Skip to main content

Extend your list of debug tools with Sanitizers

How many ways to check if code is OK do you know? Probably the one would make a list with debuggers, logging, static/dynamic checkers, profilers and some other tools. The tools the one has in the list are there cause they've been checked with a time. They don't cover all the possible cases of mistakes that could be made during coding phase of a project, but they cover necessary minimum. Today we will try to extend our tool set with a young tools that already got into clang and if you have clang on your machine you can give it a try.

The tools I'm talking about are called sanitizers. The idea of sanitizers was introduced by Google developers. On one of main conference a developer showed sanitizers and fuzz testing solution they were applying to a project they were working on. I was astonished by how well they've decompounded the process of development and analyzed all of it's parts. They developed tools to detect bugs in their code and get rid of it during all phases of development of the project.

In this article I'm describing sanitizers and somewhere in the future I'll write an article on fuzz testing.

So let's see what is sanitizers and how to use them, shall we?

Sanitizers are set of libraries that covers a ranges of bugs and errors that could occur, while developing a piece of code. Sanitizers were developed by google and currently can be obtained from official github repository.

There is AddressSanitizer, LeakSanitizer, ThreadSanitizer and MemorySanitizer.

AddressSanitizer (aka asan) allows to detect memory related issues such as:
  • usage of pointer after being freed
  •  heap buffer overflow
  • stack buffer overflow
  • global buffer overflow
  • use after return
  • use after scope
  • initialization order bugs
  • memory leaks
The tool is really fast so if you have some problems with memory - give it a try. It's a part of LLVM starting with 3.1 and part of GCC starting 4.8.

Usage is pretty simple - apply a -fsanitize=address flag on compilation to turn on the code.

LeakSanitizer (aka lsan) this one became a part of asan but there is a standalone mode which can be turned on by applying -fsanitize=leak.

ThreadSanitizer (aka tsan) checks for race conditions. It's a part of LLVM 3.2 and part of GCC 4.8. Slowdown can be huge - 2-20x, but it varies of project it's applied to. To apply it use -fsanitize=thread with -O1 in order you have reasonable performance.

MemorySanitizer (aka msan) detects uninitialized memory read attempts. For example if value is read before it is written. At the time of the article was created msan is a part of LLVM 3.3. The one works pretty fast - about 1.5-2.5x slowdown. This sanitizer is significantly faster than Memcheck tool. To use it you have to provide -fsanitize=memory -fPIE -pie to a compiler.

Sanitizers library grant a huge support in finding some tricky problems and let your code be a bit more safer and faster.

Popular posts from this blog

Tuples: are they useful?

In some languages there is such a thing as tuple which makes real to write such code (this time it's in python):

def f(x):
 # do stuff return (True, modified_string)

success, modified_string = f(something) 
C++ hadn't such feature until C++11. That was one of the reasons to pass variable as referenced argument, which ended up creating huge code bases that have unused arguments in it's functions. That happened in order to save revers compatibility and allow clients to use stable interfaces to access libraries without checking the version of dynamically attached library in order to use correct functions.

Templates and how to fold them

Variadic templates appeared in C++11 to cover such cases when you would have a template functions that could have a numerous members of different types. Doesn't it remind you of variadic functions that uses va_start, va_arg, va_end and so others? Cause it should be.