考虑支持 rustc unstable flag sanitizer 作为动态检查工具? #17
Description
Rust 编译器有一个不稳定的代码安全质量检查标志: https://doc.rust-lang.org/nightly/unstable-book/compiler-flags/sanitizer.html
Sanitizers are tools that help detect and prevent various types of bugs and vulnerabilities in software. They are available in compilers and work by instrumenting the code to add additional runtime checks. ...
they are typically used alongside other best practices in software development, such as testing and fuzzing, to ensure the highest level of software quality and security.
This feature allows for use of one of following sanitizers:
Those intended for testing or fuzzing (but not production use):
- AddressSanitizer a fast memory error detector.
- HWAddressSanitizer a memory error detector similar to
AddressSanitizer, but based on partial hardware assistance.- LeakSanitizer a run-time memory leak detector.
- MemorySanitizer a detector of uninitialized reads.
- ThreadSanitizer a fast data race detector.
Those that apart from testing, may be used in production:
- ControlFlowIntegrity LLVM Control Flow Integrity
(CFI) provides forward-edge control flow protection.- DataFlowSanitizer a generic dynamic data flow analysis
framework.- KernelControlFlowIntegrity LLVM Kernel
Control Flow Integrity (KCFI) provides forward-edge control flow protection
for operating systems kernels.- MemTagSanitizer fast memory error detector based on
Armv8.5-A Memory Tagging Extension.- SafeStack provides backward-edge control flow protection by
separating the stack into safe and unsafe regions.- ShadowCallStack provides backward-edge control flow
protection (aarch64 only).
target-spec-json 编译选项可知道当前架构支持哪些检查类型,输出示例 #25
{
"arch": "x86_64",
"supported-sanitizers": [
"address",
"leak",
"memory",
"thread",
"cfi",
"kcfi",
"safestack",
"dataflow"
]
}{
"arch": "riscv64",
"supported-sanitizers": [
"kernel-address"
]
}