Building a confidential computing platform means memory bugs aren't just bugs—they're trust violations.
Here's what we learned after instrumenting every module.
The Setup
Our platform handles sensitive workloads for telecom, semiconductor, and supply chain clients. We decided to go all-in on compile-time memory safety verification.
The Gotchas Nobody Tells You
1. You can't run ASan and TSan together.
Different shadow memory layouts. We run separate CI jobs for each.
2. MSan is useless without fully-instrumented libc.
Partial instrumentation = false positive hell. Budget time for this.
3. Kernel sanitizers have wildly different overhead.
On ARM64, tag-based modes give 5-15%. Generic mode? 100-300%. Know which you're using.
4. Production sampling is the answer.
Full instrumentation in staging. Sampling-based detection in production. Near-zero overhead.
The Payoff
Every sanitizer result feeds into our evidence chain. When clients ask "prove your platform is secure," we hand them cryptographic receipts, not policy documents.
Worth the effort? Absolutely. Memory safety isn't a feature—it's architecture.
Building this at Codebat. Happy to answer questions.
Top comments (0)