It is possible to build Rust programs using LLVM sanitizers: https://rustc-dev-guide.rust-lang.org/sanitizers.html

Recently I found a heap memory overflow via fuzzing that runs Wasmi using address sanitizer. Wasmi CLI can be build with LLVM's powerful address sanitizer and run on some Wasm input as shown below where x.wat is the Wasm input, f is the name of the executed exported Wasm function followed by an optional set of parameters (1 2 3).

RUSTFLAGS=-Zsanitizer=address cargo +nightly run -Zbuild-std -p wasmi_cli --target aarch64-apple-darwin -- x.wat --invoke f 1 2 3

Ideally we run all of our tests on CI always using the address sanitizer, thus finding particularly hard to find memory bugs.

Locally I can run Wasmi tests with LLVM's address sanitizer using:

RUSTFLAGS=-Zsanitizer=address cargo +nightly test -Zbuild-std --target aarch64-apple-darwin --tests

The drawbacks are

• This requires nightly Rust versions.
• It weirdly requires us to state the target which in my case (macOS + M2 processor) is aarch64-apple-darwin.
• RUSTFLAGS need to be passed, but I am optimistic that we can feed those args using different means since this is quite ugly.
• Doc tests do not seem to work (linker error) therefore we are required to pass --tests.