ASan relies on tracking which memory is in use with a shadow map representing chunks of memory with bits and has redzones around objects along with a quarantine for recently freed memory limited by how much memory you're willing to burn on it.
Conversation
It would be really cool if Clang had a switch to enforce memory safety but doing it efficiently and accurately likely requires having 128-bit or larger pointers which means having a different ABI. It could probably be done with ~30% performance overhead + fat ptr memory overhead.
3
2
Yeah, to me the interesting question is how much perf overhead do you have before it's more expensive than just using a conservative tracing GC.
2
6
Nix (an admittedly deeply cursed C++ codebase) uses Boehm, and it's fairly easy to cause use-after-frees in it by not rooting stuff correctly :(
2
4
Interesting, have any details on how this can happen? I didn't think it happened in practice with Boehm
1
2
i think references end up in unmanaged memory by not using traceable_allocator, which is fairly easy to do, since anything STL will default to shooting you in the foot
1
here's an instance of it being found and fixed
1
The commit message says that the GC doesn't scan the part of memory where the heap lives, so presumably this is due to misusing GC_MALLOC_ATOMIC, or using the system malloc?
By "using Boehm" I mean that the only malloc you use is GC_MALLOC.
1
using system malloc through the STL's default allocator, i think
1
Yeah, I guess you'd need to use glibc malloc hooks or something for that.
1
Those are deprecated and you're supposed to override the symbols. It's meant to have proper support for overriding them including making them get used for functions like strdup/asprintf (critical) and internal use (not critical but useful).