Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Memory/Address Sanitizer vs Valgrind

Tags:

valgrind

address-sanitizer

memory-sanitizer

I want some tool to diagnose use-after-free bugs and uninitialized bugs. I am considering Sanitizer(Memory and/or Address) and Valgrind. But I have very little idea about their advantages and disadvantages. Can anyone tell the main features, differences and pros/cons of Sanitizer and Valgrind?

Edit: I found some of comparisons like: Valgrind uses DBI(dynamic binary instrumentation) and Sanitizer uses CTI(compile-time instrumentation). Valgrind makes the program much slower(20x) whether Sanitizer runs much faster than Valgrind(2x). If anyone can give me some more important points to consider, it will be a great help.

like image 837
kayas Avatar asked Nov 12 '17 17:11

kayas

People also ask

Can valgrind miss memory leaks?

valgrind doesn't treat this as a leak; it assumes you needed that memory up to the end of the program and are relying on it to be automatically freed at exit. If that's not your philosophy, then you can interpret the "still reachable" entry as leaks.

Can valgrind detect memory corruption?

Valgrind Memcheck is a tool that detects memory leaks and memory errors. Some of the most difficult C bugs come from mismanagement of memory: allocating the wrong size, using an uninitialized pointer, accessing memory after it was freed, overrunning a buffer, and so on.

How does memory Sanitizer work?

AddressSanitizer consists of two parts: an instrumen- tation module and a run-time library. The instrumen- tation module modifies the code to check the shadow state for each memory access and creates poisoned red- zones around stack and global objects to detect overflows and underflows.

How does address Sanitizer work?

AddressSanitizer (or ASan) is an open source programming tool that detects memory corruption bugs such as buffer overflows or accesses to a dangling pointer (use-after-free). AddressSanitizer is based on compiler instrumentation and directly mapped shadow memory.

2 Answers

I think you'll find this wiki useful.

TLDR main advantages of sanitizers are

  • much smaller CPU overheads (Lsan is practically free, UBsan is 1.25x, Asan and Msan are 2-4x for computationally intensive tasks and 1.05-1.1x for GUIs, Tsan is 5-15x)
  • wider class of detected errors (stack and global overflows, use-after-return)
  • full support of multi-threaded apps (Valgrind support for multi-threading is a joke)
  • much smaller memory overhead (up to 2x for Asan, up to 3x for Msan, up to 10x for Tsan which is way better than Valgrind)

Disadvantages are

  • more complicated integration (you need to teach your build system to understand Asan and sometimes work around limitations/bugs in Asan itself, you also need to use relatively recent compiler)
  • MemorySanitizer is not reall^W easily usable at the moment as it requires one to rebuild all dependencies under Msan (including all standard libraries e.g. libstdc++); this means that casual users can only use Valgrind for detecting uninitialized errors
  • sanitizers typically can not be combined with each other (the only supported combination is Asan+UBsan+Lsan) which means that you'll have to do separate QA runs to catch all types of bugs
like image 199
yugr Avatar answered Sep 25 '22 14:09

yugr

One big difference is that the LLVM-included memory and thread sanitizers implicitly map huge swathes of address space (e.g., by calling mmap(X, Y, 0, MAP_NORESERVE|MAP_ANONYMOUS|MAP_FIXED|MAP_PRIVATE, -1, 0) across terabytes of address space in the x86_64 environment). Even though they don't necessarily allocate that memory, the mapping can play havoc with restrictive environments (e.g., ones with reasonable settings for ulimit values).

like image 44
jhfrontz Avatar answered Sep 22 '22 14:09

jhfrontz
Sign in to Comment

Related questions

valgrind memory leak errors when using pthread_create
How do I add valgrind tests to my cmake "test" target
How do I make ctest run a program with valgrind without dart?
Should I use Helgrind or DRD for thread error detection?
Why does this code not result in a memory leak? [duplicate]
How to build and install Valgrind on Mac?
Valgrind Unrecognised instruction
How to install Valgrind on macOS Catalina (10.15) with Homebrew?
Error installing valgrind
Why does valgrind say basic SDL program is leaking memory?
valgrind - Address ---- is 0 bytes after a block of size 8 alloc'd
Terminate process running inside valgrind
Windows Callgrind results browser, alternative to KCacheGrind [closed]
How do you tell Valgrind to completely suppress a particular .so file?
How can I use valgrind with Python C++ extensions?
Is it overkill to run the unit test with Valgrind?
use valgrind to know time(in seconds) spent in each function
Valgrind: can possibly lost be treated as definitely lost?
Helgrind (Valgrind) and OpenMP (C): avoiding false positives?
Are there any alternatives to valgrind on Mac OS X Mountain Lion and Mavericks to detect memory leaks for C/C++ applications? [closed]

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!