Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Document situation around sanitizers and hardened allocators #1232

Draft
wants to merge 2 commits into
base: develop
Choose a base branch
from
Draft
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
14 changes: 12 additions & 2 deletions MEMORY_CHECKING.md
Original file line number Diff line number Diff line change
Expand Up @@ -14,8 +14,18 @@ For some background see the writeup in <https://github.com/pgcentralfoundation/p

### Sanitizers

TODO
Sanitizers can be enabled when building postgres, but not postgres extensions. These have a smaller runtime impact than use of valgrind, but unfortunately they also detect considerably less UB.

In general, the way to do this is to set `SANITIZER_FLAGS=-fsanitize=<sanitizer>` during `cargo pgrx init`. Note that this is incompatible with running under valgrind, although the `--valgrind` flag can still be used (it would have no benefit). For example:

1. Scudo+GWP-ASAN: `SANITIZER_FLAGS=-fsanitize=scudo cargo pgrx init`. This is generally recommended if you aren't going to run under valgrind, as the overhead is quite low and while the frequency of bug detection is similarly low, it is nonzero.

Notably, unlike the rest of these, doing this for postgres will also apply to PGRX extensions (so long as they don't override the `#[global_allocator]`), since it's basically just setting up the allocator in a certain way.

2. Address sanitizer: `SANITIZER_FLAGS=-fsanitize=address cargo pgrx init`. This is more situational, since it can cause false-positives if the whole world is not built with ASAN enabled. Unfortunately, doing so is not possible in our case.

3. Work on supporting other sanitizers, such as memory and UB sanitizer is blocked by our inability to build everything under sanitization. Thread sanitizer is possible, but mostly useless.

### Hardened Allocators

For basic usage of electric fence or scudo, `LD_PRELOAD=libefence.so cargo test` or `LD_PRELOAD=libscudo.so cargo test`. More advanced usage (like GWP-ASAN) is still TODO.
For basic usage of electric fence or scudo, `LD_PRELOAD=libefence.so cargo test` or `LD_PRELOAD=libscudo.so cargo test` (after installing the required library). However, for more advanced usage, see the documentation in the previous section about using Scudo, which is recommended.