AD2041: RustEnableSanitizersPE¶

Summary¶

Description¶

Rust PE binaries used for testing or development should consider using sanitizers to detect memory safety issues, undefined behavior, and other bugs.

Note: This is an informational rule. Sanitizers are typically used in testing, not production.

How It Works¶

The rule checks for sanitizer runtime symbols:

1. AddressSanitizer (ASAN) symbols
2. UndefinedBehaviorSanitizer (UBSAN) symbols
3. ThreadSanitizer (TSAN) symbols (where supported)

Why This Matters¶

Even with Rust's memory safety guarantees, unsafe code blocks and FFI can introduce bugs. Sanitizers help catch issues in unsafe code and C/C++ dependencies.

Rust + Sanitizers¶

Unsafe Code Coverage¶

// Safe Rust: Memory safe by design
fn safe_function() { ... }

// Unsafe Rust: Needs extra verification
unsafe fn unsafe_function() {
    // ASAN catches errors here
    let ptr = alloc(...);
    *ptr = value;  // ASAN monitors this
}

Windows Support¶

Performance Considerations¶

Rust sanitizers have significant overhead—use only for testing:

Rust-specific considerations: - Safe Rust has minimal interaction with sanitizers (already memory-safe) - Overhead primarily affects unsafe blocks and FFI code - Mixed Rust/C codebases see higher relative overhead

Test infrastructure impact:

Recommended approach:

# Run sanitizer tests on unsafe-heavy crates
RUSTFLAGS="-Zsanitizer=address" cargo +nightly test -p unsafe_crate

Resolution¶

Enable sanitizers in test builds:

# Nightly Rust with ASAN
RUSTFLAGS="-Zsanitizer=address" cargo +nightly build

# Run tests with sanitizer
RUSTFLAGS="-Zsanitizer=address" cargo +nightly test

Cargo Configuration¶

# .cargo/config.toml for testing
[build]
rustflags = ["-Zsanitizer=address"]

[target.x86_64-pc-windows-msvc]
rustflags = ["-Zsanitizer=address"]