YT-24061: ROPSan: tagging sanitizer for master raw object pointers

Master is currently swarming with raw object pointers and this is not likely to change much in the nearest future.

Goal 1: For production/prestable builds: prevent master from writing inconsistent and broken snapshots from state containing dangling pointers.
Goal 2: For testing/debug builds: enable early detection of dangling pointer use.

Enter ROPSan: Raw Pointer Object Sanitizer!

`TRawObjectPtr<T>` is a drop-in replacement for `T*` that is 95%-compatible with raw pointer. For convenience, `TSomethingRawPtr` is auto-declared for each master type `TSomething`.

One need not replace `T*` with `TRawObjectPtr<T>` everywhere but is expected to do so for fields comprising master state (these are serialized in `Save/Load/Persist` methods). To incentivize this, we are no longer providing automatic serializers for raw pointers to master object types.

In release build, `TRawObjectPtr<T>` reduces to a trivial wrapper around  `T*` and is not expected to cause any overhead.

In checked builds, `TRawObjectPtr` becomes tagged: its highest 16 bits are used to (statistically) detect use-after-free scenarios. Each `TObject` is also tagged with a random 16-bit value during construction. This tag is read from the object and is incorporated into `TRawObjectPtr` upon conversion for raw pointer. Tags are checked each time `TRawObjectPtr` is used. When an object is destructed, its tag is overwritten with `0xdead` sentinel value.

See `yt/yt/server/master/object_server/public.h` for a  detailed list of control knobs.
commit_hash:b0a4cd39f0cbae7ca5c7486fd7fca4a32ad4cffe

0 files changed, 0 insertions, 0 deletions