[cfe-commits] r146446 - /cfe/trunk/docs/AddressSanitizer.html

Kostya Serebryany kcc at google.com
Mon Dec 12 15:22:31 PST 2011

Author: kcc
Date: Mon Dec 12 17:22:31 2011
New Revision: 146446

URL: http://llvm.org/viewvc/llvm-project?rev=146446&view=rev
[asan] update asan docs


Modified: cfe/trunk/docs/AddressSanitizer.html
URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/docs/AddressSanitizer.html?rev=146446&r1=146445&r2=146446&view=diff
--- cfe/trunk/docs/AddressSanitizer.html (original)
+++ cfe/trunk/docs/AddressSanitizer.html Mon Dec 12 17:22:31 2011
@@ -22,30 +22,68 @@
   <li> <a href="intro">Introduction</a>
+  <li> <a href="howtobuild">How to Build</a>
   <li> <a href="usage">Usage</a>
     <ul><li> <a href="has_feature">__has_feature(address_sanitizer)</a></ul>
   <li> <a href="platforms">Supported Platforms</a>
   <li> <a href="limitations">Limitations</a>
   <li> <a href="status">Current Status</a>
+  <li> <a href="moreinfo">More Information</a>
 <h2 id="intro">Introduction</h2>
 AddressSanitizer is a fast memory error detector.
 It consists of a compiler instrumentation module and a run-time library.
 The tool can detect the following types of bugs:
-<ul> <li> Out-of-bounds accesses to  <ul><li>heap <li>stack <li>globals</ul>
+<ul> <li> Out-of-bounds accesses to  heap, stack and globals
   <li> Use-after-free
   <li> Use-after-return (to some extent)
-  <li> Double-free
+  <li> Double-free, invalid free
 Typical slowdown introduced by AddressSanitizer is <b>2x</b>.
+<h2 id="howtobuild">How to build</h2>
+Follow the <a href="../get_started.html">clang build instructions</a>.
 <h2 id="intro">Usage</h2>
-In order to use AddressSanitizer simply compile and link your program with
-<tt>-faddress-sanitizer</tt> flag.
-To get a reasonable performance add <tt>-O1</tt> or higher.
-If a bug is detected, the program will print an error message and exit with a
+Simply compile and link your program with <tt>-faddress-sanitizer</tt> flag. <BR>
+To get a reasonable performance add <tt>-O1</tt> or higher. <BR>
+% cat example_UseAfterFree.cc
+int main(int argc, char **argv) {
+  int *array = new int[100];
+  delete [] array;
+  return array[argc];  // BOOM
+% clang -O1 -g -faddress-sanitizer example_UseAfterFree.cc
+If a bug is detected, the program will print an error message to stderr and exit with a
 non-zero exit code.
+Currently, AddressSanitizer does not symbolize its output, so you may need to use a
+separate script to symbolize the result offline (this will be fixed in future).
+% ./a.out 2> log
+% projects/compiler-rt/lib/asan/scripts/asan_symbolize.py / < log | c++filt
+==9442== ERROR: AddressSanitizer heap-use-after-free on address 0x7f7ddab8c084 at pc 0x403c8c bp 0x7fff87fb82d0 sp 0x7fff87fb82c8
+READ of size 4 at 0x7f7ddab8c084 thread T0
+    #0 0x403c8c in main example_UseAfterFree.cc:4
+    #1 0x7f7ddabcac4d in __libc_start_main ??:0
+0x7f7ddab8c084 is located 4 bytes inside of 400-byte region [0x7f7ddab8c080,0x7f7ddab8c210)
+freed by thread T0 here:
+    #0 0x404704 in operator delete[](void*) ??:0
+    #1 0x403c53 in main example_UseAfterFree.cc:4
+    #2 0x7f7ddabcac4d in __libc_start_main ??:0
+previously allocated by thread T0 here:
+    #0 0x404544 in operator new[](unsigned long) ??:0
+    #1 0x403c43 in main example_UseAfterFree.cc:2
+    #2 0x7f7ddabcac4d in __libc_start_main ??:0
+==9442== ABORTING
 <h3 id="has_feature">__has_feature(address_sanitizer)</h3>
 In some cases one may need to execute different code depending on whether
@@ -61,10 +99,11 @@
 <h2 id="platforms">Supported Platforms</h2>
-AddressSanitizer is supported on the following platforms:
-<ul> <li>Linux <ul> <li> i386 <li> x86_64 <li> ARM </ul>
-     <li>Darwin <ul> <li> i386 <li> x86_64 </ul>
+AddressSanitizer is supported on
+<ul><li>Linux x86_64 (tested on Ubuntu 10.04).
+<li>MacOS 10.6 i386/x86_64.
+Support for Linux i386/ARM and MacOS 10.7 is in progress.
 <h2 id="limitations">Limitations</h2>
@@ -79,8 +118,11 @@
 <h2 id="status">Current Status</h2>
-AddressSanitizer is work-in-progress and is not yet fully functional in the LLVM/Clang head.
-For the up-to-date usable version and full documentation refer to
+AddressSanitizer is fully functional on supported platforms in LLVM head.
+However, the test suite is not fully integrated yet and we lack the testing
+process (buildbots).
+<h2 id="moreinfo">More Information</h2>
 <a href="http://code.google.com/p/address-sanitizer/">http://code.google.com/p/address-sanitizer</a>.

More information about the cfe-commits mailing list