blob: 936899a09865a34565b1711bebf4610a31d15be4 [file] [log] [blame]
Kostya Serebryanyce98c9b2011-11-28 20:51:02 +00001<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"
2 "http://www.w3.org/TR/html4/strict.dtd">
3<!-- Material used from: HTML 4.01 specs: http://www.w3.org/TR/html401/ -->
4<html>
5<head>
6 <META http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
7 <title>AddressSanitizer, a fast memory error detector</title>
8 <link type="text/css" rel="stylesheet" href="../menu.css">
9 <link type="text/css" rel="stylesheet" href="../content.css">
10 <style type="text/css">
11 td {
12 vertical-align: top;
13 }
14 </style>
15</head>
16<body>
17
18<!--#include virtual="../menu.html.incl"-->
19
Kostya Serebryany7a31d7b2011-11-28 22:34:10 +000020<div id="content">
21
Kostya Serebryanyce98c9b2011-11-28 20:51:02 +000022<h1>AddressSanitizer</h1>
23<ul>
24 <li> <a href="intro">Introduction</a>
Kostya Serebryany2e173222011-12-12 23:22:31 +000025 <li> <a href="howtobuild">How to Build</a>
Kostya Serebryanyce98c9b2011-11-28 20:51:02 +000026 <li> <a href="usage">Usage</a>
27 <ul><li> <a href="has_feature">__has_feature(address_sanitizer)</a></ul>
28 <li> <a href="platforms">Supported Platforms</a>
29 <li> <a href="limitations">Limitations</a>
30 <li> <a href="status">Current Status</a>
Kostya Serebryany2e173222011-12-12 23:22:31 +000031 <li> <a href="moreinfo">More Information</a>
Kostya Serebryanyce98c9b2011-11-28 20:51:02 +000032</ul>
33
34<h2 id="intro">Introduction</h2>
35AddressSanitizer is a fast memory error detector.
36It consists of a compiler instrumentation module and a run-time library.
37The tool can detect the following types of bugs:
Kostya Serebryany2e173222011-12-12 23:22:31 +000038<ul> <li> Out-of-bounds accesses to heap, stack and globals
Kostya Serebryanyce98c9b2011-11-28 20:51:02 +000039 <li> Use-after-free
40 <li> Use-after-return (to some extent)
Kostya Serebryany2e173222011-12-12 23:22:31 +000041 <li> Double-free, invalid free
Kostya Serebryanyce98c9b2011-11-28 20:51:02 +000042</ul>
43Typical slowdown introduced by AddressSanitizer is <b>2x</b>.
44
Kostya Serebryany2e173222011-12-12 23:22:31 +000045<h2 id="howtobuild">How to build</h2>
Kostya Serebryanyabc31ca2012-03-15 16:20:29 +000046Follow the <a href="../get_started.html">clang build instructions</a>. <BR>
47Note: CMake build does not work yet.
48See <a href "http://llvm.org/bugs/show_bug.cgi?id=12272">bug 12272</a>.
Kostya Serebryany2e173222011-12-12 23:22:31 +000049
Benjamin Kramer665a8dc2012-01-15 15:26:07 +000050<h2 id="usage">Usage</h2>
Kostya Serebryany2e173222011-12-12 23:22:31 +000051Simply compile and link your program with <tt>-faddress-sanitizer</tt> flag. <BR>
52To get a reasonable performance add <tt>-O1</tt> or higher. <BR>
Kostya Serebryanye683fd92012-01-06 17:35:27 +000053To get nicer stack traces in error messages add
54<tt>-fno-omit-frame-pointer</tt>. <BR>
Kostya Serebryanyf5249f52012-01-23 18:50:23 +000055To get perfect stack traces you may need to disable inlining (just use <tt>-O1</tt>) and tail call
56elimination (</tt>-fno-optimize-sibling-calls</tt>).
Kostya Serebryany2e173222011-12-12 23:22:31 +000057
58<pre>
59% cat example_UseAfterFree.cc
60int main(int argc, char **argv) {
61 int *array = new int[100];
62 delete [] array;
63 return array[argc]; // BOOM
64}
65</pre>
66
67<pre>
Kostya Serebryanye683fd92012-01-06 17:35:27 +000068% clang -O1 -g -faddress-sanitizer -fno-omit-frame-pointer example_UseAfterFree.cc
Kostya Serebryany2e173222011-12-12 23:22:31 +000069</pre>
70
71If a bug is detected, the program will print an error message to stderr and exit with a
Kostya Serebryanyb8769932011-12-02 00:24:42 +000072non-zero exit code.
