Konstantin Serebryany, Derek Bruening, Alexander Potapenko, and Dmitriy Vyukov, Google
Abstract:
Memory access bugs, including buffer overflows and uses of freed heap memory, remain a serious problem for programming languages like C and C++. Many memory error detectors exist, but most of them are either slow or detect a limited set of bugs, or both.
This paper presents AddressSanitizer, a new memory error detector. Our tool finds out-of-bounds accesses to heap, stack, and global objects, as well as use-after-free bugs. It employs a specialized memory allocator and code instrumentation that is simple enough to be implemented in any compiler, binary translation system, or even in hardware.
AddressSanitizer achieves efficiency without sacrificing comprehensiveness. Its average slowdown is just 73% yet it accurately detects bugs at the point of occurrence. It has found over 300 previously unknown bugs in the Chromium browser and many bugs in other software.
USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.
BibTeX
@inproceedings {180957,
author = {Konstantin Serebryany and Derek Bruening and Alexander Potapenko and Dmitriy Vyukov},
title = {{AddressSanitizer}: A Fast Address Sanity Checker},
booktitle = {2012 USENIX Annual Technical Conference (USENIX ATC 12)},
year = {2012},
isbn = {978-931971-93-5},
address = {Boston, MA},
pages = {309--318},
url = {https://www.usenix.org/conference/atc12/technical-sessions/presentation/serebryany},
publisher = {USENIX Association},
month = jun
}
connect with us