Coming from Linux/gcc/clang I find myself working more and more on Windows/Visual Studio.
What I am really missing there is the address sanitizer (bounds checking, leaks
Microsoft has integrated the Address Sanitizer into Visual Studio 2019 version 16.1 Preview 3 and up. Unfortunately currently only the Linux build is supported. But at least you can still use your favorite IDE and debug apps in WSL
Address Sanitizer for Windows projects is also available since Visual Studio 2019 version 16.4
We are pleased to announce AddressSanitizer (ASan) support for the MSVC toolset. ASan is a fast memory error detector that can find runtime memory issues such as use-after-free and perform out of bounds checks. Support for sanitizers has been one of our more popular suggestions on Developer Community, and we can now say that we have an experience for ASan on Windows, in addition to our existing support for Linux projects.
AddressSanitizer (ASan) for Windows with MSVC
The latest release 16.7 supports both x86 and x64 (the initial release only supported x86).
In Visual Studio 2019 version 16.1 Preview 3 we have integrated AddressSanitizer (ASan) into Visual Studio for Linux projects. ASan is a runtime memory error detector for C/C++ that catches the following errors:
- Use after free (dangling pointer reference)
- Heap buffer overflow
- Stack buffer overflow
- Use after return
- Use after scope
- Initialization order bugs
AddressSanitizer (ASan) for the Linux Workload in Visual Studio 2019
Note that MSVC itself already have various tools for debugging memory issues like CRT Debug Heap as mentioned above by Adrian McCarthy or Control Flow Guard
There are many tools that try to make your code secure from outside the box: Valgrind and address/thread sanitizers are popular examples. And there are many of these tools on Windows as well, both from Microsoft and other companies. But MSVC features powerful technologies inside the compiler that integrate security with your code. For example, Control Flow Guard, is highly-optimized security feature that combats many memory corruption vulnerabilities. We can’t talk openly our current security research but we’re always working to make your code (and ours!) safe from increasingly sophisticated attackers.
https://devblogs.microsoft.com/cppblog/msvc-the-best-choice-for-windows/
See also