Description
Wednesday Dec 03, 2014 at 19:58 GMT
For earlier discussion, see rust-lang/rust#19504
This issue was labelled with: A-an-interesting-project, A-llvm, E-hard in the Rust repository
Backstory: being Valgrind-clean is a blocker for 1.0 (#13217). But Valgrind gives us tons of false positives (#5856) because of a specific tactic used by LLVM to generate optimized code (http://llvm.org/bugs/show_bug.cgi?id=12319). Neither LLVM nor Valgrind are incorrect here, so this is unlikely to ever be resolved (rust-lang/rust#5856 (comment)). And the overall volume of false positives is so great that we often succumb to just turning off Valgrind entirely to get any work done (rust-lang/rust#13217 (comment)).
There is an alternative: ASAN, which is integrated into LLVM and designed to produce no false positives in addition to being relatively low on runtime overhead (https://address-sanitizer.googlecode.com/files/address_sanity_checker.pdf). It is sponsored by Google and used in Chromium to great effect. But adding support is nontrivial:
This really needs to be refiled as "implement address sanitizer support" which is a huge project. It's not useful without frontend support, and IMO it's too much complexity to add to librustc in the current state it's in. Sanitizers would need to be added for all the unsafe intrinsics along with unsafe pointer dereferencing. It's not going to map well to the sanitizers used by Clang, since Rust does everything in the libraries with the basic compiler intrinsics. It doesn't have a language feature for unsafe indexing of arrays, etc.
Not only would ASAN support be a tremendous task, it would also ideally never generate any hits for Rust code. However, unsafe code exists, and developers can (and will (and have (we just don't know it yet))) get it wrong. More lines of defense are always valuable.
If you're looking for a very challenging and long-term but (IMO) very important Rust-related project to test your skills, this is the project for you.