Address sanitizer(ASAN) flag doesn't seem to work

[StevenJiang1110]

I want to use honggfuzz-rs to fuzz some unsafe code, however, the ASAN doesn't seem to work. For example, I use the code just from the example directory, and replace the code in main.rs with

#[macro_use] extern crate honggfuzz;

fn main() {
    loop {
        fuzz!(|data: &[u8]| {
            // use after free bug
            let xs = vec![0, 1, 2, 3];
            let y = xs.as_ptr();
            drop(xs);
            let z = unsafe { *y };
        });
    }
}

I fuzz the project with

RUSTFLAGS="-Z sanitizer=address" cargo hfuzz run example

However, the fuzzer can not detect the bug(Theres should be only one path). There's one warning message from honggfuzz. I hope you can check if this can work properly. Thanks a lot.

[PaulGrandperrin]

Hi, It's surprising but it's expected I would say:

• to fuzz the executables quickly, they are compiled with optimizations: https://github.com/rust-fuzz/honggfuzz-rs/blob/master/src/bin/cargo-hfuzz.rs#L178
• the result of your dereferencement is never used thus optimized out at compilation time
• so it's never triggered

if you want to force the bug to happen, you can override the optimization level:

RUSTFLAGS="-Z sanitizer=address -C opt-level=0 " cargo hfuzz run example