AddressSanitizer (ASan) is a C++ tool that finds memory bugs at runtime, such as use-after-free and out-of-bounds accesses. It is part of LLVM. At Google, we use ASan extensively. I just read the ASan paper to understand how it works. The paper itself is very readable. Here is a quick summary. At compile time, ASan instruments memory accesses in the code, and at runtime it checks if the access is legitimate, by using shadow memory. ASan uses a custom allocator instead of malloc. Shadow memory is memory allocated by the program such that every ordinary application address X has a corresponding shadow address Y, where metadata about X can be stored. You can map X to Y by a direct scale and offset, in which case the whole application address space is mapped to a single shadow address space, or you can map X to Y using table lookups (runs slower but is more flexible). At compile time, ASan creates poisoned redzones around stack and global data. At runtime, it creates poisoned redzones aro
- Get link
- X
- Other Apps