Sanitizers是谷歌发起的开源工具集，包括了AddressSanitizer, MemorySanitizer, ThreadSanitizer, LeakSanitizer，Sanitizers项目本是LLVM项目的一部分，但GNU也将该系列工具加入到了自家的GCC编译器中。GCC从4.8版本开始逐步支持 Sanitizer，这些工具都是查找隐藏Bug的利器。

AddressSanitizer可用于检测 memory out-of-bounds 和 use-after-free。

• AddressSanitizer , a fast memory error detector, has been added and can be enabled via -fsanitize=address. Memory access instructions will be instrumented to detect heap-, stack-, and global-buffer overflow as well as use-after-free bugs. To get nicer stacktraces, use -fno-omit-frame-pointer. The AddressSanitizer is available on IA-32/x86-64/x32/PowerPC/PowerPC64 GNU/Linux and on x86-64 Darwin.
• ThreadSanitizer has been added and can be enabled via -fsanitize=thread. Instructions will be instrumented to detect data races. The ThreadSanitizer is available on x86-64 GNU/Linux.

摘自 https://gcc.gnu.org/gcc-4.8/changes.html

• AddressSanitizer, a fast memory error detector, is now available on ARM.
• UndefinedBehaviorSanitizer (ubsan), a fast undefined behavior detector, has been added and can be enabled via -fsanitize=undefined. Various computations will be instrumented to detect undefined behavior at runtime. UndefinedBehaviorSanitizer is currently available for the C and C++ languages.

摘自 https://gcc.gnu.org/gcc-4.9/changes.html

stack-buffer-overflow

/**
 * Copyright (c) 2021 junfu0903@aliyun.com.
 *
 * Unpublished copyright. All rights reserved. This material contains
 * proprietary information that should be used or copied only within
 * junfu0903@aliyun.com, except with written permission of junfu0903@aliyun.com.
 *
 * @file stack_buffer_overflow.c
 * @brief
 * @author junfu0903@aliyun.com
 * @version 1.0.0
 * @date 2021-06-15 10:16:45
 */

#include <stdio.h>
#include <stdlib.h>

int main(int argc, char** argv)
{
    int arr[8] = {0};
    arr[0] = 10;
    arr[9] = 11;

    return 0;
}

gcc -g -fsanitize=address stack_buffer_overflow.c -o stack_buffer_overflow

heap-use-after-free

/**
 * Copyright (c) 2021 junfu0903@aliyun.com.
 *
 * Unpublished copyright. All rights reserved. This material contains
 * proprietary information that should be used or copied only within
 * junfu0903@aliyun.com, except with written permission of junfu0903@aliyun.com.
 *
 * @file heap_use_after_free.c
 * @brief
 * @author junfu0903@aliyun.com
 * @version 1.0.0
 * @date 2021-06-15 10:18:45
 */

#include <stdio.h>
#include <stdlib.h>

int main(int argc, char** argv)
{
    char *p = NULL;

    p = (char*)malloc(16);

    free(p);

    p[0] = 1;

    return 0;
}

gcc -g -fsanitize=address heap_use_after_free.c -o heap_use_after_free

heap-buffer-overflow

/**
 * Copyright (c) 2021 junfu0903@aliyun.com.
 *
 * Unpublished copyright. All rights reserved. This material contains
 * proprietary information that should be used or copied only within
 * junfu0903@aliyun.com, except with written permission of junfu0903@aliyun.com.
 *
 * @file heap_buffer_overflow.c
 * @brief
 * @author junfu0903@aliyun.com
 * @version 1.0.0
 * @date 2021-06-15 10:18:45
 */

#include <stdio.h>
#include <stdlib.h>

int main(int argc, char** argv)
{
    char *p = NULL;

    p = (char*)malloc(16);

    p[17] = 12;

    free(p);

    return 0;
}

gcc -g -fsanitize=address heap_buffer_overflow.c -o heap_buffer_overflow

stack-use-after-scope

/**
 * Copyright (c) 2021 junfu0903@aliyun.com.
 *
 * Unpublished copyright. All rights reserved. This material contains
 * proprietary information that should be used or copied only within
 * junfu0903@aliyun.com, except with written permission of junfu0903@aliyun.com.
 *
 * @file address_use_after_scope.c
 * @brief
 * @author junfu0903@aliyun.com
 * @version 1.0.0
 * @date 2021-06-15 11:37:28
 */

#include <stdio.h>
#include <stdlib.h>

int main(int argc, char** argv)
{
    char *ptr;

    {
        char my_char;
        ptr = &my_char;
    }

    *ptr = 123;
    return *ptr;
}

gcc -g -fsanitize=address address_use_after_scope.c -o address_use_after_scope

data-race

/**
 * Copyright (c) 2021 junfu0903@aliyun.com.
 *
 * Unpublished copyright. All rights reserved. This material contains
 * proprietary information that should be used or copied only within
 * junfu0903@aliyun.com, except with written permission of junfu0903@aliyun.com.
 *
 * @file data_race.c
 * @brief
 * @author junfu0903@aliyun.com
 * @version 1.0.0
 * @date 2021-06-11 18:35:26
 */

#include <stdio.h>
#include <stdlib.h>
#include <pthread.h>

int g;

void* func(void* arg)
{
    g = 1;
    return NULL;
}

int main(int argc, char** argv)
{
    pthread_t tid;
    pthread_create(&tid, NULL, func, NULL);
    g = 2;
    pthread_join(tid, NULL);

    return 0;
}

gcc -g -fsanitize=thread data_race.c -pthread -o data_race

memory-leak

/**
 * Copyright (c) 2021 junfu0903@aliyun.com.
 *
 * Unpublished copyright. All rights reserved. This material contains
 * proprietary information that should be used or copied only within
 * junfu0903@aliyun.com, except with written permission of junfu0903@aliyun.com.
 *
 * @file mem_leak.c
 * @brief
 * @author junfu0903@aliyun.com
 * @version 1.0.0
 * @date 2021-06-15 10:57:19
 */

#include <stdio.h>
#include <stdlib.h>

int main(int argc, char** argv)
{
    char *p = (char*)malloc(16);
    p[0] = 1;

    return 0;
}

gcc -Wall -g -fsanitize=leak mem_leak.c -o mem_leak

开启Thread Sanitizer，将使代码执行效率降低2-20倍，内存使用增加5-10倍。可以通过设置-O1优化级别来提高内存利用率。