C/C++内存检测工具Sanitizers

已于 2023-02-13 17:44:22 修改
阅读量2.4k 收藏
点赞数 1
分类专栏: C/C++ 文章标签: C/C++ 内存检测 sanitizers
于 2023-02-09 15:08:14 首次发布
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/UUUUTaossienUUUU/article/details/128952030
版权

Sanitizers介绍

Sanitizers 是谷歌开源的内存检测工具,包括AddressSanitizer、MemorySanitizer、ThreadSanitizer、LeakSanitizer。
Sanitizers是LLVM的一部分。
gcc4.8:支持Address和Thread Sanitizer。
gcc4.9:支持Leak Sanitizer和UBSanitizer。

注意:gcc不支持MemorySanitizer。

可以支持的内存检测问题:

(1)heap use after free 堆内存释放后继续使用

(2)stack use after return 栈内存函数返回后继续使用

(3)stack use after scope 栈内存在作用域范围外继续使用

(4)heap buffer overflow 堆内存溢出

(5)stack buffer overflow 栈内存溢出

(6)global buffer overflow 全局内存溢出

(7)allocation size too big 堆内存分配较大

(8)memory leaks 内存泄露

(9)double free 堆内存重复释放

(10)initialization order bugs 初始化命令错误

编译参数:
(1)(2)(3)(4)(5)(6)(7):-fsanitize=address
(8):-fsanitize=address 或者 -fsanitize=leak
(9):-fsanitize=address
(10):-fsanitize=memory

编译参数通过 -fsanitize 决定开启 sanitizer:

-fsanitize=address
开启AddressSanitizer(ASan),包括LeakSanitizer(LSan),检测:地址越界 和 内存泄漏。

-fsanitize=leak
开启LeakSanitizer(LSan),检测:内存泄漏。

-fsanitize=address 和 -fsanitize=leak 都能检测 内存泄漏。

-fsanitize=thread
开启ThreadSanitizer(TSan),检测:数据竞争和死锁。

-fsanitize=undefined
开启UndefinedBehaviorSanitizer(UBSsan),检测:未定义行为。

-fsanitize=memory
开启MemorySanitizer(MSan),检测:未初始化内存问题。(gcc不支持MemorySanitizer)

-fno-omit-frame-pointer
检测到内存错误时打印函数调用栈,这个参数一直都带上。

检测案例

编译器:gcc/g++

(1)heap use after free 堆内存释放后继续使用

#include <stdio.h>
int main (int argc, char* argv[]) {
    int* p = new int[100];
    delete [] p;
    int num = p[0];
    return 0;
}

编译命令:
g++ -o out main.cpp -g -fsanitize=address -fno-omit-frame-pointer

执行命令:
./out

=================================================================
==10606==ERROR: AddressSanitizer: heap-use-after-free on address 0x61400000fe40 at pc 0x00000040075d bp 0x7ffe7a4adfe0 sp 0x7ffe7a4adfd8
READ of size 4 at 0x61400000fe40 thread T0
    #0 0x40075c in main /home/code/main.cpp:5
    #1 0x7efec0def504 in __libc_start_main (/lib64/libc.so.6+0x22504)
    #2 0x400628  (/home/code/out+0x400628)

0x61400000fe40 is located 0 bytes inside of 400-byte region [0x61400000fe40,0x61400000ffd0)
freed by thread T0 here:
    #0 0x7efec1ac1f2a in operator delete[](void*) ../../../../libsanitizer/asan/asan_new_delete.cc:96
    #1 0x400725 in main /home/code/main.cpp:4
    #2 0x7efec0def504 in __libc_start_main (/lib64/libc.so.6+0x22504)

previously allocated by thread T0 here:
    #0 0x7efec1ac19ea in operator new[](unsigned long) ../../../../libsanitizer/asan/asan_new_delete.cc:62
    #1 0x40070e in main /home/code/main.cpp:3
    #2 0x7efec0def504 in __libc_start_main (/lib64/libc.so.6+0x22504)

SUMMARY: AddressSanitizer: heap-use-after-free /home/code/main.cpp:5 main
Shadow bytes around the buggy address:
  0x0c287fff9f70: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c287fff9f80: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c287fff9f90: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c287fff9fa0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c287fff9fb0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
=>0x0c287fff9fc0: fa fa fa fa fa fa fa fa[fd]fd fd fd fd fd fd fd
  0x0c287fff9fd0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c287fff9fe0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd
  0x0c287fff9ff0: fd fd fd fd fd fd fd fd fd fd fa fa fa fa fa fa
  0x0c287fffa000: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c287fffa010: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07
  Heap left redzone:       fa
  Heap right redzone:      fb
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack partial redzone:   f4
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
==10606==ABORTING

