mikros/rust
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Separate testing and production sanitizers

Browse Source
This commit is contained in:
Oli Iliffe 2024-02-16 18:07:44 +00:00 committed by Eric Huss
parent d2e8ecd8bd
commit 3e5ad4285c
1 changed files with 29 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
src/doc/unstable-book/src/compiler-flags/sanitizer.md
View File

@ -1,5 +1,14 @@
# `sanitizer` # `sanitizer`
Sanitizers are tools that help detect and prevent various types of bugs and
vulnerabilities in software. They are available in compilers and work by
instrumenting the code to add additional runtime checks. While they provide
powerful tools for identifying bugs or security issues, it's important to note
that using sanitizers can introduce runtime overhead and might not catch all
possible issues. Therefore, they are typically used alongside other best
practices in software development, such as testing and fuzzing, to ensure the
highest level of software quality and security.
The tracking issues for this feature are: The tracking issues for this feature are:
* [#39699](https://github.com/rust-lang/rust/issues/39699). * [#39699](https://github.com/rust-lang/rust/issues/39699).
@ -9,21 +18,26 @@ The tracking issues for this feature are:
This feature allows for use of one of following sanitizers: This feature allows for use of one of following sanitizers:
* [AddressSanitizer](#addresssanitizer) a fast memory error detector. * Those intended for testing or fuzzing (but not production use):
* [ControlFlowIntegrity](#controlflowintegrity) LLVM Control Flow Integrity (CFI) provides * [AddressSanitizer](#addresssanitizer) a fast memory error detector.
forward-edge control flow protection. * [HWAddressSanitizer](#hwaddresssanitizer) a memory error detector similar to
* [HWAddressSanitizer](#hwaddresssanitizer) a memory error detector similar to
AddressSanitizer, but based on partial hardware assistance. AddressSanitizer, but based on partial hardware assistance.
* [KernelControlFlowIntegrity](#kernelcontrolflowintegrity) LLVM Kernel Control * [LeakSanitizer](#leaksanitizer) a run-time memory leak detector.
Flow Integrity (KCFI) provides forward-edge control flow protection for * [MemorySanitizer](#memorysanitizer) a detector of uninitialized reads.
operating systems kernels. * [ThreadSanitizer](#threadsanitizer) a fast data race detector.
* [LeakSanitizer](#leaksanitizer) a run-time memory leak detector.
* [MemorySanitizer](#memorysanitizer) a detector of uninitialized reads. * Those that apart from testing, may be used in production:
* [MemTagSanitizer](#memtagsanitizer) fast memory error detector based on * [ControlFlowIntegrity](#controlflowintegrity) LLVM Control Flow Integrity
(CFI) provides forward-edge control flow protection.
* [KernelControlFlowIntegrity](#kernelcontrolflowintegrity) LLVM Kernel
Control Flow Integrity (KCFI) provides forward-edge control flow protection
for operating systems kernels.
* [MemTagSanitizer](#memtagsanitizer) fast memory error detector based on
Armv8.5-A Memory Tagging Extension. Armv8.5-A Memory Tagging Extension.
* [SafeStack](#safestack) provides backward-edge control flow protection by separating the stack into safe and unsafe regions. * [SafeStack](#safestack) provides backward-edge control flow protection by
* [ShadowCallStack](#shadowcallstack) provides backward-edge control flow protection (aarch64 only). separating the stack into safe and unsafe regions.
* [ThreadSanitizer](#threadsanitizer) a fast data race detector. * [ShadowCallStack](#shadowcallstack) provides backward-edge control flow
protection (aarch64 only).
To enable a sanitizer compile with `-Zsanitizer=address`,`-Zsanitizer=cfi`, To enable a sanitizer compile with `-Zsanitizer=address`,`-Zsanitizer=cfi`,
`-Zsanitizer=hwaddress`, `-Zsanitizer=leak`, `-Zsanitizer=memory`, `-Zsanitizer=hwaddress`, `-Zsanitizer=leak`, `-Zsanitizer=memory`,