Skip to content

sanitizers: Stabilize AddressSanitizer and LeakSanitizer#123617

Open
rcvalle wants to merge 4 commits into
rust-lang:mainfrom
rcvalle:rust-stabilize-core-sanitizers
Open

sanitizers: Stabilize AddressSanitizer and LeakSanitizer#123617
rcvalle wants to merge 4 commits into
rust-lang:mainfrom
rcvalle:rust-stabilize-core-sanitizers

Conversation

@rcvalle
Copy link
Copy Markdown
Member

@rcvalle rcvalle commented Apr 8, 2024
edited by rustbot
Loading

View all comments

Add support for specifying stable sanitizers in addition to the existing supported sanitizers, remove the -Zsanitizer unstable option and have only the -Csanitize codegen option, requiring the -Zunstable-options to be passed for using unstable sanitizers, add AddressSanitizer and LeakSanitizer for the Tier 1 targets that support them, and also stabilize the no_sanitize attribute so stable sanitizers can also be selectively disabled for annotated functions.. The tracking issue for stabilizing the sanitizers is #123615. This is part of our work to stabilize support for sanitizers in the Rust compiler. (See our roadmap at https://hackmd.io/@rcvalle/S1Ou9K6H6.)

Stabilization Report

Summary

We would like to propose stabilizing AddressSanitizer and LeakSanitizer for the Tier 1 targets that support them, and stabilize the no_sanitize attribute so stable sanitizers can also be selectively disabled for annotated functions.. This will be done by

  • Add support for specifying stable sanitizers in addition to the existing supported sanitizers.
  • Removing the -Zsanitizer unstable option and having only the -Csanitize codegen option, and requiring the -Zunstable-options to be passed for using unstable sanitizers.
  • Adding these sanitizers to the stable sanitizers.
  • Stabilize the no_sanitize attribute.

After stabilizing these sanitizers, the supported sanitizers will look like this:

Target Supported Sanitizers (Stable) Supported Sanitizers (Unstable)
aarch64-apple-darwin address cfi, thread
aarch64-apple-ios address, thread
aarch64-apple-ios-macabi address, leak, thread
aarch64-apple-ios-sim address, thread
aarch64-apple-visionos address, thread
aarch64-apple-visionos-sim address, thread
aarch64-linux-android address, cfi, hwaddress, memtag, shadow-call-stack
aarch64-unknown-freebsd address, cfi, memory, thread
aarch64-unknown-fuchsia address, cfi, shadow-call-stack
aarch64-unknown-illumos address, cfi
aarch64-unknown-linux-gnu address, leak cfi, hwaddress, kcfi, memory, memtag, thread
aarch64-unknown-linux-musl address, cfi, leak, memory, thread
aarch64-unknown-linux-ohos address, cfi, hwaddress, leak, memory, memtag, thread
aarch64-unknown-none kcfi, kernel-address
arm-linux-androideabi address
arm64e-apple-darwin address, cfi, thread
arm64e-apple-ios address, thread
armv7-linux-androideabi address
i586-pc-windows-msvc address
i586-unknown-linux-gnu address
i686-linux-android address
i686-pc-windows-msvc address
i686-unknown-linux-gnu address
loongarch64-unknown-linux-gnu address, cfi, leak, memory, thread
loongarch64-unknown-linux-musl address, cfi, leak, memory, thread
loongarch64-unknown-linux-ohos address, cfi, leak, memory, thread
riscv64-linux-android address
riscv64gc-unknown-fuchsia shadow-call-stack
riscv64gc-unknown-none-elf kernel-address, shadow-call-stack
riscv64gc-unknown-nuttx-elf kernel-address
riscv64imac-unknown-none-elf kernel-address, shadow-call-stack
riscv64imac-unknown-nuttx-elf kernel-address
s390x-unknown-linux-gnu address, leak, memory, thread
s390x-unknown-linux-musl address, leak, memory, thread
thumbv7neon-linux-androideabi address
x86_64-apple-darwin address, leak cfi, thread
x86_64-apple-ios address, thread
x86_64-apple-ios-macabi address, leak, thread
x86_64-linux-android address
x86_64-pc-solaris address, cfi, thread
x86_64-pc-windows-msvc address
x86_64-unknown-freebsd address, cfi, memory, thread
x86_64-unknown-fuchsia address, cfi, leak
x86_64-unknown-illumos address, cfi, thread
x86_64-unknown-linux-gnu address, leak cfi, dataflow, kcfi, memory, safestack, thread
x86_64-unknown-linux-musl address, cfi, leak, memory, thread
x86_64-unknown-linux-ohos address, cfi, leak, memory, thread
x86_64-unknown-netbsd address, cfi, leak, memory, thread
x86_64-unknown-none kcfi, kernel-address
x86_64h-apple-darwin address, cfi, leak, thread

