How many ways to check if code is OK do you know? Probably the one would make a list with debuggers, logging, static/dynamic checkers, profilers and some other tools. The tools the one has in the list are there cause they've been checked with a time. They don't cover all the possible cases of mistakes that could be made during coding phase of a project, but they cover necessary minimum. Today we will try to extend our tool set with a young tools that already got into clang and if you have clang on your machine you can give it a try.
The tools I'm talking about are called sanitizers. The idea of sanitizers was introduced by Google developers. On one of main conference a developer showed sanitizers and fuzz testing solution they were applying to a project they were working on. I was astonished by how well they've decompounded the process of development and analyzed all of it's parts. They developed tools to detect bugs in their code and get rid of it during all phases of development of the project.
In this article I'm describing sanitizers and somewhere in the future I'll write an article on fuzz testing.
So let's see what is sanitizers and how to use them, shall we?
Sanitizers are set of libraries that covers a ranges of bugs and errors that could occur, while developing a piece of code. Sanitizers were developed by google and currently can be obtained from official github repository.
There is AddressSanitizer, LeakSanitizer, ThreadSanitizer and MemorySanitizer.
AddressSanitizer (aka asan) allows to detect memory related issues such as:
Usage is pretty simple - apply a -fsanitize=address flag on compilation to turn on the code.
LeakSanitizer (aka lsan) this one became a part of asan but there is a standalone mode which can be turned on by applying -fsanitize=leak.
ThreadSanitizer (aka tsan) checks for race conditions. It's a part of LLVM 3.2 and part of GCC 4.8. Slowdown can be huge - 2-20x, but it varies of project it's applied to. To apply it use -fsanitize=thread with -O1 in order you have reasonable performance.
MemorySanitizer (aka msan) detects uninitialized memory read attempts. For example if value is read before it is written. At the time of the article was created msan is a part of LLVM 3.3. The one works pretty fast - about 1.5-2.5x slowdown. This sanitizer is significantly faster than Memcheck tool. To use it you have to provide -fsanitize=memory -fPIE -pie to a compiler.
Sanitizers library grant a huge support in finding some tricky problems and let your code be a bit more safer and faster.
The tools I'm talking about are called sanitizers. The idea of sanitizers was introduced by Google developers. On one of main conference a developer showed sanitizers and fuzz testing solution they were applying to a project they were working on. I was astonished by how well they've decompounded the process of development and analyzed all of it's parts. They developed tools to detect bugs in their code and get rid of it during all phases of development of the project.
In this article I'm describing sanitizers and somewhere in the future I'll write an article on fuzz testing.
So let's see what is sanitizers and how to use them, shall we?
Sanitizers are set of libraries that covers a ranges of bugs and errors that could occur, while developing a piece of code. Sanitizers were developed by google and currently can be obtained from official github repository.
There is AddressSanitizer, LeakSanitizer, ThreadSanitizer and MemorySanitizer.
AddressSanitizer (aka asan) allows to detect memory related issues such as:
- usage of pointer after being freed
- heap buffer overflow
- stack buffer overflow
- global buffer overflow
- use after return
- use after scope
- initialization order bugs
- memory leaks
Usage is pretty simple - apply a -fsanitize=address flag on compilation to turn on the code.
LeakSanitizer (aka lsan) this one became a part of asan but there is a standalone mode which can be turned on by applying -fsanitize=leak.
ThreadSanitizer (aka tsan) checks for race conditions. It's a part of LLVM 3.2 and part of GCC 4.8. Slowdown can be huge - 2-20x, but it varies of project it's applied to. To apply it use -fsanitize=thread with -O1 in order you have reasonable performance.
MemorySanitizer (aka msan) detects uninitialized memory read attempts. For example if value is read before it is written. At the time of the article was created msan is a part of LLVM 3.3. The one works pretty fast - about 1.5-2.5x slowdown. This sanitizer is significantly faster than Memcheck tool. To use it you have to provide -fsanitize=memory -fPIE -pie to a compiler.
Sanitizers library grant a huge support in finding some tricky problems and let your code be a bit more safer and faster.