AddressSanitizer

• Introduction
• Usage
  • __has_feature(address_sanitizer)
• Supported Platforms
• Limitations
• Current Status

Introduction

AddressSanitizer is a fast memory error detector. It consists of a compiler instrumentation module and a run-time library. The tool can detect the following types of bugs:

• Out-of-bounds accesses to
  • heap
  • stack
  • globals
• Use-after-free
• Use-after-return (to some extent)
• Double-free

Typical slowdown introduced by AddressSanitizer is 2x.

Usage

In order to use AddressSanitizer simply compile and link your program with -faddress-sanitizer flag. To get a reasonable performance add -O1 or higher. If a bug is detected, the program will print an error message and exit with a non-zero exit code.

__has_feature(address_sanitizer)

In some cases one may need to execute different code depending on whether AddressSanitizer is enabled. __has_feature can be used for this purpose.

#if defined(__has_feature) && __has_feature(address_sanitizer)
  code that runs only under AddressSanitizer
#else
  code that does not run under AddressSanitizer
#endif

Supported Platforms

AddressSanitizer is supported on the following platforms:

• Linux
  • i386
  • x86_64
  • ARM
• Darwin
  • i386
  • x86_64

Limitations

• AddressSanitizer uses more real memory than a native run. How much -- depends on the allocations sizes. The smaller the allocations you make the bigger the overhead.
• On 64-bit platforms AddressSanitizer maps (but not reserves) 16+ Terabytes of virtual address space. This means that tools like ulimit may not work as usually expected.
• Static linking is not supported.

Current Status

AddressSanitizer is work-in-progress and is not yet fully functional in the LLVM/Clang head. For the up-to-date usable version and full documentation refer to http://code.google.com/p/address-sanitizer.