Lightning:Safer C, Address Sanitizer and Fuzzing
|Description||Address Sanitizer is a powerful compiler feature that allows a certain level of memory safety in C. It is intended to be used to find bugs, but I want to try running it in production.|
|Tags||memorycorruption, addresssanitizer, asan, fuzzing, c, memsafe, linux, gcc, clang, llvm|
|Language||en - English |
en - English
|Desired session||Day 2|
Address Sanitizer is a feature of gcc and clang/llvm that allows a certain level of memory safety in C applications. It is a powerful tool and is responsible for the discovery of hundreds of bugs.
I've recently started to create a Linux system (Gentoo-based) where everything except a few core packages is built with Address Sanitizer. Just by doing this I find bugs in important applications, but it could also be considered as a safe (and slow - it doesn't come for free) variant of C to be used in production systems.