Skip to content

sanitizers: Stabilize AddressSanitizer and LeakSanitizer#123617

Open
rcvalle wants to merge 4 commits into
rust-lang:mainfrom
rcvalle:rust-stabilize-core-sanitizers
Open

sanitizers: Stabilize AddressSanitizer and LeakSanitizer#123617
rcvalle wants to merge 4 commits into
rust-lang:mainfrom
rcvalle:rust-stabilize-core-sanitizers

Conversation

@rcvalle
Copy link
Copy Markdown
Member

@rcvalle rcvalle commented Apr 8, 2024
edited by rustbot
Loading

View all comments

Add support for specifying stable sanitizers in addition to the existing supported sanitizers, remove the -Zsanitizer unstable option and have only the -Csanitize codegen option, requiring the -Zunstable-options to be passed for using unstable sanitizers, add AddressSanitizer and LeakSanitizer for the Tier 1 targets that support them, and also stabilize the no_sanitize attribute so stable sanitizers can also be selectively disabled for annotated functions.. The tracking issue for stabilizing the sanitizers is #123615. This is part of our work to stabilize support for sanitizers in the Rust compiler. (See our roadmap at https://hackmd.io/@rcvalle/S1Ou9K6H6.)

Stabilization Report

Summary

We would like to propose stabilizing AddressSanitizer and LeakSanitizer for the Tier 1 targets that support them, and stabilize the no_sanitize attribute so stable sanitizers can also be selectively disabled for annotated functions.. This will be done by

  • Add support for specifying stable sanitizers in addition to the existing supported sanitizers.
  • Removing the -Zsanitizer unstable option and having only the -Csanitize codegen option, and requiring the -Zunstable-options to be passed for using unstable sanitizers.
  • Adding these sanitizers to the stable sanitizers.
  • Stabilize the no_sanitize attribute.

After stabilizing these sanitizers, the supported sanitizers will look like this:

Target Supported Sanitizers (Stable) Supported Sanitizers (Unstable)
aarch64-apple-darwin address cfi, thread
aarch64-apple-ios address, thread
aarch64-apple-ios-macabi address, leak, thread
aarch64-apple-ios-sim address, thread
aarch64-apple-visionos address, thread
aarch64-apple-visionos-sim address, thread
aarch64-linux-android address, cfi, hwaddress, memtag, shadow-call-stack
aarch64-unknown-freebsd address, cfi, memory, thread
aarch64-unknown-fuchsia address, cfi, shadow-call-stack
aarch64-unknown-illumos address, cfi
aarch64-unknown-linux-gnu address, leak cfi, hwaddress, kcfi, memory, memtag, thread
aarch64-unknown-linux-musl address, cfi, leak, memory, thread
aarch64-unknown-linux-ohos address, cfi, hwaddress, leak, memory, memtag, thread
aarch64-unknown-none kcfi, kernel-address
arm-linux-androideabi address
arm64e-apple-darwin address, cfi, thread
arm64e-apple-ios address, thread
armv7-linux-androideabi address
i586-pc-windows-msvc address
i586-unknown-linux-gnu address
i686-linux-android address
i686-pc-windows-msvc address
i686-unknown-linux-gnu address
loongarch64-unknown-linux-gnu address, cfi, leak, memory, thread
loongarch64-unknown-linux-musl address, cfi, leak, memory, thread
loongarch64-unknown-linux-ohos address, cfi, leak, memory, thread
riscv64-linux-android address
riscv64gc-unknown-fuchsia shadow-call-stack
riscv64gc-unknown-none-elf kernel-address, shadow-call-stack
riscv64gc-unknown-nuttx-elf kernel-address
riscv64imac-unknown-none-elf kernel-address, shadow-call-stack
riscv64imac-unknown-nuttx-elf kernel-address
s390x-unknown-linux-gnu address, leak, memory, thread
s390x-unknown-linux-musl address, leak, memory, thread
thumbv7neon-linux-androideabi address
x86_64-apple-darwin address, leak cfi, thread
x86_64-apple-ios address, thread
x86_64-apple-ios-macabi address, leak, thread
x86_64-linux-android address
x86_64-pc-solaris address, cfi, thread
x86_64-pc-windows-msvc address
x86_64-unknown-freebsd address, cfi, memory, thread
x86_64-unknown-fuchsia address, cfi, leak
x86_64-unknown-illumos address, cfi, thread
x86_64-unknown-linux-gnu address, leak cfi, dataflow, kcfi, memory, safestack, thread
x86_64-unknown-linux-musl address, cfi, leak, memory, thread
x86_64-unknown-linux-ohos address, cfi, leak, memory, thread
x86_64-unknown-netbsd address, cfi, leak, memory, thread
x86_64-unknown-none kcfi, kernel-address
x86_64h-apple-darwin address, cfi, leak, thread

The tracking issue for stabilizing the sanitizers is #123615. This is part of our work to stabilize support for sanitizers in the Rust compiler. (See our roadmap at https://hackmd.io/@rcvalle/S1Ou9K6H6.)

Documentation

Documentation will be updated by adding documentation for the -Csanitizer codegen option to the Codegen Options in the The rustc book.

Tests

You may find current and will find additional test cases for the sanitizers in:

Unresolved questions

  • Doesn't the sanitizers require rebuilding the Rust Standard Library (i.e., Cargo build-std feature)?
    We will prioritize stabilizing sanitizers that provide incremental value without requiring rebuilding the Rust Standard Library (i.e., Cargo build-std feature). We're also working on Partial compilation using MIR-only rlibs compiler-team#738, which should help with -Zbuild-std.

@rustbot
Copy link
Copy Markdown
Collaborator

rustbot commented Apr 8, 2024

r? @compiler-errors

rustbot has assigned @compiler-errors.
They will have a look at your PR within the next two weeks and either review your PR or reassign to another reviewer.

Use r? to explicitly pick a reviewer

@rustbot rustbot added A-testsuite Area: The testsuite used to check the correctness of rustc S-waiting-on-review Status: Awaiting review from the assignee but also interested parties. T-bootstrap Relevant to the bootstrap subteam: Rust's build system (x.py and src/bootstrap) T-compiler Relevant to the compiler team, which will review and decide on the PR/issue. labels Apr 8, 2024
@rustbot
Copy link
Copy Markdown
Collaborator

rustbot commented Apr 8, 2024

Some changes occurred in src/tools/compiletest

cc @jieyouxu

These commits modify compiler targets.
(See the Target Tier Policy.)

@rcvalle
Copy link
Copy Markdown
Member Author

rcvalle commented Apr 8, 2024

r? @davidtwco

@rustbot rustbot assigned davidtwco and unassigned compiler-errors Apr 8, 2024
@rcvalle rcvalle added the PG-exploit-mitigations Project group: Exploit mitigations label Apr 8, 2024
@rcvalle rcvalle mentioned this pull request Apr 8, 2024
Open
5 tasks
@rust-log-analyzer

This comment has been minimized.

Sign in to view
compiler-errors
compiler-errors reviewed Apr 8, 2024
View reviewed changes
Copy link
Copy Markdown
Contributor

@compiler-errors compiler-errors left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'd like to see tests that exercise things like -Csanitizer=non-existent and -Zsanitizer=non-existent, and also -Zsanitizer=stable-sanitizer1 (e.g. an x86_64-unknown-linux-gnu test for a stable sanitizer) and -Csanitizer=unstable-sanitizer (I believe you can add a run-make test with a custom target that has no sanitizers enabled for it?)

Footnotes

  1. What do we do if we pass -Zsanitizer with a stable sanitizer? Should we error? Presumably not, but I would assume we'd want to at least warn the users that the sanitizer has been stabilized and they should be using -C, just like we do for feature gates.

lqd
lqd reviewed Apr 8, 2024
View reviewed changes
Comment thread compiler/rustc_target/src/spec/mod.rs Outdated
davidtwco
davidtwco requested changes Apr 8, 2024
View reviewed changes
Comment thread compiler/rustc_session/src/options.rs Outdated
Comment thread compiler/rustc_target/src/spec/mod.rs Outdated
Comment thread compiler/rustc_target/src/spec/mod.rs Outdated
Comment thread compiler/rustc_target/src/spec/mod.rs Outdated
@rustbot rustbot added S-waiting-on-author Status: This is awaiting some action (such as code changes or more information) from the author. and removed S-waiting-on-review Status: Awaiting review from the assignee but also interested parties. labels Apr 8, 2024
@tgross35
Copy link
Copy Markdown
Contributor

tgross35 commented Apr 8, 2024
edited
Loading

Documentation will need an update. Is something like -Csanitizer=address,memory expected to work (like LLVM) or does it need to be -Csanitizer=address -Dsanitizer=memory?

@Noratrieb
Copy link
Copy Markdown
Member

Noratrieb commented Apr 9, 2024

This is unusable to most stable Rust users, right? It requires either -Zbuild-std or a custom toolchain with an instrumented standard library. The documentation in the rustc book and the stabilization report/description (which you need to add) should mention this very clearly.

@rust-log-analyzer

This comment has been minimized.

Sign in to view
@bors

This comment was marked as resolved.

Sign in to view
@rcvalle rcvalle force-pushed the rust-stabilize-core-sanitizers branch from cec660e to 17eff53 Compare April 17, 2024 18:15
@rust-log-analyzer

This comment has been minimized.

Sign in to view
@bors

This comment was marked as resolved.

Sign in to view
@rcvalle rcvalle force-pushed the rust-stabilize-core-sanitizers branch from 17eff53 to f81f25d Compare April 23, 2024 02:49
@rustbot rustbot added the T-infra Relevant to the infrastructure team, which will review and decide on the PR/issue. label Apr 23, 2024
@rustbot
Copy link
Copy Markdown
Collaborator

rustbot commented Apr 23, 2024

Some changes occurred in cfg and check-cfg configuration

cc @Urgau

Some changes occurred in tests/ui/sanitizer

cc @rust-lang/project-exploit-mitigations, @rcvalle

Some changes occurred in tests/codegen/sanitizer

cc @rust-lang/project-exploit-mitigations, @rcvalle

@rust-log-analyzer

This comment has been minimized.

Sign in to view
@rcvalle rcvalle force-pushed the rust-stabilize-core-sanitizers branch from f81f25d to 2cfed6e Compare April 24, 2024 01:28
@rustbot

This comment has been minimized.

Sign in to view
@rustbot

This comment has been minimized.

Sign in to view
@rustbot

This comment has been minimized.

Sign in to view
@rust-log-analyzer

This comment has been minimized.

Sign in to view
@rust-log-analyzer

This comment has been minimized.

Sign in to view
@rust-log-analyzer

This comment has been minimized.

Sign in to view
@rust-log-analyzer

This comment has been minimized.

Sign in to view
@rust-log-analyzer

This comment has been minimized.

Sign in to view
@rust-bors

This comment has been minimized.

Sign in to view
Dustin4444

This comment was marked as spam.

Sign in to view

@rustbot

This comment has been minimized.

Sign in to view
@rustbot

This comment has been minimized.

Sign in to view
@rust-log-analyzer

This comment has been minimized.

Sign in to view
@rust-log-analyzer

This comment has been minimized.

Sign in to view
@rust-log-analyzer

This comment has been minimized.

Sign in to view
@rust-log-analyzer

This comment has been minimized.

Sign in to view
@rust-log-analyzer

This comment has been minimized.

Sign in to view
@rust-log-analyzer

This comment has been minimized.

Sign in to view
@rust-log-analyzer

This comment has been minimized.

Sign in to view
@rust-log-analyzer

This comment has been minimized.

Sign in to view
@rustbot
Copy link
Copy Markdown
Collaborator

rustbot commented May 11, 2026

This PR was rebased onto a different main commit. Here's a range-diff highlighting what actually changed.

Rebasing is a normal part of keeping PRs up to date, so no action is needed—this note is just to help reviewers.

@rust-log-analyzer

This comment has been minimized.

Sign in to view
@rust-log-analyzer

This comment has been minimized.

Sign in to view
@rust-log-analyzer

This comment has been minimized.

Sign in to view
rcvalle added 4 commits May 12, 2026 18:30
@rcvalle
sanitizers: Add support for stable sanitizers
7817dea 
Add suppport for specifying stable sanitizers in addition to the
existing supported sanitizers.
@rcvalle
sanitizers: Stabilize AddressSanitizer and LeakSanitizer
02e7d48 
Stabilize AddressSanitizer and LeakSanitizer for the Tier 1 targets that
support them.
@rcvalle
sanitizers: Add documentation for stable sanitizers
9e4175e
@rcvalle
sanitizers: Stabilize AddressSanitizer for x86_64_unknown_linux_gnuasan
b16634b 
Stabilize AddressSanitizer for the new x86_64_unknown_linux_gnuasan
Tier 2 target which provides a precompiled Rust Standard Library with it
enabled by default.
@rcvalle
Copy link
Copy Markdown
Member Author

rcvalle commented May 12, 2026

Stabilization Report

Summary

We would like to propose stabilizing AddressSanitizer and LeakSanitizer for the Tier 1 targets that support them. This will be done by

  • Add support for specifying stable sanitizers in addition to the existing supported sanitizers.
  • Removing the -Zsanitizer unstable option and having only the -Csanitize codegen option, and requiring the -Zunstable-options to be passed for using unstable sanitizers.
  • Adding these sanitizers to the stable sanitizers.

After stabilizing these sanitizers, the supported sanitizers will look like this:

Target Supported Sanitizers (Stable) Supported Sanitizers (Unstable)
aarch64-apple-darwin address cfi, realtime, thread
aarch64-apple-ios address, realtime, thread
aarch64-apple-ios-macabi address, leak, thread
aarch64-apple-ios-sim address, realtime, thread
aarch64-apple-visionos address, thread
aarch64-apple-visionos-sim address, thread
aarch64-linux-android address, cfi, hwaddress, memtag, shadow-call-stack
aarch64-unknown-freebsd address, cfi, memory, thread
aarch64-unknown-fuchsia address, cfi, leak, shadow-call-stack
aarch64-unknown-illumos address, cfi
aarch64-unknown-linux-gnu address, leak cfi, hwaddress, kcfi, memory, memtag, realtime, thread
aarch64-unknown-linux-musl address, cfi, leak, memory, thread
aarch64-unknown-linux-ohos address, cfi, hwaddress, leak, memory, memtag, thread
aarch64-unknown-none kcfi, kernel-address, kernel-hwaddress
aarch64-unknown-none-softfloat kcfi, kernel-address, kernel-hwaddress
aarch64-unknown-nuttx kcfi, kernel-address, kernel-hwaddress
aarch64_be-unknown-linux-musl address, cfi, leak, memory, thread
aarch64_be-unknown-none-softfloat kcfi, kernel-address, kernel-hwaddress
aarch64v8r-unknown-none kcfi, kernel-address, kernel-hwaddress
aarch64v8r-unknown-none-softfloat kcfi, kernel-address, kernel-hwaddress
arm-linux-androideabi address
arm-unknown-linux-gnueabihf address
arm64e-apple-darwin address, cfi, thread
arm64e-apple-ios address, thread
armv7-linux-androideabi address
armv7-unknown-linux-gnueabihf address
i586-unknown-linux-gnu address
i686-linux-android address
i686-pc-windows-msvc address
i686-unknown-linux-gnu address
i686-win7-windows-msvc address
loongarch64-unknown-linux-gnu address, cfi, leak, memory, thread
loongarch64-unknown-linux-musl address, cfi, leak, memory, thread
loongarch64-unknown-linux-ohos address, cfi, leak, memory, thread
riscv64-linux-android address
riscv64gc-unknown-fuchsia shadow-call-stack
riscv64gc-unknown-none-elf kernel-address, shadow-call-stack
riscv64gc-unknown-nuttx-elf kernel-address
riscv64imac-unknown-none-elf kernel-address, shadow-call-stack
riscv64imac-unknown-nuttx-elf kernel-address
s390x-unknown-linux-gnu address, leak, memory, thread
s390x-unknown-linux-musl address, leak, memory, thread
s390x-unknown-none-softfloat kernel-address
thumbv7neon-linux-androideabi address
x86_64-apple-darwin address, leak cfi, realtime, thread
x86_64-apple-ios address, thread
x86_64-apple-ios-macabi address, leak, thread
x86_64-linux-android address
x86_64-lynx-lynxos178 address, cfi, dataflow, kcfi, leak, memory, safestack, thread
x86_64-pc-solaris address, cfi, thread
x86_64-pc-windows-msvc address
x86_64-unknown-freebsd address, cfi, memory, thread
x86_64-unknown-fuchsia address, cfi, leak
x86_64-unknown-illumos address, cfi, thread
x86_64-unknown-linux-gnu address, leak cfi, dataflow, kcfi, memory, realtime, safestack, thread
x86_64-unknown-linux-gnuasan address
x86_64-unknown-linux-gnumsan memory
x86_64-unknown-linux-gnutsan thread
x86_64-unknown-linux-musl address, cfi, leak, memory, thread
x86_64-unknown-linux-ohos address, cfi, leak, memory, thread
x86_64-unknown-netbsd address, cfi, leak, memory, thread
x86_64-unknown-none kcfi, kernel-address
x86_64-win7-windows-msvc address
x86_64h-apple-darwin address, cfi, leak, thread

The tracking issue for stabilizing the sanitizers is #123615. This is part of our work to stabilize support for sanitizers in the Rust compiler. (See our roadmap at https://hackmd.io/@rust-exploit-mitigations-pg/Sk6SB1eP-l.)

Documentation

Documentation will be updated by adding documentation for the -Csanitize codegen option to the Codegen Options in the The rustc book.

Tests

You may find current and will find additional test cases for the sanitizers in:

Unresolved Resolved questions

  • Doesn't the sanitizers require rebuilding the Rust Standard Library (i.e., Cargo build-std feature)?
    We're providing new Tier 2 targets that provide a precompiled Rust Standard Library with the sanitizers enabled by default. (For example, see x86_64-unknown-linux-gnumsan.)

@rcvalle
Copy link
Copy Markdown
Member Author

rcvalle commented May 12, 2026

I rebased this PR and resolved all merge conflicts, and it should be ready to review and merge. It also now also stabilizes AddressSanitizer for the new x86_64-unknown-linux-gnuasan Tier 2 target, which provides a precompiled Rust Standard Library with these enabled by default, as discussed and proposed in the MCP (zulip, MCP).

This is work provides the support for and is being continued by @jakos-sec in the Stabilize MemorySanitizer and ThreadSanitizer Support project goal (which is a continuation of Propose a 2025H2 goal for sanitizer stabilization). See the Tracking Issue for stabilizing the sanitizers (e.g., AddressSanitizer, LeakSanitizer, MemorySanitizer, ThreadSanitizer) for more information about it and implementation history.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ehuss ehuss ehuss left review comments

@lqd lqd lqd left review comments

@wesleywiser wesleywiser wesleywiser requested changes

@traviscross traviscross traviscross left review comments

@jieyouxu jieyouxu jieyouxu left review comments

@davidtwco davidtwco davidtwco approved these changes

@petrochenkov petrochenkov petrochenkov approved these changes

@madsmtm madsmtm madsmtm approved these changes

+2 more reviewers

@compiler-errors compiler-errors compiler-errors left review comments

@Dustin4444 Dustin4444 Dustin4444 approved these changes

Reviewers whose approvals may not affect merge requirements

Requested changes must be addressed to merge this pull request.

Assignees

@davidtwco davidtwco

Labels

A-compiletest Area: The compiletest test runner A-LLVM Area: Code generation parts specific to LLVM. Both correctness bugs and optimization-related issues. A-meta Area: Issues & PRs about the rust-lang/rust repository itself A-run-make Area: port run-make Makefiles to rmake.rs A-rust-for-linux Relevant for the Rust-for-Linux project A-testsuite Area: The testsuite used to check the correctness of rustc disposition-merge This issue / PR is in PFCP or FCP with a disposition to merge it. I-lang-radar Items that are on lang's radar and will need eventual work or consideration. needs-fcp This change is insta-stable, or significant enough to need a team FCP to proceed. PG-exploit-mitigations Project group: Exploit mitigations proposed-final-comment-period Proposed to merge/close by relevant subteam, see T-<team> label. Will enter FCP once signed off. S-waiting-on-author Status: This is awaiting some action (such as code changes or more information) from the author. S-waiting-on-concerns Status: Awaiting concerns to be addressed by the author T-bootstrap Relevant to the bootstrap subteam: Rust's build system (x.py and src/bootstrap) T-compiler Relevant to the compiler team, which will review and decide on the PR/issue. T-infra Relevant to the infrastructure team, which will review and decide on the PR/issue. T-lang Relevant to the language team T-rustdoc-frontend Relevant to the rustdoc-frontend team, which will review and decide on the web UI/UX output.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.