Dependency data not embedded unless inject_dependency_list!() return value is used

[Shnatsel]

Dependency information will not be present in the final binary, unless the data returned by auditable::inject_dependency_list!() is actually used somewhere in the binary (printed, put into test::black_box, etc).

This is actually a bug in rustc: rust-lang/rust#47384

[nilgoyette]

I tested this project in our commercial project and there's something I don't understand. You advice to add

println!("{}", COMPRESSED_DEPENDENCY_LIST[0]);

in our main.rs so the variable is used and thus added into the binary strings. This, if course, prints something when the program starts. Obviously I and pretty much everybody don't want anything printed in their console. I can't use nightly either, so the black box trick won't do.

Is there any other tricks to use? Or maybe a better question: should we use this project or the only end goal is to add it into cargo and then we use it?

[Shnatsel]

Is there any other tricks to use?

You can only print it if a certain command-line parameter is passed, like with --help. Anything that uses the data in some way will work.

Or maybe a better question: should we use this project or the only end goal is to add it into cargo and then we use it?

The eventual goal is to add it to Cargo itself, but before that it would be great to see how the approach works in practice and if there is anything we need to change before stabilizing the format. So please use it and provide feedback - it's much easier to act on it here than after it's merged into cargo!

[niklasf]

The crate bencher implements black_box in stable Rust like https://docs.rs/bencher/0.1.5/src/bencher/lib.rs.html#590-596, because the optimizer currently does not remove volatile reads. It's a bit sad to resort to unsafe, though:

unsafe {
    // Safety: u8 is Copy.
    ptr::read_volatile(&COMPRESSED_DEPENDENCY_LIST[0]);
}

[mwaitzman]

The relevant issue (rust-lang/rust#47384) appears to have been quietly fixed, and is now closed as of a week ago

[Shnatsel]

It still isn't usable for ELF - we need #[used(linker)] rather than the current #[used] which is equivalent to #[used(compiler)]. It's difficult to support because only very recent ELF linkers implement the required flags.

I think the way to go is to implement external injection instead, as discussed in #29. I have a prototype in a branch already.

[mwaitzman]

Oh okay. I was just making sure you were aware that the issue had closed

[Shnatsel]

External injection via cargo auditable is now the default, and it avoids this problem.