Usage:
$ ASAN_OPTIONS="detect_leaks=1:halt_on_error=0" RUSTFLAGS="-Z sanitizer=address" cargo +nightly run -Z build-std=core,alloc --target aarch64-apple-darwin
Output:
Finished dev [unoptimized + debuginfo] target(s) in 0.07s
Running `target/aarch64-apple-darwin/debug/leaks`
leaks(28333,0x1db84a080) malloc: nano zone abandoned due to inability to reserve vm space.
=================================================================
==28333==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x00016d6e6770 at pc 0x00010271d04c bp 0x00016d6e6710 sp 0x00016d6e6708
READ of size 4 at 0x00016d6e6770 thread T0
#0 0x10271d048 in leaks::main::he4137162ef3900a3 main.rs:6
#1 0x10271c184 in core::ops::function::FnOnce::call_once::hdf9058bd2ff01149 function.rs:250
#2 0x10271c9d0 in std::sys_common::backtrace::__rust_begin_short_backtrace::he26781f8c6b72ad4 backtrace.rs:154
#3 0x10271d450 in std::rt::lang_start::_$u7b$$u7b$closure$u7d$$u7d$::hc97e2fe9e37441ee rt.rs:166
#4 0x102732fc4 in std::rt::lang_start_internal::he7720f54a7725a31+0x280 (leaks:arm64+0x10001afc4)
#5 0x10271d368 in std::rt::lang_start::h99ca2deabf44d053 rt.rs:165
#6 0x10271d154 in main+0x20 (leaks:arm64+0x100005154)
#7 0x18046ff24 (<unknown module>)
#8 0xd19fffffffffffc (<unknown module>)
Address 0x00016d6e6770 is located in stack of thread T0 at offset 80 in frame
#0 0x10271ca24 in leaks::main::he4137162ef3900a3 main.rs:1
This frame has 4 object(s):
[32, 48) 'self.dbg.spill.i2'
[64, 80) 'xs' (line 5) <== Memory access at offset 80 overflows this variable
[96, 120) '_8' (line 3)
[160, 184) 'forget_me' (line 2)
HINT: this may be a false positive if your program uses some custom stack unwind mechanism, swapcontext or vfork
(longjmp and C++ exceptions *are* supported)
SUMMARY: AddressSanitizer: stack-buffer-overflow main.rs:6 in leaks::main::he4137162ef3900a3
Shadow bytes around the buggy address:
0x00016d6e6480: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x00016d6e6500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x00016d6e6580: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x00016d6e6600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x00016d6e6680: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x00016d6e6700: 00 00 00 00 f1 f1 f1 f1 00 00 f2 f2 00 00[f2]f2
0x00016d6e6780: f8 f8 f8 f2 f2 f2 f2 f2 00 00 00 f3 f3 f3 f3 f3
0x00016d6e6800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x00016d6e6880: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x00016d6e6900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
0x00016d6e6980: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==28333==ABORTING
Abort trap: 6