So far, BorrowSanitizer has ignored the LLVM captures metadata, and we do not have a plan yet for how we would use this in our instrumentation pass. We rely entirely on the retag calls described here. We are targeting Rust’s aliasing model, so I would guess that a hypothetical “refsan” implementation would focus on validating a model of LLVM’s semantics. The implementation of BorrowSanitizer could be modified and repurposed to implement something like this, so I could eventually see us doing something with captures.
Over here, I was thinking about whether we would be able to “reliably interpret typed stores as retags”. That was unclear—what I meant is, if the Rust compiler emitted captures metadata for stores, then it could be possible to add additional metadata to captures so that it could act as a retag at this level, without needing an explicit function call. However, this would not handle all of the situations where a retag needs to happen. For now…
This is the route that I would choose so that we could continue to move this proposal forward as an MCP. From what I understand, if we no longer have MIR Retag statements, then we could still emit the retag function calls that I described in this proposal. We would just need to determine whether each argument and assignment statement needs a retag during codegen without relying on MIR retag statements to tell us this. As @RalfJung indicated above, this may be easier said than done. But, if we can figure out where retags need to happen at this level, then I do not think we would need to make many other significant changes to the prototype implementation of this proposal for it to work without MIR retags.