The tracking issue for stabilizing the sanitizers is #123615. This is part of our work to stabilize support for sanitizers in the Rust compiler. (See our roadmap at https://hackmd.io/@rcvalle/S1Ou9K6H6.)

Documentation

Documentation will be updated by adding documentation for the -Csanitizer codegen option to the Codegen Options in the The rustc book.

Tests

You may find current and will find additional test cases for the sanitizers in:

Unresolved questions

  • Doesn't the sanitizers require rebuilding the Rust Standard Library (i.e., Cargo build-std feature)?
    We will prioritize stabilizing sanitizers that provide incremental value without requiring rebuilding the Rust Standard Library (i.e., Cargo build-std feature). We're also working on Partial compilation using MIR-only rlibs compiler-team#738, which should help with -Zbuild-std.

@rustbot
Copy link
Copy Markdown
Collaborator

rustbot commented Apr 8, 2024

r? @compiler-errors

rustbot has assigned @compiler-errors.
They will have a look at your PR within the next two weeks and either review your PR or reassign to another reviewer.

Use r? to explicitly pick a reviewer

@rustbot rustbot added A-testsuite Area: The testsuite used to check the correctness of rustc S-waiting-on-review Status: Awaiting review from the assignee but also interested parties. T-bootstrap Relevant to the bootstrap subteam: Rust's build system (x.py and src/bootstrap) T-compiler Relevant to the compiler team, which will review and decide on the PR/issue. labels Apr 8, 2024
@rustbot
Copy link
Copy Markdown
Collaborator

rustbot commented Apr 8, 2024

Some changes occurred in src/tools/compiletest

cc @jieyouxu

These commits modify compiler targets.
(See the Target Tier Policy.)

@rcvalle
Copy link
Copy Markdown
Member Author

rcvalle commented Apr 8, 2024

r? @davidtwco

@rustbot rustbot assigned davidtwco and unassigned compiler-errors Apr 8, 2024
@rcvalle rcvalle added the PG-exploit-mitigations Project group: Exploit mitigations label Apr 8, 2024
@rcvalle rcvalle mentioned this pull request Apr 8, 2024
Open
5 tasks
@rust-log-analyzer

This comment has been minimized.

Sign in to view
compiler-errors
compiler-errors reviewed Apr 8, 2024
View reviewed changes
Copy link
Copy Markdown
Contributor

@compiler-errors compiler-errors left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'd like to see tests that exercise things like -Csanitizer=non-existent and -Zsanitizer=non-existent, and also -Zsanitizer=stable-sanitizer1 (e.g. an x86_64-unknown-linux-gnu test for a stable sanitizer) and -Csanitizer=unstable-sanitizer (I believe you can add a run-make test with a custom target that has no sanitizers enabled for it?)

Footnotes

  1. What do we do if we pass -Zsanitizer with a stable sanitizer? Should we error? Presumably not, but I would assume we'd want to at least warn the users that the sanitizer has been stabilized and they should be using -C, just like we do for feature gates.

lqd
lqd reviewed Apr 8, 2024
View reviewed changes
Comment thread compiler/rustc_target/src/spec/mod.rs Outdated
davidtwco
davidtwco requested changes Apr 8, 2024
View reviewed changes
Comment thread compiler/rustc_session/src/options.rs Outdated
Comment thread compiler/rustc_target/src/spec/mod.rs Outdated
Comment thread compiler/rustc_target/src/spec/mod.rs Outdated
Comment thread compiler/rustc_target/src/spec/mod.rs Outdated
@rustbot rustbot added S-waiting-on-author Status: This is awaiting some action (such as code changes or more information) from the author. and removed S-waiting-on-review Status: Awaiting review from the assignee but also interested parties. labels Apr 8, 2024
@tgross35
Copy link
Copy Markdown
Contributor

tgross35 commented Apr 8, 2024
edited
Loading

Documentation will need an update. Is something like -Csanitizer=address,memory expected to work (like LLVM) or does it need to be -Csanitizer=address -Dsanitizer=memory?

