WIP

Author: ChrisDenton

Cargo.lock

@@ -3323,6 +3323,7 @@ dependencies = [
  "rustc_serialize",
  "rustc_span",
  "tracing",
+ "wit-bindgen-rt 0.33.0",
 ]
 
 [[package]]
@@ -3958,6 +3959,7 @@ dependencies = [
  "rustc_span",
  "thin-vec",
  "tracing",
+ "wit-bindgen-rt 0.39.0",
 ]
 
 [[package]]
@@ -5968,7 +5970,7 @@ version = "0.13.3+wasi-0.2.2"
 source = "registry+https://github.com/rust-lang/crates.io-index"
 checksum = "26816d2e1a4a36a2940b96c5296ce403917633dff8f3440e9b236ed6f6bacad2"
 dependencies = [
- "wit-bindgen-rt",
+ "wit-bindgen-rt 0.33.0",
 ]
 
 [[package]]
@@ -6564,6 +6566,12 @@ dependencies = [
  "bitflags",
 ]
 
+[[package]]
+name = "wit-bindgen-rt"
+version = "0.39.0"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "6f42320e61fe2cfd34354ecb597f86f413484a798ba44a8ca1165c58d42da6c1"
+
 [[package]]
 name = "wit-component"
 version = "0.223.0"

compiler/rustc_abi/Cargo.toml

@@ -17,6 +17,10 @@ rustc_span = { path = "../rustc_span", optional = true }
 tracing = "0.1"
 # tidy-alphabetical-end
 
+# This is a dependency of `rand` and contains a small binary blob for weak linking.
+# It's locked to ensure review of the binary before any updates.
+wit-bindgen-rt = "=0.33.0"
+
 [features]
 # tidy-alphabetical-start
 default = ["nightly", "randomize"]

compiler/rustc_incremental/Cargo.toml

@@ -21,3 +21,7 @@ rustc_span = { path = "../rustc_span" }
 thin-vec = "0.2.12"
 tracing = "0.1"
 # tidy-alphabetical-end
+
+# This is a dependency of `rand` and contains a small binary blob for weak linking.
+# It's locked to ensure review of the binary before any updates.
+wit-bindgen-rt = "=0.39.0"

compiler/rustc_incremental/src/lib.rs

@@ -10,6 +10,9 @@
 #![warn(unreachable_pub)]
 // tidy-alphabetical-end
 
+#[allow(unused_extern_crates)]
+extern crate wit_bindgen_rt;
+
 mod assert_dep_graph;
 mod errors;
 mod persist;
@@ -23,6 +26,7 @@ use rustc_middle::util::Providers;
 
 #[allow(missing_docs)]
 pub fn provide(providers: &mut Providers) {
+    wit_bindgen_rt::maybe_link_cabi_realloc();
     providers.hooks.save_dep_graph =
         |tcx| tcx.sess.time("serialize_dep_graph", || persist::save_dep_graph(tcx));
 }

src/tools/tidy/src/deps.rs

@@ -1,11 +1,12 @@
 //! Checks the licenses of third-party dependencies.
 
-use std::collections::HashSet;
+use std::collections::{HashSet, HashMap};
 use std::fs::{File, read_dir};
 use std::io::Write;
 use std::path::Path;
 
 use build_helper::ci::CiEnv;
+use cargo_metadata::semver::Version;
 use cargo_metadata::{Metadata, Package, PackageId};
 
 #[path = "../../../bootstrap/src/utils/proc_macro_deps.rs"]
@@ -447,7 +448,7 @@ const PERMITTED_RUSTC_DEPENDENCIES: &[&str] = &[
     "windows_x86_64_gnu",
     "windows_x86_64_gnullvm",
     "windows_x86_64_msvc",
-    "wit-bindgen-rt", // via wasi
+    "wit-bindgen-rt@0.33.0", // via wasi
     "writeable",
     "yoke",
     "yoke-derive",
@@ -805,7 +806,17 @@ fn check_permitted_dependencies(
 
     // Check that the PERMITTED_DEPENDENCIES does not have unused entries.
     for permitted in permitted_dependencies {
-        if !deps.iter().any(|dep_id| &pkg_from_id(metadata, dep_id).name == permitted) {
+        fn compare(pkg: &Package, permitted: &str) -> bool {
+            if let Some((name, version)) = permitted.split_once("@") {
+                let Ok(version) = Version::parse(version) else {
+                    return false;
+                };
+                pkg.name == name && pkg.version == version
+            } else {
+                pkg.name == permitted
+            }
+        }
+        if !deps.iter().any(|dep_id| compare(pkg_from_id(metadata, dep_id), permitted)) {
             tidy_error!(
                 bad,
                 "could not find allowed package `{permitted}`\n\
@@ -816,14 +827,23 @@ fn check_permitted_dependencies(
     }
 
     // Get in a convenient form.
-    let permitted_dependencies: HashSet<_> = permitted_dependencies.iter().cloned().collect();
+    let permitted_dependencies: HashMap<_, _> = permitted_dependencies.iter().map(|s| {
+        if let Some((name, version)) = s.split_once('@') {
+            (name, Version::parse(version).ok())
+        } else {
+            (*s, None)
+        }
+    }).collect();
 
     for dep in deps {
         let dep = pkg_from_id(metadata, dep);
         // If this path is in-tree, we don't require it to be explicitly permitted.
-        if dep.source.is_some() && !permitted_dependencies.contains(dep.name.as_str()) {
-            tidy_error!(bad, "Dependency for {descr} not explicitly permitted: {}", dep.id);
-            has_permitted_dep_error = true;
+        if dep.source.is_some() {
+            let permitted = permitted_dependencies.get(dep.name);
+            if permitted.is_none() || (let Some(permitted) = permitted && dep.version == permitted) {
+                tidy_error!(bad, "Dependency for {descr} not explicitly permitted: {}", dep.id);
+                has_permitted_dep_error = true;
+            }
         }
     }