Option<Ty<'tcx>>)
 
     // The first argument (index 0), but add 1 for the return value.
     let mut dropee_ptr = Place::from(Local::new(1 + 0));
-    if tcx.sess.opts.unstable_opts.mir_emit_retag {
+    if tcx.sess.emit_retags() {
         // We want to treat the function argument as if it was passed by `&mut`. As such, we
         // generate
         // ```

compiler/rustc_mir_transform/src/shim.rs

@@ -384,7 +384,7 @@ mod desc {
     pub(crate) const parse_opt_panic_strategy: &str = parse_panic_strategy;
     pub(crate) const parse_oom_strategy: &str = "either `panic` or `abort`";
     pub(crate) const parse_relro_level: &str = "one of: `full`, `partial`, or `off`";
-    pub(crate) const parse_sanitizers: &str = "comma separated list of sanitizers: `address`, `cfi`, `dataflow`, `hwaddress`, `kcfi`, `kernel-address`, `leak`, `memory`, `memtag`, `safestack`, `shadow-call-stack`, or `thread`";
+    pub(crate) const parse_sanitizers: &str = "comma separated list of sanitizers: `address`, `borrow`, `cfi`, `dataflow`, `hwaddress`, `kcfi`, `kernel-address`, `leak`, `memory`, `memtag`, `safestack`, `shadow-call-stack`, or `thread`";
     pub(crate) const parse_sanitizer_memory_track_origins: &str = "0, 1, or 2";
     pub(crate) const parse_cfguard: &str =
         "either a boolean (`yes`, `no`, `on`, `off`, etc), `checks`, or `nochecks`";
@@ -823,6 +823,7 @@ pub mod parse {
                     "thread" => SanitizerSet::THREAD,
                     "hwaddress" => SanitizerSet::HWADDRESS,
                     "safestack" => SanitizerSet::SAFESTACK,
+                    "borrow" => SanitizerSet::BORROW,
                     _ => return false,
                 }
             }

compiler/rustc_session/src/options.rs

@@ -2,9 +2,9 @@ use std::any::Any;
 use std::ops::{Div, Mul};
 use std::path::{Path, PathBuf};
 use std::str::FromStr;
-use std::sync::Arc;
 use std::sync::atomic::AtomicBool;
 use std::sync::atomic::Ordering::SeqCst;
+use std::sync::Arc;
 use std::{env, fmt, io};
 
 use rustc_data_structures::flock;
@@ -16,12 +16,12 @@ use rustc_data_structures::sync::{
 };
 use rustc_errors::annotate_snippet_emitter_writer::AnnotateSnippetEmitter;
 use rustc_errors::codes::*;
-use rustc_errors::emitter::{DynEmitter, HumanEmitter, HumanReadableErrorType, stderr_destination};
+use rustc_errors::emitter::{stderr_destination, DynEmitter, HumanEmitter, HumanReadableErrorType};
 use rustc_errors::json::JsonEmitter;
 use rustc_errors::registry::Registry;
 use rustc_errors::{
-    Diag, DiagCtxt, DiagCtxtHandle, DiagMessage, Diagnostic, ErrorGuaranteed, FatalAbort,
-    FluentBundle, LazyFallbackBundle, TerminalUrl, fallback_fluent_bundle,
+    fallback_fluent_bundle, Diag, DiagCtxt, DiagCtxtHandle, DiagMessage, Diagnostic,
+    ErrorGuaranteed, FatalAbort, FluentBundle, LazyFallbackBundle, TerminalUrl,
 };
 use rustc_macros::HashStable_Generic;
 pub use rustc_span::def_id::StableCrateId;
@@ -42,7 +42,7 @@ use crate::config::{
     InstrumentCoverage, OptLevel, OutFileName, OutputType, RemapPathScopeComponents,
     SwitchWithOptPath,
 };
-use crate::parse::{ParseSess, add_feature_diagnostics};
+use crate::parse::{add_feature_diagnostics, ParseSess};
 use crate::search_paths::{PathKind, SearchPath};
 use crate::{errors, filesearch, lint};
 
@@ -606,7 +606,13 @@ impl Session {
         // AddressSanitizer and KernelAddressSanitizer uses lifetimes to detect use after scope bugs.
         // MemorySanitizer uses lifetimes to detect use of uninitialized stack variables.
         // HWAddressSanitizer will use lifetimes to detect use after scope bugs in the future.
-        || self.opts.unstable_opts.sanitizer.intersects(SanitizerSet::ADDRESS | SanitizerSet::KERNELADDRESS | SanitizerSet::MEMORY | SanitizerSet::HWADDRESS)
+        // BorrowSanitizer will eventually use lifetimes as well.
+        || self.opts.unstable_opts.sanitizer.intersects(SanitizerSet::ADDRESS | SanitizerSet::BORROW | SanitizerSet::KERNELADDRESS | SanitizerSet::MEMORY | SanitizerSet::HWADDRESS)
+    }
+
+    pub fn emit_retags(&self) -> bool {
+        self.opts.unstable_opts.mir_emit_retag
+            || self.opts.unstable_opts.sanitizer.intersects(SanitizerSet::BORROW)
     }
 
     pub fn diagnostic_width(&self) -> usize {
@@ -650,10 +656,13 @@ impl Session {
     }
 
     pub fn mir_opt_level(&self) -> usize {
-        self.opts
-            .unstable_opts
-            .mir_opt_level
-            .unwrap_or_else(|| if self.opts.optimize != OptLevel::No { 2 } else { 1 })
+        self.opts.unstable_opts.mir_opt_level.unwrap_or_else(|| {
+            if self.opts.optimize != OptLevel::No {
+                2
+            } else {
+                1
+            }
+        })
     }
 
     /// Calculates the flavor of LTO to use for this compilation.
@@ -734,7 +743,8 @@ impl Session {
             let more_names = self.opts.output_types.contains_key(&OutputType::LlvmAssembly)
                 || self.opts.output_types.contains_key(&OutputType::Bitcode)
                 // AddressSanitizer and MemorySanitizer use alloca name when reporting an issue.
-                || self.opts.unstable_opts.sanitizer.intersects(SanitizerSet::ADDRESS | SanitizerSet::MEMORY);
+                // BorrowSanitizer should also have this information.
+                || self.opts.unstable_opts.sanitizer.intersects(SanitizerSet::ADDRESS | SanitizerSet::BORROW | SanitizerSet::MEMORY);
             !more_names
         }
     }

compiler/rustc_session/src/session.rs

@@ -500,6 +500,7 @@ symbols! {
         block,
         bool,
         bool_then,
+        borrow,
         borrowck_graphviz_format,
         borrowck_graphviz_postflow,
         box_new,