-
Notifications
You must be signed in to change notification settings - Fork 12.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Stabilize -Z sanitize #47174
Comments
Sorry this has been neglected -- let's try to flag a team: |
@Firstyear you make a strong case for stable sanitizers. However, I don't really feel comfortable stabilizing
I think that considering stabilization is premature. What I would like best is if we could write-up an RFC describing how the feature works, what the edge cases are, and if there are any open design questions to be addressed. Then we can decide whether to accept the RFC -- once accepted, we can decide whether to stabilize. If the RFC that gets accepted matches what exists in tree, that second decision could presumably go quite quickly! Another important consideration is maintenance. I don't know that anyone who is currently active in the Rust compiler understands how the existing sanitizer support works. More documentation and a knowledge of who to ping would be great. =) cc @japaric @rust-lang/dev-tools -- this seems to lie at the intersection of the two teams |
I'd like to see at least Windows support for ASan before calling for stabilization. |
It looks like asan is now properly supported in windows: Would now be the time to consider stabilizing address sanitization? |
There is documentation of the current sanitizer support here: https://doc.rust-lang.org/beta/unstable-book/compiler-flags/sanitizer.html Based on a quick read, I feel pretty positive about the current status of sanitizers. The user workflow seems fairly reasonable. One caveat is that I think this support should be integrated into cargo, but stabilizing the rustc flags would allow that to happen in the ecosystem as a first step. There are some questions though that arise in my mind:
|
I'll also add that I believe the current sanitizer interface is pretty closely tied to LLVM's sanitizers. Other codegen backends may not have the same naming conventions, at least, so it may be worth considering whether we want some abstraction atop the raw names (or at least choose them a little carefully). It also looks like there is some amount of configuration, both at runtime and compile time, for sanitizers. Just based on our documentation, I see a mention of |
I think making names "more generic" is a good idea, but I also think that I wouldn't want to let perfect be enemy of the good. It seems "ok" to me to ship support for LLVM-based sanitizers, and for them not to work if people opt to use different backends. |
I agree with @nikomatsakis here, that it's probably best to just ship this "as is" for LLVM, as other backends may or may not have sanitisers available in the same way. Over time those backends would have to increase their support for various features, and sanitisers could be one of them. So my input would be to aim for stabilising this with LLVM as the codegen, and disable it when using a non-llvm codegen. |
I would just like to second this point from Niko. I think before we stabilize, we need to have a plan for how the sanitizers fit into the broader Rust ecosystem:
|
This should also consider downstream builds, like Linux distributions that build rustc with their system LLVM. For example, Fedora does build the sanitizers in its |
I don't see sanitizer support to be all that different from other already stable codegen-backend specific flags (e.g.
Sanitizers should be stabilized on a per-sanitizer basis. See e.g. #89652. |
Has there been any movement on this since 2021? What are the current blockers to stabilization? |
Hi,
I would really like to see -Z sanitize options available in stable rust.
Today they are available in nightly. I have used them for 6 months in the 389 Directory Server project in a production ldap environment as part of the code IO event path. I have exercise the leak and address sanitize options extensively, used them to find many FFI safety issues, and tested multiple build types (exec, dylib, more).
The sanitizer support is very important for FFI assertions during development where a code base uses Rust and C in some form. It allows strict analysis of behaviour, and finding where items are not droped for example.
An important reason for inclusion in stable is distributions. As a project, we often have the requirement to build debug builds with the compiler that ships in a distribution to reproduce problems. That means rustc stable that ships in products like fedora or RHEL.
If -Z sanitize isn't in stable, we can't achieve this - and this adds a barrier to adoption. It adds a hurdle to our community inclusiveness as potential developers have more complex steps to follow to create a dev environment. I want to say "dnf install -y cargo rustc ..." and someone should be able to work.
Many people have put a lot of time into sanitizer support, and today it's locked behind nightly. :(
I would love to see this in stable as it brings great run-time analysis features to rust especially for FFI use cases, and having paths to stabilise debugging options into stable rustc will strongly aid adoptions of rust in distributions of linux. It's an advertised feature of the language on email lists, so to have this accessible to anyone would be a huge benefit.
I'm happy to do the coding to enable this, as well as documentation and examples, but I need some help and guidance to achieve this,
Thanks,
See also:
rust-lang/rfcs#670
#42711
https://users.rust-lang.org/t/howto-sanitize-your-rust-code/9378
The text was updated successfully, but these errors were encountered: