]>
Commit | Line | Data |
---|---|---|
74b04a01 XL |
1 | # Sanitizers Support |
2 | ||
3 | The rustc compiler contains support for following sanitizers: | |
4 | ||
5 | * [AddressSanitizer][clang-asan] a faster memory error detector. Can | |
6 | detect out-of-bounds access to heap, stack, and globals, use after free, use | |
7 | after return, double free, invalid free, memory leaks. | |
8 | * [LeakSanitizer][clang-lsan] a run-time memory leak detector. | |
9 | * [MemorySanitizer][clang-msan] a detector of uninitialized reads. | |
10 | * [ThreadSanitizer][clang-tsan] a fast data race detector. | |
11 | ||
12 | ## How to use the sanitizers? | |
13 | ||
6a06907d | 14 | To enable a sanitizer compile with `-Z sanitizer=...` option, where value is one |
74b04a01 XL |
15 | of `address`, `leak`, `memory` or `thread`. For more details how to use |
16 | sanitizers please refer to [the unstable book](https://doc.rust-lang.org/unstable-book/). | |
17 | ||
18 | ## How are sanitizers implemented in rustc? | |
19 | ||
20 | The implementation of sanitizers relies almost entirely on LLVM. The rustc is | |
21 | an integration point for LLVM compile time instrumentation passes and runtime | |
22 | libraries. Highlight of the most important aspects of the implementation: | |
23 | ||
24 | * The sanitizer runtime libraries are part of the [compiler-rt] project, and | |
25 | [will be built on supported targets][sanitizer-build] when enabled in `config.toml`: | |
26 | ||
27 | ```toml | |
28 | [build] | |
29 | sanitizers = true | |
30 | ``` | |
31 | ||
32 | The runtimes are [placed into target libdir][sanitizer-copy]. | |
33 | ||
34 | * During LLVM code generation, the functions intended for instrumentation are | |
35 | [marked][sanitizer-attribute] with appropriate LLVM attribute: | |
36 | `SanitizeAddress`, `SanitizeMemory`, or `SanitizeThread`. By default all | |
37 | functions are instrumented, but this behaviour can be changed with | |
38 | `#[no_sanitize(...)]`. | |
39 | ||
40 | * The decision whether to perform instrumentation or not is possible only at a | |
41 | function granularity. In the cases were those decision differ between | |
42 | functions it might be necessary to inhibit inlining, both at [MIR | |
43 | level][inline-mir] and [LLVM level][inline-llvm]. | |
44 | ||
45 | * The LLVM IR generated by rustc is instrumented by [dedicated LLVM | |
46 | passes][sanitizer-pass], different for each sanitizer. Instrumentation | |
47 | passes are invoked after optimization passes. | |
48 | ||
49 | * When producing an executable, the sanitizer specific runtime library is | |
50 | [linked in][sanitizer-link]. The libraries are searched for in target libdir | |
51 | relative to default system root, so that this process is not affected | |
6a06907d | 52 | by sysroot overrides used for example by cargo `-Z build-std` functionality. |
74b04a01 | 53 | |
6a06907d | 54 | [compiler-rt]: https://github.com/llvm/llvm-project/tree/main/compiler-rt |
74b04a01 XL |
55 | [sanitizer-build]: https://github.com/rust-lang/rust/blob/a29424a2265411dda7d7446516ac5fd7499e2b55/src/bootstrap/native.rs#L566-L624 |
56 | [sanitizer-copy]: https://github.com/rust-lang/rust/blob/a29424a2265411dda7d7446516ac5fd7499e2b55/src/bootstrap/compile.rs#L270-L304 | |
57 | [sanitizer-attribute]: https://github.com/rust-lang/rust/blob/a29424a2265411dda7d7446516ac5fd7499e2b55/src/librustc_codegen_llvm/attributes.rs#L49-L72 | |
58 | [inline-mir]: https://github.com/rust-lang/rust/blob/a29424a2265411dda7d7446516ac5fd7499e2b55/src/librustc_mir/transform/inline.rs#L232-L252 | |
59 | [inline-llvm]: https://github.com/rust-lang/llvm-project/blob/9330ec5a4c1df5fc1fa62f993ed6a04da68cb040/llvm/include/llvm/IR/Attributes.td#L225-L241 | |
60 | [sanitizer-pass]: https://github.com/rust-lang/rust/blob/a29424a2265411dda7d7446516ac5fd7499e2b55/src/librustc_codegen_llvm/back/write.rs#L454-L475 | |
61 | [sanitizer-link]: https://github.com/rust-lang/rust/blob/a29424a2265411dda7d7446516ac5fd7499e2b55/src/librustc_codegen_ssa/back/link.rs#L748-L787 | |
62 | ||
63 | ## Additional Information | |
64 | ||
65 | * [Sanitizers project page](https://github.com/google/sanitizers/wiki/) | |
66 | * [AddressSanitizer in Clang][clang-asan] | |
67 | * [LeakSanitizer in Clang][clang-lsan] | |
68 | * [MemorySanitizer in Clang][clang-msan] | |
69 | * [ThreadSanitizer in Clang][clang-tsan] | |
70 | ||
71 | [clang-asan]: https://clang.llvm.org/docs/AddressSanitizer.html | |
72 | [clang-lsan]: https://clang.llvm.org/docs/LeakSanitizer.html | |
73 | [clang-msan]: https://clang.llvm.org/docs/MemorySanitizer.html | |
74 | [clang-tsan]: https://clang.llvm.org/docs/ThreadSanitizer.html |