Sign in to confirm you’re not a bot
This helps protect our community. Learn more

Address Sanitizer continue_on_error | Pure Virtual C++ 2023

Microsoft Visual Studio
335K subscribers
<__slot-el>
<__slot-el>
1.6K views 1 year ago
C++ memory safety errors continue to be a top concern. In this talk we describe continue_on_error which is new technology implemented in the Address Sanitizer runtime. The compiler and new runtime allow a developer to find a well-defined set of (possibly hidden) memory safety errors, has zero false positives, and is easily added to existing test assets. This creates a new checked-build for C and C++. This new functionality allows an application to continue running while reporting memory safety errors to a log file or the command line. The existing Address Sanitizer runtime will report the first memory error encountered and then kill your application. When enabled, the new continue_on_error feature, will automatically return control back to the application after reporting each memory safety error. With continue_on_error you can compile and deploy an existing application in limited production to find memory safety issues or leaks while running fo ...more
...more
Address Sanitizer continue_on_error | Pure Virtual C++ 2023
28Likes
1,624Views
2023Jun 6
C++ memory safety errors continue to be a top concern. In this talk we describe continue_on_error which is new technology implemented in the Address Sanitizer runtime. The compiler and new runtime allow a developer to find a well-defined set of (possibly hidden) memory safety errors, has zero false positives, and is easily added to existing test assets. This creates a new checked-build for C and C++. This new functionality allows an application to continue running while reporting memory safety errors to a log file or the command line. The existing Address Sanitizer runtime will report the first memory error encountered and then kill your application. When enabled, the new continue_on_error feature, will automatically return control back to the application after reporting each memory safety error. With continue_on_error you can compile and deploy an existing application in limited production to find memory safety issues or leaks while running for days. If you compile with one extra flag (-fsanitize=address) and set one environment variable (set ASAN_OPTIONS=continue_on_error=1), you get a turnkey solution for immediately improving correctness and security. You can still pass all your existing tests but also uncover hidden memory safety errors in your passing tests. This should be used to introduce a new “shipping gate. It can be entirely based on your existing test assets. The developer gets a simple (pass/fail) gate for shipping any C or C++ on Windows. Internally we have found that using this technology will significantly reduce memory safety errors. If all your existing tests pass but this new feature reports a memory safety error or a leak, you should not ship your new code or integrate it into a parent branch. We describe the technology, use demos to dive into important examples and discuss the 2021 CWE Top 25 Most Dangerous Software Weaknesses which helps to underscores the importance of using this new technology: A well defined shipping gate for C and C++. Download Visual Studio for C++: https://visualstudio.microsoft.com/vs... Address Sanitizer for Visual Studio: https://learn.microsoft.com/cpp/sanit...

Follow along using the transcript.

Microsoft Visual Studio

335K subscribers