nice-- there's a "minimal" runtime for UBSan in productionpic.twitter.com/JDwhP5ZDIW
You can add location information to your Tweets, such as your city or precise location, from the web and via third-party applications. You always have the option to delete your Tweet location history. Learn more
And of course, does it build out of the box with musl yet?
here's the patch: https://reviews.llvm.org/rL312029 definitely not as minimal as -fsanitize-trap=undefined sorry, don't know about musl
If you want immediate abort, there's already -fsanitize-trap which avoids the need for a runtime at all. Can specify non-builtin-trap abort.
What additional functionality does the "minimal runtime" provide? AFAIK some sanitizer functionality needs runtime to track&find UB.
UBSan consists of simple checks without the need for a runtime. This isn't tied to ASan, TSan, MSan, DFSan. It's only the simple UB checks.
Functionality it provides is error reporting, nothing more. Trapping aborts, error reporting mode is generally used to report and continue.
Ah, that makes it a lot less exciting then - not really suitable for use in production, as it just adds attack surface.
It seems like this minimal runtime is there to provide something sane enough to deploy in production in anticipation of enforcing it.
It doesn't support error reporting for -fsanitize=vptr, but vptr and rest of the CFI defaults to the trapping mode, not the debug runtime.
UBSan + trapping definitely works with musl, minimal debug runtime probably does too, but CFI and SafeStack need libc support to fully work.
- Abort-on-err is optional - Logging logic fits in 40 LOC
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.