Memory/Address Sanitizer vs Valgrind

安稳与你 提交于 2020-06-24 05:42:08

问题


I want some tool to diagnose user-after-free bugs and uninitialized bugs. I am considering Sanitizer(Memory and/or Address) and Valgrind. But I have very little idea about their advantages and disadvantages. Can anyone tell the main features, differences and pros/cons of Sanitizer and Valgrind?

Edit: I found some of comparisons like: Valgrind uses DBI(dynamic binary instrumentation) and Sanitizer uses CTI(compile-time instrumentation). Valgrind makes the program much slower(20x) whether Sanitizer runs much faster than Valgrind(2x). If anyone can give me some more important points to consider, it will be a great help.


回答1:


I think you'll find this wiki useful.

TLDR main advantages of sanitizers are

  • much smaller CPU overheads (Lsan is practically free, UBsan is 1.25x, Asan and Msan are 2-4x for computationally intensive tasks and 1.05-1.1x for GUIs, Tsan is 5-15x)
  • wider class of detected errors (stack and global overflows, use-after-return)
  • full support of multi-threaded apps (Valgrind support for multi-threading is a joke)

Disadvantages are

  • significant memory overhead (up to 2x for Asan, up to 3x for Msan, up to 10x for Tsan) which may be a limiting factor for resource limited environments (e.g. phones); it's still way better than Valgrind
  • more complicated integration (you need to teach your build system to understand Asan and sometimes work around limitations/bugs in Asan itself, you also need to use relatively recent compiler)
  • MemorySanitizer is not reall^W easily usable at the moment as it requires one to rebuild all dependencies under Msan (including all standard libraries e.g. libstdc++); this means that casual users can only use Valgrind for detecting uninitialized errors
  • sanitizers typically can not be combined with each other (the only supported combination is Asan+UBsan+Lsan) which means that you'll have to do separate QA runs to catch all types of bugs



回答2:


One big difference is that the LLVM-included memory and thread sanitizers implicitly map huge swathes of address space (e.g., by calling mmap(X, Y, 0, MAP_NORESERVE|MAP_ANONYMOUS|MAP_FIXED|MAP_PRIVATE, -1, 0) across terabytes of address space in the x86_64 environment). Even though they don't necessarily allocate that memory, the mapping can play havoc with restrictive environments (e.g., ones with reasonable settings for ulimit values).



来源:https://stackoverflow.com/questions/47251533/memory-address-sanitizer-vs-valgrind

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!