From 6d57986a646a2bf9864aaea0e0644ba743b161f3 Mon Sep 17 00:00:00 2001
From: Thom Chiovoloni <thom@shift.click>
Date: Tue, 25 Jul 2023 13:56:58 -0700
Subject: [PATCH 1/2] Document situation around sanitizers and hardened
 allocators

---
 MEMORY_CHECKING.md | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

diff --git a/MEMORY_CHECKING.md b/MEMORY_CHECKING.md
index 24e336634..930c5a1a5 100644
--- a/MEMORY_CHECKING.md
+++ b/MEMORY_CHECKING.md
@@ -14,8 +14,18 @@ For some background see the writeup in <https://github.com/pgcentralfoundation/p
 
 ### Sanitizers
 
-TODO
+Sanitizers can be enabled when building postgres, but not Postgres extensions (TODO: still figuring this out). These have a smaller runtime impact than use of valgrind, but unfortunately they also detect considerably less UB.
+
+In general, the way to do this is to set `SANITIZER_FLAGS=-fsanitize=<sanitizer>` during `cargo pgrx init`. Note that this is incompatible with running under valgrind, although the `--valgrind` flag can still be used (it would have no benefit). For example:
+
+1. Scudo+GWP-ASAN: `SANITIZER_FLAGS=-fsanitize=scudo cargo pgrx init`. This is generally recommended if you aren't going to run under valgrind, as the overhead is quite low and while the frequency of bug detection is similarly low, it is nonzero.
+
+    Notably, unlike the rest of these, doing this for postgres will also apply to PGRX extensions (so long as they don't override the `#[global_allocator]`), since it's basically just setting up the allocator in a certain way.
+
+2. Address sanitizer: `SANITIZER_FLAGS=-fsanitize=address cargo pgrx init`. This is more situational, since it can cause false-positives if the whole world is not built with ASAN enabled. Unfortunately, doing so is not possible in our case (TODO: still figuring this out).
+
+3. Work on supporting other sanitizers, such as memory and UB sanitizer, is still TODO.
 
 ### Hardened Allocators
 
-For basic usage of electric fence or scudo, `LD_PRELOAD=libefence.so cargo test` or `LD_PRELOAD=libscudo.so cargo test`. More advanced usage (like GWP-ASAN) is still TODO.
+For basic usage of electric fence or scudo, `LD_PRELOAD=libefence.so cargo test` or `LD_PRELOAD=libscudo.so cargo test` (after installing the required library). However, for more advanced usage, see the documentation in the previous section about using Scudo.

From 88ab68fb9380da462409e118ec464ec1071c4ebf Mon Sep 17 00:00:00 2001
From: Thom Chiovoloni <thom@shift.click>
Date: Tue, 1 Aug 2023 09:40:43 -0700
Subject: [PATCH 2/2] Update sanitizer docs

---
 MEMORY_CHECKING.md | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/MEMORY_CHECKING.md b/MEMORY_CHECKING.md
index 930c5a1a5..b38cd03e1 100644
--- a/MEMORY_CHECKING.md
+++ b/MEMORY_CHECKING.md
@@ -14,7 +14,7 @@ For some background see the writeup in <https://github.com/pgcentralfoundation/p
 
 ### Sanitizers
 
-Sanitizers can be enabled when building postgres, but not Postgres extensions (TODO: still figuring this out). These have a smaller runtime impact than use of valgrind, but unfortunately they also detect considerably less UB.
+Sanitizers can be enabled when building postgres, but not postgres extensions. These have a smaller runtime impact than use of valgrind, but unfortunately they also detect considerably less UB.
 
 In general, the way to do this is to set `SANITIZER_FLAGS=-fsanitize=<sanitizer>` during `cargo pgrx init`. Note that this is incompatible with running under valgrind, although the `--valgrind` flag can still be used (it would have no benefit). For example:
 
@@ -22,10 +22,10 @@ In general, the way to do this is to set `SANITIZER_FLAGS=-fsanitize=<sanitizer>
 
     Notably, unlike the rest of these, doing this for postgres will also apply to PGRX extensions (so long as they don't override the `#[global_allocator]`), since it's basically just setting up the allocator in a certain way.
 
-2. Address sanitizer: `SANITIZER_FLAGS=-fsanitize=address cargo pgrx init`. This is more situational, since it can cause false-positives if the whole world is not built with ASAN enabled. Unfortunately, doing so is not possible in our case (TODO: still figuring this out).
+2. Address sanitizer: `SANITIZER_FLAGS=-fsanitize=address cargo pgrx init`. This is more situational, since it can cause false-positives if the whole world is not built with ASAN enabled. Unfortunately, doing so is not possible in our case.
 
-3. Work on supporting other sanitizers, such as memory and UB sanitizer, is still TODO.
+3. Work on supporting other sanitizers, such as memory and UB sanitizer is blocked by our inability to build everything under sanitization. Thread sanitizer is possible, but mostly useless.
 
 ### Hardened Allocators
 
-For basic usage of electric fence or scudo, `LD_PRELOAD=libefence.so cargo test` or `LD_PRELOAD=libscudo.so cargo test` (after installing the required library). However, for more advanced usage, see the documentation in the previous section about using Scudo.
+For basic usage of electric fence or scudo, `LD_PRELOAD=libefence.so cargo test` or `LD_PRELOAD=libscudo.so cargo test` (after installing the required library). However, for more advanced usage, see the documentation in the previous section about using Scudo, which is recommended.