“Valgrind is a tool for detecting memory errors. However, when run binaries under Valgrind, testing becomes at least 10 times slower. This huge slowdown costs more than just machine time; our trybots and buildbots can’t provide fast feedback and some tests fail due to timeouts. To overcome these issues, Google released AddressSanitizer (aka ASan), a new testing tool,” Google stated.
“ASan helps us find a subset of bugs that are detectable by Valgrind like heap buffer overrun/underrun (out-of-bounds access) and “Use after free.” It can also detect bugs that Valgrind can not find, such as stack buffer overrun/underrun. Last month alone, ASan helped us find more than 20 bugs in Chromium including some that could have potentially led to security vulnerabilities,” Google said.
ASan consists of two parts:
- “A compiler which performs instrumentation – currently we use a modified LLVM/Clang and we’re trying to contribute our code to the core LLVM package.
- A run-time library that replaces malloc(), free()and friends.
“Today ASan works only on Linux (x86 and x86_64) and ChromiumOS, but we’re planning to port it to other platforms in the near future. In the coming months we also plan to setup various ASan buildbots and trybots for Chromium.”
[Source: Chrominum blog]