

Clang Address Sanitizer - chmaynard
https://mikeash.com/pyblog/friday-qa-2015-07-03-address-sanitizer.html

======
bla2
AddressSanitizer is great. It's been around for a long time now though, the
only thing that's new is that it now has Xcode integration. (And Apple
marketing apparently thought that the name was better with a space in the
middle, like they think that "LLVM Compiler" is a better name than clang.)

------
santaclaus
Awesome to see this integrated with Xcode! What's the status of the memory
sanitizer?

------
pmalynin
Interestingly enough, the x86 processor has a BOUND instruction, which was
supposed to be used for array bounds checking and would throw interrupt 5 on
error.

It has never really caught on.

~~~
Scaevolus
AMD removed BOUND as part of the 64-bit transition. Intel is adding a similar
feature to Skylake (Aug 2015) called "Intel Memory Protection Extensions"
(MPX).

The Address Sanitizer team has an analysis of it:
[https://code.google.com/p/address-
sanitizer/wiki/IntelMemory...](https://code.google.com/p/address-
sanitizer/wiki/IntelMemoryProtectionExtensions)

> A _very biased_ conclusion: Intel MPX might be useful for in-struct buffer
> overflow detection, and for general buffer overflow detection in programs
> with lots of arrays and few pointers. However AddressSanitizer (and, if
> implemented, AddressSanitizerInHardware) is more useful: faster, finds more
> bugs, easier to deploy.

------
marvel_boy
Just awesome.