Kostya Serebryany2e173222011-12-12 23:22:31 +000073Currently, AddressSanitizer does not symbolize its output, so you may need to use a
74separate script to symbolize the result offline (this will be fixed in future).
75<pre>
76% ./a.out 2> log
77% projects/compiler-rt/lib/asan/scripts/asan_symbolize.py / < log | c++filt
78==9442== ERROR: AddressSanitizer heap-use-after-free on address 0x7f7ddab8c084 at pc 0x403c8c bp 0x7fff87fb82d0 sp 0x7fff87fb82c8
79READ of size 4 at 0x7f7ddab8c084 thread T0
80 #0 0x403c8c in main example_UseAfterFree.cc:4
81 #1 0x7f7ddabcac4d in __libc_start_main ??:0
820x7f7ddab8c084 is located 4 bytes inside of 400-byte region [0x7f7ddab8c080,0x7f7ddab8c210)
83freed by thread T0 here:
84 #0 0x404704 in operator delete[](void*) ??:0
85 #1 0x403c53 in main example_UseAfterFree.cc:4
86 #2 0x7f7ddabcac4d in __libc_start_main ??:0
87previously allocated by thread T0 here:
88 #0 0x404544 in operator new[](unsigned long) ??:0
89 #1 0x403c43 in main example_UseAfterFree.cc:2
90 #2 0x7f7ddabcac4d in __libc_start_main ??:0
91==9442== ABORTING
92</pre>
Kostya Serebryanyce98c9b2011-11-28 20:51:02 +000093
94<h3 id="has_feature">__has_feature(address_sanitizer)</h3>
95In some cases one may need to execute different code depending on whether
96AddressSanitizer is enabled.
97<a href="LanguageExtensions.html#__has_feature_extension">__has_feature</a>
98can be used for this purpose.
99<pre>
Benjamin Kramer665a8dc2012-01-15 15:26:07 +0000100#if defined(__has_feature) &amp;&amp; __has_feature(address_sanitizer)
Kostya Serebryanyce98c9b2011-11-28 20:51:02 +0000101 code that runs only under AddressSanitizer
102#else
103 code that does not run under AddressSanitizer
104#endif
105</pre>
106
107<h2 id="platforms">Supported Platforms</h2>
Kostya Serebryany2e173222011-12-12 23:22:31 +0000108AddressSanitizer is supported on
109<ul><li>Linux x86_64 (tested on Ubuntu 10.04).
110<li>MacOS 10.6 i386/x86_64.
Kostya Serebryanyce98c9b2011-11-28 20:51:02 +0000111</ul>
Kostya Serebryanyabc31ca2012-03-15 16:20:29 +0000112Support for Linux i386/ARM and MacOS 10.7 is in progress
113(it may work, but is not guaranteed too).
114
Kostya Serebryanyce98c9b2011-11-28 20:51:02 +0000115
116<h2 id="limitations">Limitations</h2>
117<ul>
118 <li> AddressSanitizer uses more real memory than a native run.
119 How much -- depends on the allocations sizes. The smaller the
120 allocations you make the bigger the overhead.
121 <li> On 64-bit platforms AddressSanitizer maps (but not reserves)
122 16+ Terabytes of virtual address space.
123 This means that tools like <tt>ulimit</tt> may not work as usually expected.
124 <li> Static linking is not supported.
125</ul>
126
127
128<h2 id="status">Current Status</h2>
Kostya Serebryany2e173222011-12-12 23:22:31 +0000129AddressSanitizer is fully functional on supported platforms in LLVM head.
130However, the test suite is not fully integrated yet and we lack the testing
131process (buildbots).
132
133<h2 id="moreinfo">More Information</h2>
Kostya Serebryanyce98c9b2011-11-28 20:51:02 +0000134<a href="http://code.google.com/p/address-sanitizer/">http://code.google.com/p/address-sanitizer</a>.
135
136
Kostya Serebryany7a31d7b2011-11-28 22:34:10 +0000137</div>
Kostya Serebryanyce98c9b2011-11-28 20:51:02 +0000138</body>
139</html>