Documentation
我要评分
获取效率
正确性
完整性
易理解
提交关闭

Usage

C++ Case

1
2
3
4
5
6
7
8
% cat example_UseAfterFree.cc
int main(int argc, char **argv) {
    int *array = new int[100];
    delete [] array;
    return array[argc]; // BOOM
}
# Compile and run 
% clang++ -O0 -g -fsanitize=address -fno-omit-frame-pointer example_UseAfterFree.cc && ./a.out

Take BiSheng compiler 3.2.0.1 as an example. Compile and execute this test case to obtain the following error report:

The first part (ERROR) indicates that the error type is heap-use-after-free.

The second part (READ) provides detailed stack information. After -g is added at compile time, the file, line number, and function can be displayed in the stack. The first part indicates that a released pointer array is found at the fourth line when arrays are returned, the second part indicates the position where the array is released, and the third part indicates the position where the array may be allocated.

The third part (SUMMARY) summarizes the error type, source file position, line number, and function.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
$ ./BiShengCompiler-3.2.0.1-aarch64-linux/bin/clang++ -O0 -g -fno-omit-frame-pointer -fsanitize=address example_UseAfterFree.cc && ./a.out 
=================================================================
==22191==ERROR: AddressSanitizer: heap-use-after-free on address 0xffffbdb03e44 at pc 0xaaaaaabb2148 bp 0xffffffffe680 sp 0xffffffffe698
READ of size 4 at 0xffffbdb03e44 thread T0
    #0 0xaaaaaabb2144 in main /home/sanitizer/exampel_UseAfterFree.cc:4:9
    #1 0xffffbf1c6be8 in __libc_start_main (/lib64/libc.so.6+0x20be8) (BuildId: 3959699449911333fc3fd20bc7adb8c585c50e4c)
    #2 0xaaaaaaad33d4 in _start (/home/sanitizer/a.out+0x293d4)

0xffffbdb03e44 is located 4 bytes inside of 400-byte region [0xffffbdb03e40,0xffffbdb03fd0)
freed by thread T0 here:
    #0 0xaaaaaabaf9cc in operator delete[](void*) /usr1/llvm-project/compiler-rt/lib/asan/asan_new_delete.cpp:155
    #1 0xaaaaaabb20b4 in main /home/sanitizer/exampel_UseAfterFree.cc:3:2
    #2 0xffffbf1c6be8 in __libc_start_main (/lib64/libc.so.6+0x20be8) (BuildId: 3959699449911333fc3fd20bc7adb8c585c50e4c)
    #3 0xaaaaaaad33d4 in _start (/home/sanitizer/a.out+0x293d4)

previously allocated by thread T0 here:
    #0 0xaaaaaabaf0cc in operator new[](unsigned long) /usr1/llvm-project/compiler-rt/lib/asan/asan_new_delete.cpp:98
    #1 0xaaaaaabb205c in main /home/sanitizer/exampel_UseAfterFree.cc:2:15
    #2 0xffffbf1c6be8 in __libc_start_main (/lib64/libc.so.6+0x20be8) (BuildId: 3959699449911333fc3fd20bc7adb8c585c50e4c)
    #3 0xaaaaaaad33d4 in _start (/home/sanitizer/a.out+0x293d4)

SUMMARY: AddressSanitizer: heap-use-after-free /home/user/sanitizer/exampel_UseAfterFree.cc:13:9 in main

Fortran Case

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
%cat test.f90
program test
    type entry
        integer(1) :: value = 1
        integer(1) :: index = 1
        type(entry),allocatable :: ty1
    end type entry

    type(entry), allocatable :: ty1
    allocate(ty1)
    allocate(ty1%ty1)
    ty1 = entry(1 , 1, entry(2, 2, null()))
    print *, ty1%ty1%value
end program

%command and run
% flang -g -fsanitize=address test.f90 && ./a.out

The following report is obtained after execution. Similar to the C++ test case, the report shows that this test case has multiple memory leaks, caused by the allocated space type variables not being released.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
 2

=================================================================
==130459==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 16 byte(s) in 1 object(s) allocated from:
    #0 0x4cf9c8 in malloc /usr1/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:69:3
    #1 0xffffaacd638c in bs_f90_calloc04a_i8 (/home/sanitizer/BiShengCompiler-5.1.0-aarch64-linux/lib/libflang.so+0x29038c)
    #2 0x50c820 in MAIN_ /home/user/dts/test.f90:9:1
    #3 0xffffaa62ebe8 in __libc_start_main (/lib64/libc.so.6+0x20be8) (BuildId: 3959699449911333fc3fd20bc7adb8c585c50e4c)
    #4 0x42f3ec in _start (/home/user/dts/a.out+0x42f3ec)

Indirect leak of 16 byte(s) in 1 object(s) allocated from:
    #0 0x4cf9c8 in malloc /usr1/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:69:3
    #1 0xffffaacd638c in bs_f90_calloc04a_i8 (/home/sanitizer/BiShengCompiler-5.1.0-aarch64-linux/lib/libflang.so+0x29038c)
    #2 0x50c890 in MAIN_ /home/user/dts/test.f90:10:1
    #3 0xffffaa62ebe8 in __libc_start_main (/lib64/libc.so.6+0x20be8) (BuildId: 3959699449911333fc3fd20bc7adb8c585c50e4c)
    #4 0x42f3ec in _start (/home/user/dts/a.out+0x42f3ec)

SUMMARY: AddressSanitizer: 32 byte(s) leaked in 2 allocation(s).
Parent topic: AddressSanitizer