Use of AddressSanitizer under Windows
brief introduction
AddressSanitizer's function is roughly a variety of buffer overflow detection, such as what's beyond the bounds of an array, which can be used to avoid some undefined behavior, first used for Unix homework, and then can no longer be separated from it...
AddressSanitizer · google/sanitizers Wiki
It has also been officially given Windows usage, slightly different from Linux and mac OSX. AddressSanitizerWindowsPort · google/sanitizers Wiki
Unfortunately, another very powerful tool, LeakSanitizer, is not yet available on Windows.Its function is to detect memory leaks.
LeakSanitizer is not supported on Windows yet. LeakSanitizer requires being able to stop the process at exit or some other point to scan for live pointers. This is called “StopTheWorld”, and the posix implementation uses ptrace, which is not available on Windows.
But, it's always good to have something useful~
Environmental Science
clang and Visual Studio are required.
clang+llvm download the compiled file directly:
LLVM Download Page , Download LLVM 8.0.0-Pre-Built Binaries-Windows (64-bit), that sig doesn't matter.Then install.All in all, there's a bunch of clang tutorials.
Visual Studio said no...
Use
Give an example:
test.c:
#include <stdlib.h> int main() { int *arr = malloc(sizeof(int)*4); arr[10] = -1; return 0; }
cmd command:
clang test.c -o test.exe -g -fsanitize=address -Xlinker /LIBPATH:C:\llvm\lib\clang\8.0.0\lib\windows -Xlinker clang_rt.asan-x86_64.lib
There's nothing to say about clang test.c-o test.exe-g, -fsanitize=address is to enable AddressSanitizer.
-Xlinker /LIBPATH:C:\llvm\lib\clang\8.0.0\lib\windows
and
-Xlinker clang_rt.asan-x86_64.lib
These are the two parameters passed to the linker, where they are passed to the linker clang uses by default, MSVC's linker link.exe.Their function is to require the linker to find clang_rt.asan-x86_64.lib under llvm\libclang\8.0.0libwindows.AddressSanitizer actually inserts some code into the source file, so you need to link to this library.Other different ways of linking reference AddressSanitizerWindowsPort · google/sanitizers Wiki。
You can actually generate.o files and then manually use linker links to generate.exe files, but this can be cumbersome because you need to specify many other libraries manually or you'll be prompted not to find some.lib files.
clang test.c -c -g -fsanitize=address
Use the MSVC linker link.exe (location depends on your VS installation path, such as my C:\Program Files(x86)Microsoft Visual Studio2017CommunityVCToolsMSVC14.16.27023binHostx64x64):
link.exe test.o /LIBPATH:C:\llvm\lib\clang\8.0.0\lib\windows clang_rt.asan-x86_64.lib /LIBPATH:"C:\Program Files (x86)\Microsoft Visual Studio\2017\Community\VC\Tools\MSVC\14.16.27023\lib\x64" /LIBPATH:"C:\Program Files (x86)\Windows Kits\10\Lib\10.0.17763.0\um\x64" /LIBPATH:"C:\Program Files (x86)\Windows Kits\10\Lib\10.0.17763.0\ucrt\x64"
You can also use llvm's own linker, lld-link.exe, located in llvm\bin, which can be used directly when setting environment variables.
lld-link.exe test.o /LIBPATH:C:\llvm\lib\clang\8.0.0\lib\windows clang_rt.asan-x86_64.lib /LIBPATH:"C:\Program Files (x86)\Microsoft Visual Studio\2017\Community\VC\Tools\MSVC\14.16.27023\lib\x64" /LIBPATH:"C:\Program Files (x86)\Windows Kits\10\Lib\10.0.17763.0\um\x64" /LIBPATH:"C:\Program Files (x86)\Windows Kits\10\Lib\10.0.17763.0\ucrt\x64"
The directory of several libraries that need to be linked also depends on where the VS is installed:
/LIBPATH:"C:\Program Files (x86)\Microsoft Visual Studio\2017\Community\VC\Tools\MSVC\14.16.27023\lib\x64" /LIBPATH:"C:\Program Files (x86)\Windows Kits\10\Lib\10.0.17763.0\um\x64" /LIBPATH:"C:\Program Files (x86)\Windows Kits\10\Lib\10.0.17763.0\ucrt\x64"
Output from console running test.exe:
==7344==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x12c8dca000d8 at pc 0x7ff77a57107b bp 0x00fb7e4ffb70 sp 0x00fb7e4ffbb8 WRITE of size 4 at 0x12c8dca000d8 thread T0 #0 0x7ff77a57107a in Ordinal0+0x107a (C:\***\test.exe+0x14000107a) #1 0x7ff77a5a1cff in _ubsan_get_current_report_data+0x9cf (C:\***\test.exe+0x140031cff) #2 0x7ffbe79c7973 in BaseThreadInitThunk+0x13 (C:\Windows\System32\KERNEL32.DLL+0x180017973) #3 0x7ffbe86aa270 in RtlUserThreadStart+0x20 (C:\Windows\SYSTEM32\ntdll.dll+0x18006a270) Address 0x12c8dca000d8 is a wild pointer. SUMMARY: AddressSanitizer: heap-buffer-overflow (C:\***\test.exe+0x14000107a) in Ordinal0+0x107a Shadow bytes around the buggy address: 0x051df833ffc0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x051df833ffd0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x051df833ffe0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x051df833fff0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x051df8340000: fa fa 00 05 fa fa 00 06 fa fa 00 04 fa fa 00 07 =>0x051df8340010: fa fa 00 07 fa fa 00 00 fa fa fa[fa]fa fa fa fa 0x051df8340020: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x051df8340030: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x051df8340040: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x051df8340050: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x051df8340060: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb Shadow gap: cc ==7344==ABORTING