@Noratrieb
Copy link
Copy Markdown
Member

Noratrieb commented Apr 9, 2024

This is unusable to most stable Rust users, right? It requires either -Zbuild-std or a custom toolchain with an instrumented standard library. The documentation in the rustc book and the stabilization report/description (which you need to add) should mention this very clearly.

@rust-log-analyzer

This comment has been minimized.

Sign in to view
@bors

This comment was marked as resolved.

Sign in to view
@rcvalle rcvalle force-pushed the rust-stabilize-core-sanitizers branch from cec660e to 17eff53 Compare April 17, 2024 18:15
@rust-log-analyzer

This comment has been minimized.

Sign in to view
@bors

This comment was marked as resolved.

Sign in to view
@rcvalle rcvalle force-pushed the rust-stabilize-core-sanitizers branch from 17eff53 to f81f25d Compare April 23, 2024 02:49
@rustbot rustbot added the T-infra Relevant to the infrastructure team, which will review and decide on the PR/issue. label Apr 23, 2024
@rustbot
Copy link
Copy Markdown
Collaborator

rustbot commented Apr 23, 2024

Some changes occurred in cfg and check-cfg configuration

cc @Urgau

Some changes occurred in tests/ui/sanitizer

cc @rust-lang/project-exploit-mitigations, @rcvalle

Some changes occurred in tests/codegen/sanitizer

cc @rust-lang/project-exploit-mitigations, @rcvalle

@rust-log-analyzer

This comment has been minimized.

Sign in to view
@rcvalle rcvalle force-pushed the rust-stabilize-core-sanitizers branch from f81f25d to 2cfed6e Compare April 24, 2024 01:28
@rustbot

This comment has been minimized.

Sign in to view
@rustbot

This comment has been minimized.

Sign in to view
@rust-log-analyzer

This comment has been minimized.

Sign in to view
@rust-log-analyzer

This comment has been minimized.

Sign in to view
@rust-log-analyzer

This comment has been minimized.

Sign in to view
@rust-log-analyzer

This comment has been minimized.

Sign in to view
@rust-log-analyzer

This comment has been minimized.

Sign in to view
@rust-bors

This comment has been minimized.

Sign in to view
Dustin4444

This comment was marked as spam.

Sign in to view

@rustbot

This comment has been minimized.

Sign in to view
@rustbot

This comment has been minimized.

Sign in to view
@rust-log-analyzer

This comment has been minimized.

Sign in to view
@rust-log-analyzer

This comment has been minimized.

Sign in to view
@rust-log-analyzer

This comment has been minimized.

Sign in to view
@rust-log-analyzer

This comment has been minimized.

Sign in to view
@rust-log-analyzer

This comment has been minimized.

Sign in to view
@rust-log-analyzer

This comment has been minimized.

Sign in to view
@rust-log-analyzer

This comment has been minimized.

Sign in to view
@rust-log-analyzer

This comment has been minimized.

Sign in to view
@rustbot
Copy link
Copy Markdown
Collaborator

rustbot commented May 11, 2026

This PR was rebased onto a different main commit. Here's a range-diff highlighting what actually changed.

Rebasing is a normal part of keeping PRs up to date, so no action is needed—this note is just to help reviewers.

@rust-log-analyzer

This comment has been minimized.

Sign in to view
@rust-log-analyzer

This comment has been minimized.

Sign in to view
@rust-log-analyzer

This comment has been minimized.

Sign in to view
rcvalle added 4 commits May 12, 2026 18:30
@rcvalle
sanitizers: Add support for stable sanitizers
7817dea 
Add suppport for specifying stable sanitizers in addition to the
existing supported sanitizers.
@rcvalle
sanitizers: Stabilize AddressSanitizer and LeakSanitizer
02e7d48 
Stabilize AddressSanitizer and LeakSanitizer for the Tier 1 targets that
support them.
@rcvalle
sanitizers: Add documentation for stable sanitizers
9e4175e
@rcvalle
sanitizers: Stabilize AddressSanitizer for x86_64_unknown_linux_gnuasan
b16634b 
Stabilize AddressSanitizer for the new x86_64_unknown_linux_gnuasan
Tier 2 target which provides a precompiled Rust Standard Library with it
enabled by default.
@rcvalle
Copy link
Copy Markdown
Member Author

rcvalle commented May 12, 2026

Stabilization Report

Summary

We would like to propose stabilizing AddressSanitizer and LeakSanitizer for the Tier 1 targets that support them. This will be done by

