使用方法
c++用例
1 2 3 4 5 6 7 8 | % cat example_UseAfterFree.cc int main(int argc, char **argv) { int *array = new int[100]; delete [] array; return array[argc]; // BOOM } # Compile and run % clang++ -O0 -g -fsanitize=address -fno-omit-frame-pointer example_UseAfterFree.cc && ./a.out |
以BiShengCompiler-3.2.0.1为例,编译该用例并执行可以获得如下错误报告:
第一部分(ERROR)指出错误类型heap-use-after-free
第二部分(READ)给出堆栈的详细信息,编译时添加-g后可以在堆栈中显示文件、行号与函数,如下第一段指出了第4行return array时发现存在已被释放的指针数组,第二段指出被释放的位置,第三段指出该数组可能被分配的位置。
第三部分(SUMMARY)总结了报错的错误类型,源文件位置,行号,函数。
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 | $ ./BiShengCompiler-3.2.0.1-aarch64-linux/bin/clang++ -O0 -g -fno-omit-frame-pointer -fsanitize=address example_UseAfterFree.cc && ./a.out ================================================================= ==22191==ERROR: AddressSanitizer: heap-use-after-free on address 0xffffbdb03e44 at pc 0xaaaaaabb2148 bp 0xffffffffe680 sp 0xffffffffe698 READ of size 4 at 0xffffbdb03e44 thread T0 #0 0xaaaaaabb2144 in main /home/sanitizer/exampel_UseAfterFree.cc:4:9 #1 0xffffbf1c6be8 in __libc_start_main (/lib64/libc.so.6+0x20be8) (BuildId: 3959699449911333fc3fd20bc7adb8c585c50e4c) #2 0xaaaaaaad33d4 in _start (/home/sanitizer/a.out+0x293d4) 0xffffbdb03e44 is located 4 bytes inside of 400-byte region [0xffffbdb03e40,0xffffbdb03fd0) freed by thread T0 here: #0 0xaaaaaabaf9cc in operator delete[](void*) /usr1/llvm-project/compiler-rt/lib/asan/asan_new_delete.cpp:155 #1 0xaaaaaabb20b4 in main /home/sanitizer/exampel_UseAfterFree.cc:3:2 #2 0xffffbf1c6be8 in __libc_start_main (/lib64/libc.so.6+0x20be8) (BuildId: 3959699449911333fc3fd20bc7adb8c585c50e4c) #3 0xaaaaaaad33d4 in _start (/home/sanitizer/a.out+0x293d4) previously allocated by thread T0 here: #0 0xaaaaaabaf0cc in operator new[](unsigned long) /usr1/llvm-project/compiler-rt/lib/asan/asan_new_delete.cpp:98 #1 0xaaaaaabb205c in main /home/sanitizer/exampel_UseAfterFree.cc:2:15 #2 0xffffbf1c6be8 in __libc_start_main (/lib64/libc.so.6+0x20be8) (BuildId: 3959699449911333fc3fd20bc7adb8c585c50e4c) #3 0xaaaaaaad33d4 in _start (/home/sanitizer/a.out+0x293d4) SUMMARY: AddressSanitizer: heap-use-after-free /home/z30031879/sanitizer/exampel_UseAfterFree.cc:13:9 in main |
fortran用例
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 | %cat test.f90 program test type entry integer(1) :: value = 1 integer(1) :: index = 1 type(entry),allocatable :: ty1 end type entry type(entry), allocatable :: ty1 allocate(ty1) allocate(ty1%ty1) ty1 = entry(1 , 1, entry(2, 2, null())) print *, ty1%ty1%value end program %command and run % flang -g -fsanitize=address test.f90 && ./a.out |
执行后得到如下报告,与c++用例相似,报告显示这个用例多次内存泄漏,原因为分配空间的类型变量未释放
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 | 2 ================================================================= ==130459==ERROR: LeakSanitizer: detected memory leaks Direct leak of 16 byte(s) in 1 object(s) allocated from: #0 0x4cf9c8 in malloc /usr1/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:69:3 #1 0xffffaacd638c in bs_f90_calloc04a_i8 (/home/sanitizer/BiShengCompiler-4.2.0-aarch64-linux/lib/libflang.so+0x29038c) #2 0x50c820 in MAIN_ /home/z30031879/dts/test.f90:9:1 #3 0xffffaa62ebe8 in __libc_start_main (/lib64/libc.so.6+0x20be8) (BuildId: 3959699449911333fc3fd20bc7adb8c585c50e4c) #4 0x42f3ec in _start (/home/z30031879/dts/a.out+0x42f3ec) Indirect leak of 16 byte(s) in 1 object(s) allocated from: #0 0x4cf9c8 in malloc /usr1/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:69:3 #1 0xffffaacd638c in bs_f90_calloc04a_i8 (/home/sanitizer/BiShengCompiler-4.2.0-aarch64-linux/lib/libflang.so+0x29038c) #2 0x50c890 in MAIN_ /home/z30031879/dts/test.f90:10:1 #3 0xffffaa62ebe8 in __libc_start_main (/lib64/libc.so.6+0x20be8) (BuildId: 3959699449911333fc3fd20bc7adb8c585c50e4c) #4 0x42f3ec in _start (/home/z30031879/dts/a.out+0x42f3ec) SUMMARY: AddressSanitizer: 32 byte(s) leaked in 2 allocation(s). |