【C語言工具】AddressSanitizer - 內存檢測工具

Github 地址：https://github.com/google/sanitizers
Wiki 地址：https://github.com/google/sanitizers/wiki/AddressSanitizer

參考：
基本使用：https://blog.csdn.net/c_lazy/article/details/80009627
輸出信息的詳細解釋：https://www.jianshu.com/p/3a2df9b7c353

AddressSanitizer（地址殺菌劑，簡稱 ASan） 是谷歌出品的內存檢查工具，比 Valgrind 更高效。其由兩部組成：

• 編譯器 instrumentation 模塊
• 提供malloc()/free()替代項的運行時庫

gcc 4.8 開始，AddressSanitizer 成爲 gcc 的一部分，但不支持符號信息，沒法顯示出問題的函數和行數。從 4.9 開始，gcc 支持 AddressSanitizer 的全部功能。

安裝

Ubuntu 通常不用安裝，CentOS 通常須要安裝。

若是使用 AddressSanitizer 時報錯：

/usr/bin/ld: cannot find /usr/lib64/libasan.so.0.0.0

則須要先安裝。Ubuntu 安裝命令：

sudo apt-get install libasan0

CentOS 安裝命令：

sudo yum install libasan

使用

在用 gcc 編譯程序時，指定 -fsanitize=address 選項便可自動調用 AddressSanitizer。運行程序時，就能夠看到相關信息。

經過 -g 選項，能夠看到報錯的函數和行號。

編譯

gcc -fsanitize=address -g twoSum.c

運行

運行上面編譯的結果，若是報錯，會打印詳細信息：

$ ./a.out
=================================================================
==5343==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7ffee7f9dde8 at pc 0x55d6a041bd9b bp 0x7ffee7f9dce0 sp 0x7ffee7f9dcd0
READ of size 8 at 0x7ffee7f9dde8 thread T0
    #0 0x55d6a041bd9a in insertHashTable /home/ubuntu/test/leetcode/twoSum.c:23
    #1 0x55d6a041c284 in twoSum /home/ubuntu/test/leetcode/twoSum.c:73
    #2 0x55d6a041c6cc in main /home/ubuntu/test/leetcode/twoSum.c:94
    #3 0x7f96a8c2db96 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21b96)
    #4 0x55d6a041bb79 in _start (/home/ubuntu/test/leetcode/a.out+0xb79)

Address 0x7ffee7f9dde8 is located in stack of thread T0 at offset 120 in frame
    #0 0x55d6a041c11d in twoSum /home/ubuntu/test/leetcode/twoSum.c:67

  This frame has 1 object(s):
    [32, 112) 'ht' <== Memory access at offset 120 overflows this variable
HINT: this may be a false positive if your program uses some custom stack unwind mechanism or swapcontext
      (longjmp and C++ exceptions *are* supported)
SUMMARY: AddressSanitizer: stack-buffer-overflow /home/ubuntu/test/leetcode/twoSum.c:23 in insertHashTable
Shadow bytes around the buggy address:
  0x10005cfebb60: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x10005cfebb70: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x10005cfebb80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x10005cfebb90: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x10005cfebba0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1
=>0x10005cfebbb0: f1 f1 00 00 00 00 00 00 00 00 00 00 f2[f2]00 00
  0x10005cfebbc0: 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1 04 f2
  0x10005cfebbd0: f2 f2 f2 f2 f2 f2 00 00 04 f2 00 00 00 00 00 00
  0x10005cfebbe0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x10005cfebbf0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  0x10005cfebc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
==5343==ABORTING

詳細信息能夠參考上面的參考目錄。