You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository was archived by the owner on Dec 17, 2025. It is now read-only.
The bounds and object-size sanitizers in the debugging mode are useful for moving code towards compatibility with more complete bounds checking along with being decent security features in their own right via the trapping mode. Coverage isn't great but it's decent enough to be useful and the performance cost is only going to get higher with more complete implementations even with substantial optimization improvements.
It would be useful to figure out how far away kernel code is from being able to use these in production. Targeted usage for core kernel code that's used everywhere can make this realistic. These features can be enabled on a case-by-case basis which is not only useful for compatibility but also performance, since performance-critical areas for a workload can be excluded if necessary on a subsystem / module, file or even function basis via no_sanitize.