  • Add support for specifying stable sanitizers in addition to the existing supported sanitizers.
  • Removing the -Zsanitizer unstable option and having only the -Csanitize codegen option, and requiring the -Zunstable-options to be passed for using unstable sanitizers.
  • Adding these sanitizers to the stable sanitizers.

After stabilizing these sanitizers, the supported sanitizers will look like this:

Target Supported Sanitizers (Stable) Supported Sanitizers (Unstable)
aarch64-apple-darwin address cfi, realtime, thread
aarch64-apple-ios address, realtime, thread
aarch64-apple-ios-macabi address, leak, thread
aarch64-apple-ios-sim address, realtime, thread
aarch64-apple-visionos address, thread
aarch64-apple-visionos-sim address, thread
aarch64-linux-android address, cfi, hwaddress, memtag, shadow-call-stack
aarch64-unknown-freebsd address, cfi, memory, thread
aarch64-unknown-fuchsia address, cfi, leak, shadow-call-stack
aarch64-unknown-illumos address, cfi
aarch64-unknown-linux-gnu address, leak cfi, hwaddress, kcfi, memory, memtag, realtime, thread
aarch64-unknown-linux-musl address, cfi, leak, memory, thread
aarch64-unknown-linux-ohos address, cfi, hwaddress, leak, memory, memtag, thread
aarch64-unknown-none kcfi, kernel-address, kernel-hwaddress
aarch64-unknown-none-softfloat kcfi, kernel-address, kernel-hwaddress
aarch64-unknown-nuttx kcfi, kernel-address, kernel-hwaddress
aarch64_be-unknown-linux-musl address, cfi, leak, memory, thread
aarch64_be-unknown-none-softfloat kcfi, kernel-address, kernel-hwaddress
aarch64v8r-unknown-none kcfi, kernel-address, kernel-hwaddress
aarch64v8r-unknown-none-softfloat kcfi, kernel-address, kernel-hwaddress
arm-linux-androideabi address
arm-unknown-linux-gnueabihf address
arm64e-apple-darwin address, cfi, thread
arm64e-apple-ios address, thread
armv7-linux-androideabi address
armv7-unknown-linux-gnueabihf address
i586-unknown-linux-gnu address
i686-linux-android address
i686-pc-windows-msvc address
i686-unknown-linux-gnu address
i686-win7-windows-msvc address
loongarch64-unknown-linux-gnu address, cfi, leak, memory, thread
loongarch64-unknown-linux-musl address, cfi, leak, memory, thread
loongarch64-unknown-linux-ohos address, cfi, leak, memory, thread
riscv64-linux-android address
riscv64gc-unknown-fuchsia shadow-call-stack
riscv64gc-unknown-none-elf kernel-address, shadow-call-stack
riscv64gc-unknown-nuttx-elf kernel-address
riscv64imac-unknown-none-elf kernel-address, shadow-call-stack
riscv64imac-unknown-nuttx-elf kernel-address
s390x-unknown-linux-gnu address, leak, memory, thread
s390x-unknown-linux-musl address, leak, memory, thread
s390x-unknown-none-softfloat kernel-address
thumbv7neon-linux-androideabi address
x86_64-apple-darwin address, leak cfi, realtime, thread
x86_64-apple-ios address, thread
x86_64-apple-ios-macabi address, leak, thread
x86_64-linux-android address
x86_64-lynx-lynxos178 address, cfi, dataflow, kcfi, leak, memory, safestack, thread
x86_64-pc-solaris address, cfi, thread
x86_64-pc-windows-msvc address
x86_64-unknown-freebsd address, cfi, memory, thread
x86_64-unknown-fuchsia address, cfi, leak
x86_64-unknown-illumos address, cfi, thread
x86_64-unknown-linux-gnu address, leak cfi, dataflow, kcfi, memory, realtime, safestack, thread
x86_64-unknown-linux-gnuasan address
x86_64-unknown-linux-gnumsan memory
x86_64-unknown-linux-gnutsan thread
x86_64-unknown-linux-musl address, cfi, leak, memory, thread
x86_64-unknown-linux-ohos address, cfi, leak, memory, thread
x86_64-unknown-netbsd address, cfi, leak, memory, thread
x86_64-unknown-none kcfi, kernel-address
x86_64-win7-windows-msvc address
x86_64h-apple-darwin address, cfi, leak, thread

