中文
注册
我要评分
文档获取效率
文档正确性
内容完整性
文档易理解
在线提单
论坛求助

使用方法

c++用例

1
2
3
4
5
6
7
8
% cat example_UseAfterFree.cc
int main(int argc, char **argv) {
    int *array = new int[100];
    delete [] array;
    return array[argc]; // BOOM
}
# Compile and run 
% clang++ -O0 -g -fsanitize=address -fno-omit-frame-pointer example_UseAfterFree.cc && ./a.out

以BiShengCompiler-3.2.0.1为例,编译该用例并执行可以获得如下错误报告:

第一部分(ERROR)指出错误类型heap-use-after-free

第二部分(READ)给出堆栈的详细信息,编译时添加-g后可以在堆栈中显示文件、行号与函数,如下第一段指出了第4行return array时发现存在已被释放的指针数组,第二段指出被释放的位置,第三段指出该数组可能被分配的位置。

第三部分(SUMMARY)总结了报错的错误类型,源文件位置,行号,函数。

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
$ ./BiShengCompiler-3.2.0.1-aarch64-linux/bin/clang++ -O0 -g -fno-omit-frame-pointer -fsanitize=address example_UseAfterFree.cc && ./a.out 
=================================================================
==22191==ERROR: AddressSanitizer: heap-use-after-free on address 0xffffbdb03e44 at pc 0xaaaaaabb2148 bp 0xffffffffe680 sp 0xffffffffe698
READ of size 4 at 0xffffbdb03e44 thread T0
    #0 0xaaaaaabb2144 in main /home/sanitizer/exampel_UseAfterFree.cc:4:9
    #1 0xffffbf1c6be8 in __libc_start_main (/lib64/libc.so.6+0x20be8) (BuildId: 3959699449911333fc3fd20bc7adb8c585c50e4c)
    #2 0xaaaaaaad33d4 in _start (/home/sanitizer/a.out+0x293d4)

0xffffbdb03e44 is located 4 bytes inside of 400-byte region [0xffffbdb03e40,0xffffbdb03fd0)
freed by thread T0 here:
    #0 0xaaaaaabaf9cc in operator delete[](void*) /usr1/llvm-project/compiler-rt/lib/asan/asan_new_delete.cpp:155
    #1 0xaaaaaabb20b4 in main /home/sanitizer/exampel_UseAfterFree.cc:3:2
    #2 0xffffbf1c6be8 in __libc_start_main (/lib64/libc.so.6+0x20be8) (BuildId: 3959699449911333fc3fd20bc7adb8c585c50e4c)
    #3 0xaaaaaaad33d4 in _start (/home/sanitizer/a.out+0x293d4)

previously allocated by thread T0 here:
    #0 0xaaaaaabaf0cc in operator new[](unsigned long) /usr1/llvm-project/compiler-rt/lib/asan/asan_new_delete.cpp:98
    #1 0xaaaaaabb205c in main /home/sanitizer/exampel_UseAfterFree.cc:2:15
    #2 0xffffbf1c6be8 in __libc_start_main (/lib64/libc.so.6+0x20be8) (BuildId: 3959699449911333fc3fd20bc7adb8c585c50e4c)
    #3 0xaaaaaaad33d4 in _start (/home/sanitizer/a.out+0x293d4)

SUMMARY: AddressSanitizer: heap-use-after-free /home/z30031879/sanitizer/exampel_UseAfterFree.cc:13:9 in main

fortran用例

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
%cat test.f90
program test
    type entry
        integer(1) :: value = 1
        integer(1) :: index = 1
        type(entry),allocatable :: ty1
    end type entry

    type(entry), allocatable :: ty1
    allocate(ty1)
    allocate(ty1%ty1)
    ty1 = entry(1 , 1, entry(2, 2, null()))
    print *, ty1%ty1%value
end program

%command and run
% flang -g -fsanitize=address test.f90 && ./a.out

执行后得到如下报告,与c++用例相似,报告显示这个用例多次内存泄漏,原因为分配空间的类型变量未释放

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
 2

=================================================================
==130459==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 16 byte(s) in 1 object(s) allocated from:
    #0 0x4cf9c8 in malloc /usr1/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:69:3
    #1 0xffffaacd638c in bs_f90_calloc04a_i8 (/home/sanitizer/BiShengCompiler-4.2.0-aarch64-linux/lib/libflang.so+0x29038c)
    #2 0x50c820 in MAIN_ /home/z30031879/dts/test.f90:9:1
    #3 0xffffaa62ebe8 in __libc_start_main (/lib64/libc.so.6+0x20be8) (BuildId: 3959699449911333fc3fd20bc7adb8c585c50e4c)
    #4 0x42f3ec in _start (/home/z30031879/dts/a.out+0x42f3ec)

Indirect leak of 16 byte(s) in 1 object(s) allocated from:
    #0 0x4cf9c8 in malloc /usr1/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:69:3
    #1 0xffffaacd638c in bs_f90_calloc04a_i8 (/home/sanitizer/BiShengCompiler-4.2.0-aarch64-linux/lib/libflang.so+0x29038c)
    #2 0x50c890 in MAIN_ /home/z30031879/dts/test.f90:10:1
    #3 0xffffaa62ebe8 in __libc_start_main (/lib64/libc.so.6+0x20be8) (BuildId: 3959699449911333fc3fd20bc7adb8c585c50e4c)
    #4 0x42f3ec in _start (/home/z30031879/dts/a.out+0x42f3ec)

SUMMARY: AddressSanitizer: 32 byte(s) leaked in 2 allocation(s).