AddressSanitizer: A Fast Address Sanity Checker
Venue
USENIX ATC 2012
Publication Year
2012
Authors
Konstantin Serebryany, Derek Bruening, Alexander Potapenko, Dmitry Vyukov
BibTeX
Abstract
Memory access bugs, including buffer overflows and uses of freed heap memory, remain
a serious problem for programming languages like C and C++. Many memory error
detectors exist, but most of them are either slow or detect a limited set of bugs,
or both. This paper presents AddressSanitizer, a new memory error detector. Our
tool finds out-of-bounds accesses to heap, stack, and global objects, as well as
use-after-free bugs. It employs a specialized memory allocator and code
instrumentation that is simple enough to be implemented in any compiler, binary
translation system, or even in hardware. AddressSanitizer achieves efficiency
without sacrificing comprehensiveness. Its average slowdown is just 73% yet it
accurately detects bugs at the point of occurrence. It has found over 300
previously unknown bugs in the Chromium browser and many bugs in other software.
