简体繁体 English

内存/地址消毒剂与 Valgrind

[英]Memory/Address Sanitizer vs Valgrind

原文 2017-11-12 17:08:56 1 2 valgrind/ address-sanitizer/ memory-sanitizer

I want some tool to diagnose use-after-free bugs and uninitialized bugs.我想要一些工具来诊断释放后使用错误和未初始化的错误。 I am considering Sanitizer(Memory and/or Address) and Valgrind.我正在考虑消毒剂（内存和/或地址）和 Valgrind。 But I have very little idea about their advantages and disadvantages.但我对它们的优缺点知之甚少。 Can anyone tell the main features, differences and pros/cons of Sanitizer and Valgrind?谁能说出 Sanitizer 和 Valgrind 的主要功能、差异和优缺点？

Edit: I found some of comparisons like: Valgrind uses DBI(dynamic binary instrumentation) and Sanitizer uses CTI(compile-time instrumentation).编辑：我发现了一些比较，例如：Valgrind 使用 DBI（动态二进制检测）而 Sanitizer 使用 CTI（编译时检测）。 Valgrind makes the program much slower(20x) whether Sanitizer runs much faster than Valgrind(2x).无论 Sanitizer 运行速度比 Valgrind(2x) 快得多，Valgrind 都会使程序变慢 (20x)。 If anyone can give me some more important points to consider, it will be a great help.如果有人能给我一些更重要的考虑点，那将是一个很大的帮助。

2 个解决方案

I think you'll find this wiki useful.我想你会发现这个wiki很有用。

TLDR main advantages of sanitizers are TLDR 消毒剂的主要优点是

much smaller CPU overheads (Lsan is practically free, UBsan is 1.25x, Asan and Msan are 2-4x for computationally intensive tasks and 1.05-1.1x for GUIs, Tsan is 5-15x) CPU 开销小得多（Lsan 实际上是免费的，UBsan 是 1.25x，Asan 和 Msan 是计算密集型任务的 2-4x，GUI 是 1.05-1.1x，Tsan 是 5-15x）
wider class of detected errors (stack and global overflows, use-after-return)更广泛的检测到的错误（堆栈和全局溢出，返回后使用）
full support of multi-threaded apps (Valgrind support for multi-threading is a joke)完全支持多线程应用程序（Valgrind 支持多线程是个笑话）
much smaller memory overhead (up to 2x for Asan, up to 3x for Msan, up to 10x for Tsan which is way better than Valgrind)更小的内存开销（Asan 高达 2 倍，Msan 高达 3 倍，Tsan 高达 10 倍，这比 Valgrind 好得多）

Disadvantages are缺点是

more complicated integration (you need to teach your build system to understand Asan and sometimes work around limitations/bugs in Asan itself, you also need to use relatively recent compiler)更复杂的集成（您需要教您的构建系统理解 Asan，有时还需要解决 Asan 本身的限制/错误，您还需要使用相对较新的编译器）
MemorySanitizer is not reall^W easily usable at the moment as it requires one to rebuild all dependencies under Msan (including all standard libraries eg libstdc++); MemorySanitizer 目前并不是很容易使用，因为它需要重建 Msan 下的所有依赖项（包括所有标准库，例如 libstdc++）； this means that casual users can only use Valgrind for detecting uninitialized errors这意味着临时用户只能使用 Valgrind 来检测未初始化的错误
sanitizers typically can not be combined with each other (the only supported combination is Asan+UBsan+Lsan) which means that you'll have to do separate QA runs to catch all types of bugs消毒剂通常不能相互组合（唯一支持的组合是 Asan+UBsan+Lsan），这意味着您必须进行单独的 QA 运行以捕获所有类型的错误

One big difference is that the LLVM-included memory and thread sanitizers implicitly map huge swathes of address space (eg, by calling mmap(X, Y, 0, MAP_NORESERVE|MAP_ANONYMOUS|MAP_FIXED|MAP_PRIVATE, -1, 0) across terabytes of address space in the x86_64 environment).一个很大的区别是包含 LLVM 的内存和线程清理器隐式地映射大量的地址空间（例如，通过调用mmap(X, Y, 0, MAP_NORESERVE|MAP_ANONYMOUS|MAP_FIXED|MAP_PRIVATE, -1, 0)跨 TB 的地址x86_64 环境中的空间）。 Even though they don't necessarily allocate that memory, the mapping can play havoc with restrictive environments (eg, ones with reasonable settings for ulimit values).即使它们不一定分配该内存，映射也会对限制性环境（例如，对ulimit值进行合理设置的环境）造成严重破坏。