Compiler Sanitizers
Compiler Sanitizers
The C/C++ compilers Clang/LLVM and GCC support so-called sanitizers. These sanitizers are built into the application code and track the execution at runtime to report execution errors. There are currently four interesting sanitizers:
- AddressSanitizer and LeakSanitizer
- ThreadSanitizer
- MemorySanitizer
AddressSanitizer and LeakSanitizer
The AddressSanitizer is a memory error detector for C/C++. The LeakSanitizer detects memory leaks and is part of the AddressSanitizer for many operating systems. They detect following errors:
- Use after free (dangling pointer dereference)
- Heap buffer overflow
- Stack buffer overflow
- Global buffer overflow
- Use after return
- Use after scope
- Initialization order bugs
- Memory leaks
In order to activate it for your code, compile it with:
$CC -fsanitize=address -fno-omit-frame-pointer ...
The -fno-omit-frame-pointer
is used for better readability of the error output.
The AddressSanitizer cannot be combined with the ThreadSanitizer
For further information: AddressSanitizer and LeakSanitizer
ThreadSanitizer
ThreadSanitizer is a data race detector for C/C++. Data races are one of the most common and hardest to debug types of bugs in concurrent systems. A data race occurs when two threads access the same variable concurrently and at least one of the accesses is write.
In order to activate it for your code, compile it with:
$CC -fsanitize=thread ...
For further information: ThreadSanitizer
MemorySanitizer
MemorySanitizer is a detector of uninitialized memory reads in C/C++ programs.
Uninitialized values occur when stack- or heap-allocated memory is read before it is written. MemorySanitizer detects cases where such values affect program execution.
MemorySanitizer is bit-exact: it can track uninitialized bits in a bitfield. It will tolerate copying of uninitialized memory, and also simple logic and arithmetic operations with it. In general, MemorySanitizer silently tracks the spread of uninitialized data in memory, and reports a warning when a code branch is taken (or not taken) depending on an uninitialized value.
In order to activate it for your code, compile it with:
$CC -fsanitize=memory -fPIE -pie ...
The -fno-omit-frame-pointer
is used for better readability of the error output.
For further information: MemorySanitizer