【C语言工具】AddressSanitizer

Github 地址：https://github.com/google/sanitizers
Wiki 地址：https://github.com/google/sanitizers/wiki/AddressSanitizer

参考：
基本使用：https://blog.csdn.net/c_lazy/article/details/80009627
输出信息的详细解释：https://www.jianshu.com/p/3a2df9b7c353

AddressSanitizer（地址杀菌剂，简称 ASan） 是谷歌出品的内存检查工具，比 Valgrind 更高效。其由两部组成：

• 编译器 instrumentation 模块
• 提供malloc()/free()替代项的运行时库

gcc 4.8 开始，AddressSanitizer 成为 gcc 的一部分，但不支持符号信息，无法显示出问题的函数和行数。从 4.9 开始，gcc 支持 AddressSanitizer 的所有功能。

安装

Ubuntu 一般不用安装，CentOS 一般需要安装。

如果使用 AddressSanitizer 时报错：

/usr/bin/ld: cannot find /usr/lib64/libasan.so.0.0.0

则需要先安装。Ubuntu 安装命令：

sudo apt-get install libasan0

CentOS 安装命令：

sudo yum install libasan

使用

在用 gcc 编译程序时，指定 -fsanitize=address 选项即可自动调用 AddressSanitizer。运行程序时，就可以看到相关信息。

通过 -g 选项，可以看到报错的函数和行号。

编译

gcc -fsanitize=address -g twoSum.c

运行

运行上面编译的结果，如果报错，会打印详细信息：

$ ./a.out
=================================================================
==5343==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7ffee7f9dde8 at pc 0x55d6a041bd9b bp 0x7ffee7f9dce0 sp 0x7ffee7f9dcd0
READ of size 8 at 0x7ffee7f9dde8 thread T0
    #0 0x55d6a041bd9a in insertHashTable /home/ubuntu/test/leetcode/twoSum.c:23
    #1 0x55d6a041c284 in twoSum /home/ubuntu/test/leetcode/twoSum.c:73
    #2 0x55d6a041c6cc in main /home/ubuntu/test/leetcode/twoSum.c:94
    #3 0x7f96a8c2db96 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b96)
    #4 0x55d6a041bb79 in _start (/home/ubuntu/test/leetcode/a.out+0xb79)

Address 0x7ffee7f9dde8 is located in stack of thread T0 at offset 120 in frame
    #0 0x55d6a041c11d in twoSum /home/ubuntu/test/leetcode/twoSum.c:67

  This frame has 1 object(s):
    [32, 112) 'ht' <== Memory access at offset 120 overflows this variable
HINT: this may be a false positive if your program uses some custom stack unwind mechanism or swapcontext
      (longjmp and C++ exceptions *are* supported)
SUMMARY: AddressSanitizer: stack-buffer-overflow /home/ubuntu/test/leetcode/twoSum.c:23 in insertHashTable
Shadow bytes around the buggy address:
  0x10005cfebb60: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x10005cfebb70: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x10005cfebb80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x10005cfebb90: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x10005cfebba0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1
=>0x10005cfebbb0: f1 f1 00 00 00 00 00 00 00 00 00 00 f2[f2]00 00
  0x10005cfebbc0: 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1 04 f2
  0x10005cfebbd0: f2 f2 f2 f2 f2 f2 00 00 04 f2 00 00 00 00 00 00
  0x10005cfebbe0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x10005cfebbf0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x10005cfebc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
==5343==ABORTING

详细信息可以参考上面的参考目录。