AddressSanitizerComparisonOfMemoryTools
Alexander Potapenko edited this page Aug 25, 2020
·
12 revisions
| AddressSanitizer | Valgrind/Memcheck | Dr. Memory | Mudflap | Guard Page | gperftools | |
|---|---|---|---|---|---|---|
| technology | CTI | DBI | DBI | CTI | Library | Library |
| ARCH | x86, ARM, PPC | x86, ARM, PPC, MIPS, S390X, TILEGX | x86 | all(?) | all(?) | all(?) |
| OS | Linux, OS X, Windows, FreeBSD, Android, iOS Simulator | Linux, OS X, Solaris, Android | Windows, Linux | Linux, Mac(?) | All (1) | Linux, Windows |
| Slowdown | 2x | 20x | 10x | 2x-40x | ? | ? |
| Detects: | ||||||
| Heap OOB | yes | yes | yes | yes | some | some |
| Stack OOB | yes | no | no | some | no | no |
| Global OOB | yes | no | no | ? | no | no |
| UAF | yes | yes | yes | yes | yes | yes |
| UAR | yes (see AddressSanitizerUseAfterReturn) | no | no | no | no | no |
| UMR | no (see MemorySanitizer) | yes | yes | ? | no | no |
| Leaks | yes (see LeakSanitizer) | yes | yes | ? | no | yes |
DBI: dynamic binary instrumentation
CTI: compile-time instrumentation
UMR: uninitialized memory reads
UAF: use-after-free (aka dangling pointer)
UAR: use-after-return
OOB: out-of-bounds
x86: includes 32- and 64-bit.
mudflap was removed in GCC 4.9, as it has been superseded by AddressSanitizer.
Guard Page: a family of memory error detectors (Electric fence or DUMA on Linux, Page Heap on Windows, libgmalloc on OS X)
gperftools: various performance tools/error detectors bundled with TCMalloc. Heap checker (leak detector) is only available on Linux. Debug allocator provides both guard pages and canary values for more precise detection of OOB writes, so it's better than guard page-only detectors.
- AddressSanitizer: see AddressSanitizerPerformanceNumbers
- Valgrind/Memcheck and Dr. Memory: see Dr. Memory paper
- Mudflap: slowdown varies from 2x to 40x
- Guard Page: 2/3 cpu2006 benchmarks fail (tested using DUMA on a Linux box with 24G RAM)