Article: Finding memory bugs in D code with AddressSanitizer
Walter Bright
newshound2 at digitalmars.com
Mon Dec 25 20:31:18 UTC 2017
On 12/25/2017 9:03 AM, Johan Engelen wrote:
> I've been writing this article since August, and finally found some time to
> finish it:
>
> http://johanengelen.github.io/ldc/2017/12/25/LDC-and-AddressSanitizer.html
>
> "LDC comes with improved support for Address Sanitizer since the 1.4.0 release.
> Address Sanitizer (ASan) is a runtime memory write/read checker that helps
> discover and locate memory access bugs. ASan is part of the official LDC release
> binaries; to use it you must build with -fsanitize=address. In this article,
> I’ll explain how to use ASan, what kind of bugs it can find, and what bugs it
> will be able to find in the (hopefully near) future."
Thanks for the great article! Some suggestions:
1. The gray-on-white text is not very legible.
2. "Although D tries to be a more safe language, the safety measures still
require developer effort and discipline. And so D code suffers from similar
memory bugs that plague people in C++."
This comes across as unduly negative. D is a *lot* better than C++ in this
regard. It doesn't just try to be more safe, it *is* more safe.
3. "A simple example"
This is a contrived example, and implies that normal D code is written like C++
code. It isn't, the parameter to foo() would be int[], not int*. The code would
also be rejected by the compiler when annotated with @safe.
If you want to keep the example, a note of explanation about this would work.
Because of D's array and ref types, very very little D code needs to manipulate
pointers.
It would be nice to add a paragraph mentioning things about D that make it a
more memory safe language.
4. "Future work: detecting stack use after return"
This code should be rejected by the compiler if using -dip1000. It is not, so I
filed a bug report:
https://issues.dlang.org/show_bug.cgi?id=18128
I don't know if the fault lies with the compiler or with std.algorithm.move, but
I'd rather use examples that didn't rely on compiler/library bugs.
More information about the Digitalmars-d-announce
mailing list