-
Notifications
You must be signed in to change notification settings - Fork 12.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Implement address sanitizer (ASAN) support #19504
Comments
See comments in #749, too. |
I've had ASAN mostly working a while ago. I can make it work again, if this is considered an important feature... Personally, I am not convinced that this is worth doing just for unsafe blocks. |
At this point, I expect the biggest stumbling block to be integration with Rust memory allocator:
It seems to me that unless we want to ship a special "debug" version of liballoc, we are going to have to make these switches at runtime, which is going to cost us at least one extra branch on each operation. cc @thestinger |
I'm pulling a massive triage effort to get us ready for 1.0. As part of this, I'm moving stuff that's wishlist-like to the RFCs repo, as that's where major new things should get discussed/prioritized. This issue has been moved to the RFCs repo: rust-lang/rfcs#670 |
Backstory: being Valgrind-clean is a blocker for 1.0 (#13217). But Valgrind gives us tons of false positives (#5856) because of a specific tactic used by LLVM to generate optimized code (http://llvm.org/bugs/show_bug.cgi?id=12319). Neither LLVM nor Valgrind are incorrect here, so this is unlikely to ever be resolved (#5856 (comment)). And the overall volume of false positives is so great that we often succumb to just turning off Valgrind entirely to get any work done (#13217 (comment)).
There is an alternative: ASAN, which is integrated into LLVM and designed to produce no false positives in addition to being relatively low on runtime overhead (https://address-sanitizer.googlecode.com/files/address_sanity_checker.pdf). It is sponsored by Google and used in Chromium to great effect. But adding support is nontrivial:
#749 (comment)
Not only would ASAN support be a tremendous task, it would also ideally never generate any hits for Rust code. However,
unsafe
code exists, and developers can (and will (and have (we just don't know it yet))) get it wrong. More lines of defense are always valuable.If you're looking for a very challenging and long-term but (IMO) very important Rust-related project to test your skills, this is the project for you.
The text was updated successfully, but these errors were encountered: