Skip to content

Document that CFI diverges from Rust wrt. ABI-compatibility rules#155361

Open
Darksonn wants to merge 8 commits intorust-lang:mainfrom
Darksonn:abi-cfi
Open

Document that CFI diverges from Rust wrt. ABI-compatibility rules#155361
Darksonn wants to merge 8 commits intorust-lang:mainfrom
Darksonn:abi-cfi

Conversation

@Darksonn
Copy link
Copy Markdown
Member

@Darksonn Darksonn commented Apr 15, 2026
edited by rustbot
Loading

View all comments

The CFI sanitizer is a sanitizer that checks that no ABI-incompatible function calls are made at runtime, but there is currently an unfortunate divergence between the Rust ABI-compatibility rules and what the CFI sanitizer checks. Thus, document that this divergence exists.

There are proposals for how we can align the ABI rules to eliminate this discrepancy, and I would like to follow through with those, but for now I think we can at least document that the discrepancy exists.

For further discussion please see Re-evaluate ABI compatibility rules in light of CFI and Can CFI be made compatible with type erasure schemes? and fn_cast! macro.

cc @rcvalle @samitolvanen @maurer @bjorn3 @RalfJung

Rendered:

image

@Darksonn Darksonn added A-docs Area: Documentation for any part of the project, including the compiler, standard library, and tools A-ABI Area: Concerning the application binary interface (ABI) PG-exploit-mitigations Project group: Exploit mitigations A-control-flow-integrity Area: Control Flow Integrity (CFI) security mitigation labels Apr 15, 2026
@rustbot rustbot added S-waiting-on-review Status: Awaiting review from the assignee but also interested parties. T-libs Relevant to the library team, which will review and decide on the PR/issue. labels Apr 15, 2026
@rustbot
Copy link
Copy Markdown
Collaborator

rustbot commented Apr 15, 2026

r? @scottmcm

rustbot has assigned @scottmcm.
They will have a look at your PR within the next two weeks and either review your PR or reassign to another reviewer.

Use r? to explicitly pick a reviewer

Why was this reviewer chosen?

The reviewer was selected based on:

  • Owners of files modified in this PR: @scottmcm, libs
  • @scottmcm, libs expanded to 7 candidates
  • Random selection from Mark-Simulacrum, jhpratt, scottmcm

RalfJung
RalfJung reviewed Apr 16, 2026
View reviewed changes
Comment thread library/core/src/primitive_docs.rs Outdated
Comment thread library/core/src/primitive_docs.rs Outdated
Comment thread library/core/src/primitive_docs.rs Outdated
Darksonn added 7 commits April 16, 2026 06:25
@Darksonn
NonNull and Box are currently immutable
c48c001
@Darksonn
Comment on C integers without the flag
c4631a4
@Darksonn
Reword slightly
1f25164
@Darksonn
Make instability clearer
74f9832
@Darksonn
Take note about C back out
39bdc73 
This was too confusing. This section is about Rust-to-Rust calls, so it
sounds like it's referring to how core::ffi::c_int and similar behave,
but that is not the case (it's about how C does it, which differs from
what core::ffi::c_int does), and either way it is off-topic for
Rust-to-Rust calls.
@Darksonn
Update caveats
90935f4
@Darksonn
Fix typo
aabf39c
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@RalfJung RalfJung RalfJung left review comments

Assignees

@scottmcm scottmcm

Labels

A-ABI Area: Concerning the application binary interface (ABI) A-control-flow-integrity Area: Control Flow Integrity (CFI) security mitigation A-docs Area: Documentation for any part of the project, including the compiler, standard library, and tools PG-exploit-mitigations Project group: Exploit mitigations S-waiting-on-review Status: Awaiting review from the assignee but also interested parties. T-libs Relevant to the library team, which will review and decide on the PR/issue.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@Darksonn @rustbot @RalfJung @scottmcm