Auto merge of rust-lang#134760 - jieyouxu:enable-branch-protection-check-IBT, r=<try>

Migrate `branch-protection-check-IBT` to rmake.rs

- The Makefile version *never* ran because of Makefile syntax confusion because `ifeq ($(filter x86,$(LLVM_COMPONENTS)),x86_64)` [compares `x86` to `x86_64`, which always evaluates to false](rust-lang#126720 (comment)).
- The test would've always failed because precompiled std is not built with `-Z cf-protection=branch`, but linkers require all input object files to indicate IBT support in order to enable IBT for the executable, which is not the case for std.
- Thus, the test input file is instead changed to a `no_std` program.

The GNU property note was added by rust-lang#110304 in order to address rust-lang#103001.

Partially supersedes rust-lang#129156.
The rmake.rs port was initially authored by `@Rejyr` in rust-lang#126720.
This PR is co-authored with `@Oneirical` and `@Rejyr.`

r? `@bjorn3` or reroll

try-job: x86_64-msvc
try-job: x86_64-apple-1
try-job: x86_64-apple-2

Author: bors

src/tools/tidy/src/allowed_run_make_makefiles.txt

@@ -1,4 +1,3 @@
-run-make/branch-protection-check-IBT/Makefile
 run-make/cat-and-grep-sanity-check/Makefile
 run-make/extern-fn-reachable/Makefile
 run-make/incr-add-rust-src-component/Makefile

tests/run-make/branch-protection-check-IBT/Makefile

@@ -1,3 +1,12 @@
-fn main() {
-    println!("hello world");
+#![no_std]
+#![no_main]
+
+#[panic_handler]
+fn panic(_info: &core::panic::PanicInfo) -> ! {
+    loop {}
+}
+
+#[no_mangle]
+pub extern "C" fn main(argc: i32, argv: *const *const u8) -> i32 {
+    0
 }

tests/run-make/branch-protection-check-IBT/_rmake.rs

@@ -0,0 +1,53 @@
+// ignore-tidy-linelength
+//! A basic smoke test to check for GNU Property Note to see that for `x86_64` targets when [`-Z
+//! cf-protection=branch`][intel-cet-tracking-issue] is requested, that the
+//!
+//! ```text
+//! NT_GNU_PROPERTY_TYPE_0 Properties: x86 feature: IBT
+//! ```
+//!
+//! Intel Indirect Branch Tracking (IBT) property is emitted. This was generated in
+//! <https://github.com/rust-lang/rust/pull/110304> in order to address
+//! <https://github.com/rust-lang/rust/issues/103001>.
+//!
+//! Note that the precompiled std currently is not compiled with `-Z cf-protection=branch`!
+//!
+//! In particular, it is expected that:
+//!
+//! > IBT to only be enabled for the process if `.note.gnu.property` indicates that the executable
+//! > was compiled with IBT support and the linker to only tell that IBT is supported if all input
+//! > object files indicate that they support IBT, which in turn requires the standard library to be
+//! > compiled with IBT enabled.
+//!
+//! Note that Intel IBT (Indirect Branch Tracking) is not to be confused with Arm's BTI (Branch
+//! Target Identification). See below for link to Intel IBT docs.
+//!
+//! ## Related links
+//!
+//! - [Tracking Issue for Intel Control Enforcement Technology (CET)][intel-cet-tracking-issue]
+//! - Zulip question about this test:
+//! <https://rust-lang.zulipchat.com/#narrow/channel/182449-t-compiler.2Fhelp/topic/.E2.9C.94.20Branch.20protection.20and.20.60.2Enote.2Egnu.2Eproperty.60>
+//! - Intel IBT docs:
+//!   <https://edc.intel.com/content/www/us/en/design/ipla/software-development-platforms/client/platforms/alder-lake-desktop/12th-generation-intel-core-processors-datasheet-volume-1-of-2/006/indirect-branch-tracking/>
+//!
+//! [intel-cet-tracking-issue]: https://github.com/rust-lang/rust/issues/93754
+
+// Only checks Intel IBT.
+//@ only-x86_64
+//@ needs-llvm-components: x86
+
+use run_make_support::{bare_rustc, llvm_readobj};
+
+fn main() {
+    // `main.rs` is `#![no_std]` to not pull in the currently not-compiled-with-IBT precompiled std.
+    bare_rustc()
+        .input("main.rs")
+        .target("x86_64-unknown-linux-gnu")
+        .panic("abort")
+        .arg("-Zcf-protection=branch")
+        .arg("-Clink-args=-nostartfiles")
+        .arg("-Csave-temps")
+        .run();
+
+    llvm_readobj().arg("-nW").input("main").run().assert_stdout_contains(".note.gnu.property");
+}