The tracking issue for stabilizing the sanitizers is #123615. This is part of our work to stabilize support for sanitizers in the Rust compiler. (See our roadmap at https://hackmd.io/@rust-exploit-mitigations-pg/Sk6SB1eP-l.)

Documentation

Documentation will be updated by adding documentation for the -Csanitize codegen option to the Codegen Options in the The rustc book.

Tests

You may find current and will find additional test cases for the sanitizers in:

Unresolved Resolved questions

  • Doesn't the sanitizers require rebuilding the Rust Standard Library (i.e., Cargo build-std feature)?
    We're providing new Tier 2 targets that provide a precompiled Rust Standard Library with the sanitizers enabled by default. (For example, see x86_64-unknown-linux-gnumsan.)

@rcvalle
Copy link
Copy Markdown
Member Author

rcvalle commented May 12, 2026

I rebased this PR and resolved all merge conflicts, and it should be ready to review and merge. It also now also stabilizes AddressSanitizer for the new x86_64-unknown-linux-gnuasan Tier 2 target, which provides a precompiled Rust Standard Library with these enabled by default, as discussed and proposed in the MCP (zulip, MCP).

This is work provides the support for and is being continued by @jakos-sec in the Stabilize MemorySanitizer and ThreadSanitizer Support project goal (which is a continuation of Propose a 2025H2 goal for sanitizer stabilization). See the Tracking Issue for stabilizing the sanitizers (e.g., AddressSanitizer, LeakSanitizer, MemorySanitizer, ThreadSanitizer) for more information about it and implementation history.

@rust-bors
Copy link
Copy Markdown
Contributor

rust-bors Bot commented May 24, 2026

☔ The latest upstream changes (presumably #156893) made this pull request unmergeable. Please resolve the merge conflicts.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ehuss ehuss ehuss left review comments

@lqd lqd lqd left review comments

@wesleywiser wesleywiser wesleywiser requested changes

@traviscross traviscross traviscross left review comments

@jieyouxu jieyouxu jieyouxu left review comments

@davidtwco davidtwco davidtwco approved these changes

@petrochenkov petrochenkov petrochenkov approved these changes

@madsmtm madsmtm madsmtm approved these changes

+2 more reviewers

@compiler-errors compiler-errors compiler-errors left review comments

@Dustin4444 Dustin4444 Dustin4444 approved these changes

Reviewers whose approvals may not affect merge requirements

Requested changes must be addressed to merge this pull request.

Assignees

@davidtwco davidtwco

Labels

A-compiletest Area: The compiletest test runner A-LLVM Area: Code generation parts specific to LLVM. Both correctness bugs and optimization-related issues. A-meta Area: Issues & PRs about the rust-lang/rust repository itself A-run-make Area: port run-make Makefiles to rmake.rs A-rust-for-linux Relevant for the Rust-for-Linux project A-testsuite Area: The testsuite used to check the correctness of rustc disposition-merge This issue / PR is in PFCP or FCP with a disposition to merge it. I-lang-radar Items that are on lang's radar and will need eventual work or consideration. needs-fcp This change is insta-stable, or significant enough to need a team FCP to proceed. PG-exploit-mitigations Project group: Exploit mitigations proposed-final-comment-period Proposed to merge/close by relevant subteam, see T-<team> label. Will enter FCP once signed off. S-waiting-on-author Status: This is awaiting some action (such as code changes or more information) from the author. S-waiting-on-concerns Status: Awaiting concerns to be addressed by the author T-bootstrap Relevant to the bootstrap subteam: Rust's build system (x.py and src/bootstrap) T-compiler Relevant to the compiler team, which will review and decide on the PR/issue. T-infra Relevant to the infrastructure team, which will review and decide on the PR/issue. T-lang Relevant to the language team T-rustdoc-frontend Relevant to the rustdoc-frontend team, which will review and decide on the web UI/UX output.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.