(2)stack use after return 栈内存函数返回后继续使用

#include <stdio.h>
int* p = NULL;
void fun() {
    int a[10];
    p = a; // 或者 p = &a[0];
}
int main(int argc, char* argv[]) {
    fun();
    int num = p[0];
    return 0;
}

编译命令:
g++ -o out main.cpp -g -fsanitize=address -fno-omit-frame-pointer

执行命令:
ASAN_OPTIONS=detect_stack_use_after_return=1 ./out

注意: 默认没有开启,需要在运行时开启。

=================================================================
==18619==ERROR: AddressSanitizer: stack-use-after-return on address 0x7f4f81500020 at pc 0x0000004008ea bp 0x7fffb49f6700 sp 0x7fffb49f66f8
WRITE of size 4 at 0x7f4f81500020 thread T0
    #0 0x4008e9 in main /home/code/main.cpp:9
    #1 0x7f4f84a7a504 in __libc_start_main (/lib64/libc.so.6+0x22504)
    #2 0x400708  (/home/code/out+0x400708)

Address 0x7f4f81500020 is located in stack of thread T0 at offset 32 in frame
    #0 0x4007e5 in fun() /home/code/main.cpp:3

  This frame has 1 object(s):
    [32, 72) 'a' <== Memory access at offset 32 is inside this variable
HINT: this may be a false positive if your program uses some custom stack unwind mechanism or swapcontext
      (longjmp and C++ exceptions *are* supported)
SUMMARY: AddressSanitizer: stack-use-after-return /home/code/main.cpp:9 main
Shadow bytes around the buggy address:
  0x0fea70297fb0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0fea70297fc0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0fea70297fd0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0fea70297fe0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0fea70297ff0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0fea70298000: f5 f5 f5 f5[f5]f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
  0x0fea70298010: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0fea70298020: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0fea70298030: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0fea70298040: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0fea70298050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07
  Heap left redzone:       fa
  Heap right redzone:      fb
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack partial redzone:   f4
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
==18619==ABORTING

(3)stack use after scope 栈内存在作用域范围外继续使用

暂时还没有找到能够检测出来的样例。

(4)heap buffer overflow 堆内存溢出

#include <stdio.h>
int main (int argc, char* argv[]) {
    int* p = new int[100];
    int num = p[100];
    delete [] p;
    return 0;
}

编译命令:
g++ -o out main.cpp -g -fsanitize=address -fno-omit-frame-pointer

执行命令:
./out

=================================================================
==9226==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x61400000ffd0 at pc 0x000000400750 bp 0x7ffef70c5d80 sp 0x7ffef70c5d78
READ of size 4 at 0x61400000ffd0 thread T0
    #0 0x40074f in main /home/code/main.cpp:4
    #1 0x7f12e7482504 in __libc_start_main (/lib64/libc.so.6+0x22504)
    #2 0x400628  (/home/code/out+0x400628)

0x61400000ffd0 is located 0 bytes to the right of 400-byte region [0x61400000fe40,0x61400000ffd0)
allocated by thread T0 here:
    #0 0x7f12e81549ea in operator new[](unsigned long) ../../../../libsanitizer/asan/asan_new_delete.cc:62
    #1 0x40070e in main /home/code/main.cpp:3
    #2 0x7f12e7482504 in __libc_start_main (/lib64/libc.so.6+0x22504)

SUMMARY: AddressSanitizer: heap-buffer-overflow /home/code/main.cpp:4 main
Shadow bytes around the buggy address:
  0x0c287fff9fa0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c287fff9fb0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c287fff9fc0: fa fa fa fa fa fa fa fa 00 00 00 00 00 00 00 00
  0x0c287fff9fd0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0c287fff9fe0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0c287fff9ff0: 00 00 00 00 00 00 00 00 00 00[fa]fa fa fa fa fa
  0x0c287fffa000: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c287fffa010: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c287fffa020: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c287fffa030: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x0c287fffa040: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07
  Heap left redzone:       fa
  Heap right redzone:      fb
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack partial redzone:   f4
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
==9226==ABORTING

