nice-- there's a "minimal" runtime for UBSan in productionpic.twitter.com/JDwhP5ZDIW
You can add location information to your Tweets, such as your city or precise location, from the web and via third-party applications. You always have the option to delete your Tweet location history. Learn more
Ah, that makes it a lot less exciting then - not really suitable for use in production, as it just adds attack surface.
It seems like this minimal runtime is there to provide something sane enough to deploy in production in anticipation of enforcing it.
It doesn't support error reporting for -fsanitize=vptr, but vptr and rest of the CFI defaults to the trapping mode, not the debug runtime.
UBSan + trapping definitely works with musl, minimal debug runtime probably does too, but CFI and SafeStack need libc support to fully work.
Linker / libc support. CFI is also a lot more efficient if library loading is adjusted to provide it guarantees (forcing spread out libs).
Non-CFI UBSan doesn't include anything that requires a runtime or metadata. CFI makes big tables and needs linker help for dynlib support.
Not sure exactly what SafeStack needs, but seems to need libc integration to support shared libs + libc needs to not break it with leaks.
If libc uses the main thread stack for anything like TLS where pointers point at it from outside stack, it's leaking the SafeStack location.
Similarly for main stack, kernel ASLR only has a tiny bit of entropy for stack vs. argument block, really needs to be better for SafeStack.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.