Rust with Address Sanitizer on M1 macOS

README.md

Usage:

$ ASAN_OPTIONS="detect_leaks=1:halt_on_error=0"  RUSTFLAGS="-Z sanitizer=address" cargo +nightly run -Z build-std=core,alloc --target aarch64-apple-darwin

Output:

    Finished dev [unoptimized + debuginfo] target(s) in 0.07s
     Running `target/aarch64-apple-darwin/debug/leaks`
leaks(28333,0x1db84a080) malloc: nano zone abandoned due to inability to reserve vm space.
=================================================================
==28333==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x00016d6e6770 at pc 0x00010271d04c bp 0x00016d6e6710 sp 0x00016d6e6708
READ of size 4 at 0x00016d6e6770 thread T0
    #0 0x10271d048 in leaks::main::he4137162ef3900a3 main.rs:6
    #1 0x10271c184 in core::ops::function::FnOnce::call_once::hdf9058bd2ff01149 function.rs:250
    #2 0x10271c9d0 in std::sys_common::backtrace::__rust_begin_short_backtrace::he26781f8c6b72ad4 backtrace.rs:154
    #3 0x10271d450 in std::rt::lang_start::_$u7b$$u7b$closure$u7d$$u7d$::hc97e2fe9e37441ee rt.rs:166
    #4 0x102732fc4 in std::rt::lang_start_internal::he7720f54a7725a31+0x280 (leaks:arm64+0x10001afc4)
    #5 0x10271d368 in std::rt::lang_start::h99ca2deabf44d053 rt.rs:165
    #6 0x10271d154 in main+0x20 (leaks:arm64+0x100005154)
    #7 0x18046ff24  (<unknown module>)
    #8 0xd19fffffffffffc  (<unknown module>)

Address 0x00016d6e6770 is located in stack of thread T0 at offset 80 in frame
    #0 0x10271ca24 in leaks::main::he4137162ef3900a3 main.rs:1

  This frame has 4 object(s):
    [32, 48) 'self.dbg.spill.i2'
    [64, 80) 'xs' (line 5) <== Memory access at offset 80 overflows this variable
    [96, 120) '_8' (line 3)
    [160, 184) 'forget_me' (line 2)
HINT: this may be a false positive if your program uses some custom stack unwind mechanism, swapcontext or vfork
      (longjmp and C++ exceptions *are* supported)
SUMMARY: AddressSanitizer: stack-buffer-overflow main.rs:6 in leaks::main::he4137162ef3900a3
Shadow bytes around the buggy address:
  0x00016d6e6480: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x00016d6e6500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x00016d6e6580: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x00016d6e6600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x00016d6e6680: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x00016d6e6700: 00 00 00 00 f1 f1 f1 f1 00 00 f2 f2 00 00[f2]f2
  0x00016d6e6780: f8 f8 f8 f2 f2 f2 f2 f2 00 00 00 f3 f3 f3 f3 f3
  0x00016d6e6800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x00016d6e6880: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x00016d6e6900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x00016d6e6980: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
==28333==ABORTING
Abort trap: 6

main.rs

fn main() {
    let forget_me = vec![0, 1, 2, 3];
    std::mem::forget(forget_me);

    let xs = [0, 1, 2, 3];
    let _y = unsafe { *xs.as_ptr().offset(4) };
}