Address Sanitizer is a compile time tool that instruments C/C++ applications before running memory corruption and memory leak tests. Due to the extra instrumentation, the performance of the resulting binary is reduced so I wouldn’t recommend it for release builds. But it’s a great tool for debugging your code prior to release.
For GCC or clang C/C++ compilers, the steps are as simple as:
- Compile the binaries to be tested with “–fsanitize=address” flag. There are many options that you can tweak.
- Run the binaries
Clang has had Address Sanitizer since v3.0, and it was recently introduced in GCC 4.8. GCC 4.9 introduced the leak detection feature for the tool.
5 Reasons to Try Address Sanitizer
- Speed, it’s much faster than run time tools like Valgrind.
- It’s better at detecting memory corruptions that are harder to find with run time only tools such as most stack-based memory problems .
- Easier to exclude third party code since you aren’t scanning a binary/ executable that could have 3rd parties.
- Less false positives.
- It’s easier to automate.