(5)stack buffer overflow 栈内存溢出

#include <stdio.h>
int main(int argc, char* argv[]) {
    int a[2] = {100,200};
    int num = a[2];
    return 0;
}

编译命令:
g++ -o out main.cpp -g -fsanitize=address -fno-omit-frame-pointer

执行命令:
./out

=================================================================
==787==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7ffcade3daa8 at pc 0x0000004007df bp 0x7ffcade3da50 sp 0x7ffcade3da48
READ of size 4 at 0x7ffcade3daa8 thread T0
    #0 0x4007de in main /home/code/main.cpp:4
    #1 0x7f8c39562504 in __libc_start_main (/lib64/libc.so.6+0x22504)
    #2 0x400648  (/home/code/out+0x400648)

Address 0x7ffcade3daa8 is located in stack of thread T0 at offset 40 in frame
    #0 0x400725 in main /home/code/main.cpp:2

  This frame has 1 object(s):
    [32, 40) 'a' <== Memory access at offset 40 overflows this variable
HINT: this may be a false positive if your program uses some custom stack unwind mechanism or swapcontext
      (longjmp and C++ exceptions *are* supported)
SUMMARY: AddressSanitizer: stack-buffer-overflow /home/code/main.cpp:4 main
Shadow bytes around the buggy address:
  0x100015bbfb00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x100015bbfb10: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x100015bbfb20: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x100015bbfb30: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x100015bbfb40: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x100015bbfb50: f1 f1 f1 f1 00[f4]f4 f4 f3 f3 f3 f3 00 00 00 00
  0x100015bbfb60: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x100015bbfb70: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x100015bbfb80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x100015bbfb90: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x100015bbfba0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07
  Heap left redzone:       fa
  Heap right redzone:      fb
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack partial redzone:   f4
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
==787==ABORTING

(6)global buffer overflow 全局内存溢出

#include <stdio.h>
int a[100];
int main(int argc, char* argv[]) {
    int num = a[100];
    return 0;
}

编译命令:
g++ -o out main.cpp -g -fsanitize=address -fno-omit-frame-pointer

执行命令:
./out

=================================================================
==9628==ERROR: AddressSanitizer: global-buffer-overflow on address 0x000000601270 at pc 0x000000400755 bp 0x7ffd15bcd0d0 sp 0x7ffd15bcd0c8
READ of size 4 at 0x000000601270 thread T0
    #0 0x400754 in main /home/code/main.cpp:4
    #1 0x7fc3d46e9504 in __libc_start_main (/lib64/libc.so.6+0x22504)
    #2 0x400648  (/home/code/out+0x400648)

0x000000601270 is located 0 bytes to the right of global variable 'array' defined in 'main.cpp:2:5' (0x6010e0) of size 400
SUMMARY: AddressSanitizer: global-buffer-overflow /home/code/main.cpp:4 main
Shadow bytes around the buggy address:
  0x0000800b81f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0000800b8200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0000800b8210: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0000800b8220: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0000800b8230: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
=>0x0000800b8240: 00 00 00 00 00 00 00 00 00 00 00 00 00 00[f9]f9
  0x0000800b8250: f9 f9 f9 f9 00 00 00 00 00 00 00 00 00 00 00 00
  0x0000800b8260: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0000800b8270: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0000800b8280: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x0000800b8290: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07
  Heap left redzone:       fa
  Heap right redzone:      fb
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack partial redzone:   f4
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
==9628==ABORTING

(7)allocation-size-too-big 堆内存分配较大

#include <stdlib.h>
int main(int argc, char* argv[]) {
    int x = 1000;
    int y = 1000;
    int* p = (int*)malloc(x * y * x * y);
    free(p);
    return 0;
}

编译命令:
g++ -o out main.cpp -g -fsanitize=address -fno-omit-frame-pointer

执行命令:
./out

==8628==WARNING: AddressSanitizer failed to allocate 0xffffffffd4a51000 bytes
==8628==AddressSanitizer's allocator is terminating the process instead of returning 0
==8628==If you don't like this behavior set allocator_may_return_null=1
==8628==AddressSanitizer CHECK failed: ../../../../libsanitizer/sanitizer_common/sanitizer_allocator.cc:147 "((0)) != (0)" (0x0, 0x0)
    #0 0x7f0f1ba1e4f4 in AsanCheckFailed ../../../../libsanitizer/asan/asan_rtl.cc:68
    #1 0x7f0f1ba22f53 in __sanitizer::CheckFailed(char const*, int, char const*, unsigned long long, unsigned long long) ../../../../libsanitizer/sanitizer_common/sanitizer_common.cc:72
    #2 0x7f0f1b99ff81 in __sanitizer::AllocatorReturnNull() ../../../../libsanitizer/sanitizer_common/sanitizer_allocator.cc:147
    #3 0x7f0f1ba211d5 in __sanitizer::AllocatorReturnNull() ../../../../libsanitizer/sanitizer_common/sanitizer_allocator.cc:141
    #4 0x7f0f1b9a563d in Allocate ../../../../libsanitizer/asan/asan_allocator2.cc:298
    #5 0x7f0f1ba16b08 in __interceptor_malloc ../../../../libsanitizer/asan/asan_malloc_linux.cc:39
    #6 0x4006cb in main /home/taomengen/code/7_allocation_size_too_big/main.cpp:7
    #7 0x7f0f1ad45504 in __libc_start_main (/lib64/libc.so.6+0x22504)
    #8 0x4005c8  (/home/taomengen/code/7_allocation_size_too_big/out+0x4005c8)

(8)memory leaks 内存泄露

#include <stdlib.h>
int main(int argc, char *argv[]) {
    int* p = (int*)malloc(10 * sizeof(int));
    return 0;
}

编译命令:
g++ -o out main.cpp -g -fsanitize=address -fno-omit-frame-pointer
或者
g++ -o out main.cpp -g -fsanitize=leak -fno-omit-frame-pointer

执行命令:
./out

=================================================================
==12458==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 40 byte(s) in 1 object(s) allocated from:
    #0 0x7f36642dc5e6 in __interceptor_malloc ../../../../libsanitizer/lsan/lsan_interceptors.cc:51
    #1 0x400611 in main /home/code/main.cpp:3
    #2 0x7f3663692504 in __libc_start_main (/lib64/libc.so.6+0x22504)

SUMMARY: LeakSanitizer: 40 byte(s) leaked in 1 allocation(s).

(9)double free 堆内存重复释放

#include <stdio.h>
int main(int argc, char* argv[]) {
    int* p = new int[10];
    delete [] p;
    delete [] p;
    return 0;
}

编译命令:
g++ -o out main.cpp -g -fsanitize=address -fno-omit-frame-pointer

执行命令:
./out

=================================================================
==31497==ERROR: AddressSanitizer: attempting double-free on 0x60400000dfd0 in thread T0:
    #0 0x7fa32a746f2a in operator delete[](void*) ../../../../libsanitizer/asan/asan_new_delete.cc:96
    #1 0x4006d8 in main /home/code/main.cpp:5
    #2 0x7fa329a74504 in __libc_start_main (/lib64/libc.so.6+0x22504)
    #3 0x4005c8  (/home/code/out+0x4005c8)

0x60400000dfd0 is located 0 bytes inside of 40-byte region [0x60400000dfd0,0x60400000dff8)
freed by thread T0 here:
    #0 0x7fa32a746f2a in operator delete[](void*) ../../../../libsanitizer/asan/asan_new_delete.cc:96
    #1 0x4006c5 in main /home/code/main.cpp:4
    #2 0x7fa329a74504 in __libc_start_main (/lib64/libc.so.6+0x22504)

previously allocated by thread T0 here:
    #0 0x7fa32a7469ea in operator new[](unsigned long) ../../../../libsanitizer/asan/asan_new_delete.cc:62
    #1 0x4006ae in main /home/code/main.cpp:3
    #2 0x7fa329a74504 in __libc_start_main (/lib64/libc.so.6+0x22504)

SUMMARY: AddressSanitizer: double-free ../../../../libsanitizer/asan/asan_new_delete.cc:96 operator delete[](void*)
==31497==ABORTING

