The difference between BoundsChecking.c annd Address Sanitizer

Hello everyone,

I have noticed that there is a BoundsChecking.c under lib/Transforms/Instrumentation/. I am wondering how to use this tool and which type of bugs it targets. Are the tool provide the same functionality with Address Aanitizer?

Thanks a lot

Hi,

BoundsChecking.c is the code that implements clang's -fsanitize=bounds.
Address sanitizer (ASan) and this bounds checker (BC) are very different in implementation, overheads, and class of detected bugs.

The motivation of BC was to be able to ship applications with it enabled. Therefore it targets a low overhead of a few %. It can only catch buffer overflows where the memory allocation and the memory accesses occur within the same function. Addresses that are stored and then loaded from the memory will likely escape the control.

ASan is more of a debug tool. It has a significant higher overhead (around 2x). In addition to buffer overflow, it can also detect use-after-free and double-free kind of bugs. ASan's buffer overflow detection is significantly more comprehensive than BC's. You can read more at http://clang.llvm.org/docs/AddressSanitizer.html

Nuno