langston-barrrett.github.io

Sanitizers

Sanitizers are code that turn less-than-fatal undefined behavior (use-after-free, signed integer wrap, etc.) into fatal errors. They are often used with fuzzers and in test suites.

• AddressSanitizer, GWP-ASan (see also efence for a historical version and scudo for a more lightweight approach)
• MemorySanitizer
• UndefinedBehaviorSanitizer
• ThreadSanitizer
• others…

How-To

Here's how to use them in a Makefile:

CLANG ?= clang
CFLAGS ?= -Werror -Wall -fsanitize=address -fno-omit-frame-pointer -O1
CC ?= $(CLANG)

AdressSanitizer wants -fno-omit-frame-pointer for error messages and -O1 for performance.

For CMake builds, try

-DCMAKE_C_FLAGS="-fsanitize=address -fno-omit-frame-pointer -O1"
-DCMAKE_CXX_FLAGS="-fsanitize=address -fno-omit-frame-pointer -O1"
-DLDFLAGS="-fsanitize=address"

Though CMake will cache the LDFLAGS so you might have to rebuild more!

You can disable leak checking:

export ASAN_OPTIONS=detect_leaks=0

Sanitizing Shared Objects

You can run shared objects with sanitizers even if they are loaded by an unsanitized executable by using the LD_PRELOAD trick.

Error Messages

Missing Symbols

Did you put the sanitizer shared libraries on LD_PRELOAD?

UBSan: Undefined Reference to Typeinfo

Try enabling RTTI or the -fno-sanitize=vptr flag (StackOverflow).