(10)initialization order bugs 初始化命令错误

暂时还没有找到能够检测出来的样例。

UUUUTaossienUUUU
关注
  • 1
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 2
    评论
专栏目录
C/C++ 内存泄漏检测工具汇总
Hsy的博客
03-04 1万+
文章目录前言crtdbg使用原理例子Visual Leak Detector(VLD)Checkpoint/DumpStatisticsWindbg腾讯WeTest - TMMIBM purifyVVMapApplication VerifierCppcheck 前言 本文主要记录 Windows 下内存泄漏检测工具;Linux 下首选必须是 Valgrind 啊。 目前待检测的程序采用的是 Qt,由于Qt本身的半自动内存管理机制,因此好用的检测工具真的不容易找…详细可看该篇 Qt浅谈之一:内存泄露(总结)
内存检测工具sanitize
程序员的世界
06-04 7757
以前用过valgrind这个内存泄露检查工具,这个工具相对简单,对于一些复杂的内存泄露可能无法解析出来而且有一个问题就是只有检测的进程退出后才会输出内存泄露信息。 今天介绍的工具sanitize可以在检测内存泄露第一时间立刻终止进程,并且它可以深入检测(随应用进程一起编译)。下面举例说明: #include <stdlib.h> #include <unistd.h&gt...
C/C++内存检测工具valgrind--memcheck
Peerless__的博客
10-09 3007
Valgrind简介 Valgrind是运行在Linux上的一套基于仿真技术的程序调试和分析工具,作者是获得过Google-O’Reilly开源大奖的Julian Seward,它包含一个内核 —— 一个软件合成的CPU,和一系列的小工具,每个工具都可以完成一项任务──调试,分析,或测试等,内存检测,我们可以使用它的工具:Memcheck。 Valgrind安装 方法 1. valgrind官网:http://valgrind.org下载 方法 2. Ubuntu: sudo apt-get install
内存泄漏检测工具Valgrind:C++代码问题检测的利器(一)
QTM_Gitee的博客
06-07 196
Valgrind(瓦尔格林德)是一个开源的内存调试工具,它能帮助我们发现程序中的许多难以察觉的问题,如内存泄漏、数组越界等。它的名字来源于北欧神话中的英灵殿的入口,象征着我们通过它能找到程序中隐藏的问题,就像英灵殿的勇士们找到了英勇的道路。Valgrind的功能强大,但是使用起来并不复杂。在接下来的章节中,我们将详细介绍如何使用Valgrind进行代码问题的检测
gdb 笔记(10)— 检查内存泄漏、堆溢出、栈溢出、全局内存溢出、释放后继续使用
wohu1104的专栏
06-07 6264
(Address Sanitizer)是一个 内存错误检测器,它可以发现很多内存相关的错误,比如内存泄漏、释放之后再次使用、堆内存溢出、栈溢出等。以下代码都使用 编译。编写一段内存泄漏的示例代码,如代码清单所示。简单地使用 和 分配一块内存,但是不释放。...
内存内存检测工具sanitizer[内存泄漏、内存越界] VS valgrind
热门推荐
bandaoyu的note
06-23 1万+
简介 Sanitizers是谷歌发起的开源工具集,包括了AddressSanitizer, MemorySanitizer, ThreadSanitizer, LeakSanitizer,Sanitizers项目本是LLVM项目的一部分,但GNU也将该系列工具加入到了自家的GCC编译器中。GCC从4.8版本开始支持Address和Thread Sanitizer,4.9版本开始支持Leak Sanitizer和UB Sanitizer,这些都是查找隐藏Bug的利器。 valgrind特点: 这个.
Linux在堆上分配内存相关知识以及内存泄漏分析方法
weixin_38331755的博客
04-05 1130
Linux内存泄漏等问题分析工具
【C语言刷LeetCode】Address Sanitizer 常见报错
kinbo88的专栏
03-01 1万+
LeetCode使用 AddressSanitizer 检查内存是否存在非法访问,报此错,主要是访问了非法内容。 Address Sanitizer(ASan)是google开发一个快速的内存错误检测工具,性能据说比valgrind要好不少,可以配合clang或者GCC编译器使用,GCC需要4.8及以上版本。 详细了解AddressSanitizer信息可以访问其github项目地址:http...
内存检测工具:sanitizer
Al_xin的专栏
08-25 8223
1. 背景 内存泄漏是一个比较常见的问题,之前使用的是valgrind来实现内存检查的情况比较多,这里介绍一种更加便利的内存检测工具, 那就是gcc自带的sanitizer。 2. sanitizer 的用法 2.1 sanitizer的基本简介 Sanitizers 是谷歌发起的开源工具集,包括AddressSanitizer,MemorySanitizer, ThreadSanitizer, LeakSanitizer, Sanitizers项目本身是llvm项目的一部分, gcc自带的工具, gcc从
Python-addresssanitizer一个快速的内存错误检测
08-12
**Python AddressSanitizer:快速...总的来说,AddressSanitizer是调试Python项目中C/C++扩展模块内存问题的强大工具。通过正确地集成和使用,开发者可以提高代码质量,减少由于内存管理错误导致的程序崩溃和安全漏洞。
第三次作业实验报告1
08-03
为了检测这类问题,我们使用了ThreadSanitizer(TSan),这是一个C/C++的数据竞争检测工具。TSan通过插入运行时检查来检测线程间的不安全交互。 在Linux环境下,安装LLVM和Clang后,可以创建测试程序,然后使用`-...
Linux Kernel Sanitizers
最新发布
06-22
Linux是一套免费使用和自由传播的类Unix操作系统,由林纳斯·托瓦兹于1991年首次发布。 Linux不仅是一个强大的操作系统,也是一个庞大的技术生态系统,涵盖了从服务器到个人电脑的各种应用场景。...
pytorch-sanitizers
03-10
PyTorch-Sanitizers通过提供一系列的检查和验证工具,帮助开发者检测和修复潜在的问题,从而确保模型在训练和部署过程中的可靠性。 首先,我们要理解在深度学习中,模型的安全性和健壮性是什么。安全性涉及到模型在...
c++使用sanitizer代码分析
qq_37868450的博客
07-15 6613
sanitizer Sanitizers(请参考https://github.com/google/Sanitizers )已经成为静态和动态代码分析的非常有用的工具。通过使用适当的标志重新编译代码并链接到必要的库,可以检查内存错误(地址清理器)、未初始化的读取(内存清理器)、线程安全(线程清理器)和未定义的行为(未定义的行为清理器)相关的问题。与同类型分析工具相比,Sanitizers带来的性能损失通常要小得多,而且往往提供关于检测到的问题的更详细的信息。缺点是,代码(可能还有工具链的一部分)需要使用附加
【Asan】工欲善其事必先利其器——AddressSanitizer
qq_43331089的博客
05-05 3485
【Asan】工欲善其事必先利其器——AddressSanitizer 背景介绍 自操作系统诞生以来,编写内存安全的代码一直是一个比较困难的问题 (另一个问题则是保证线程安全)。2004 年以来,微软安全响应中心(MSRC)已对所有报告过的微软安全漏洞进行了分类。根据他们提供的数据,所有微软年度补丁中约有 70% 是针对内存安全漏洞的修复程序。 由于 C/C++ 不是一门内存安全的语言,所以此类问题会经常遇到。而在项目开发中,相关 bug 的定位、解决速度可能影响着项目的整个进度,因此开发者们亟需一个内存检测
OSDev——GCC交叉编译器
lrcno6的编程世界
01-26 918
本教程的重点是为您自己的操作系统创建GCC交叉编译器。我们在这里构建的这个编译器会生成统一的目标架构(i686-elf),它让你可以编译时无视当前的操作系统,这意味着不会使用您的主机操作系统的任何头文件和库。你需要一个用于操作系统开发的交叉编译器,否则会发生很多意想不到的事情,因为编译器假定你的代码在你的主机操作系统上运行 介绍 一般来说,交叉编译器是在平台 A(主机平台)上运行,但为平台 B(目标平台)生成可执行文件的编译器。这两个平台可能(但不一定)在CPU、操作系统和/或可执行文件格式方面有所不同。
libsanitizer/sanitizer_common/sanitizer_platform_limits_posix.cc
我思故我在!
01-06 1344
libsanitizer/sanitizer_common/sanitizer_platform_limits_posix.cc:153:23: fatal error: sys/ustat.h: No such file or directory #include <sys/ustat.h> root@wesley:~/gcc-6.4.0/gcc-build-6.4.0# find / -name sanitizer_platform_limits_posix.cc find: ‘/h.
C/C++ 内存治理神器 - Google Sanitizers
记录学习的过程
07-12 4965
Google sanitizers 简介;Mac 使用内存泄漏检查;CLion 中使用 asan
LLVM Compiler-rt简介:RISC-V支持与工作进展
这些库包括Sanitizers内存安全检查工具)、KernelSanitizers(内核级错误检测)和其他辅助工具,如HWASan(硬件辅助内存错误检测)和JExtension,它们在调试和性能优化中扮演着关键角色。 RISC-V是一种开放源代码...
评论 2
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值