miri VS sanitizers

Provenance is a dynamic property of pointer values. The actual underlying rules that a program must follow, even when using raw pointers and `unsafe`, are written in terms of provenance. Miri (https://github.com/rust-lang/miri) represents provenance as an actual value stored alongside each pointer's address, so it can check for violations of these rules.

Lifetimes are a static approximation of provenance. They are erased after being validated by the borrow checker, and do not exist in Miri or have any impact on what transformations the optimizer may perform. In other words, the provenance rules allow a superset of what the borrow checker allows.

There has been discussion of doing this with MIRI, which would be easier than all of rustc.

This issue has been fixed: https://github.com/rust-lang/miri/issues/2964

Actually, I've done more advanced tests with MIRI (see https://github.com/rust-lang/miri/issues/2920 for example) which allowed me to fix some issues. I've also made the code compatible with loom, but I didn't found the time yet to write and execute loom tests. That's on the TODO-list, and I need to track it with an issue too.

He is one of the big brains behind Miri, which is a interpreter that runs on the MIR (compiler representation between human code and asm/machine code) and detects undefined behavior. Super useful tool for language safety, pretty interesting on its own.

I would also run your tests in Miri (https://github.com/rust-lang/miri) to try to cover more bases.

You can run miri and it will tell you if the given run triggered any undefined behavior. It will not analyze it for every possible use of the code, but checking for the presence of this specific issue using it should be fairly simple.

If you do encounter a piece of code on which TB performs much worse than SB, do submit it as an issue! There was one recently and we massively improved TB performance on this case by improving garbage collection.

AddressSanitizer is really useful, it's similar to Valgrind but has much lower overhead.

And if you're up for it, I'd further recommend adding some ways to deal with buffer overflows in debug builds. The way I deal with this is by using Address-Sanitizer's manual poisoning api. Bonus point if you leave additional poisoned space between allocations so off by one errors are likely to end up in a poisoned region instead of nearby allocation.

It also doesn't hurt that Miri can find many kinds of unsafe violations even in unsafe blocks. Zig may get something like this one day, but even if it does, checking things at runtime is not a substitute for compile time -- the C++ Sanitizers haven't exactly solved the safety story for C++ even over a decade later.

This is where stuff like ASan is really useful.

Use: https://github.com/google/sanitizers/wiki/AddressSanitizer

Have you tried using tools like ASAN/LSAN or valgrind to confirm that there are indeed no memory leaks?

Compile with ASAN and UBSAn