Hacker News new | comments | show | ask | jobs | submit login

This page is a good high-level summary: http://code.google.com/p/address-sanitizer/wiki/ComparisonOf... .

I've used most of the tools on that page, including Valgrind. Valgrind interprets your program, and hooks loads, stores, malloc/free, etc. to track memory usage. ASan is a compiler pass that inserts extra instructions around loads and stores to drive per-address state machines that live in a shadow area of memory.

Valgrind is slow (20x-50x for serial programs, more for parallel programs because Valgrind only executes one thread at a time), but can detect reads from uninitialized memory because your program is essentially executing in a VM. ASan is much faster, especially if the compiler pass can avoid instrumenting some loads/stores based on static analysis, and cannot detect reads from uninitialized memory, but can detect most other kinds of memory areas.

They're both thread-safe, so you can use them to debug parallel programs. As mentioned above, Valgrind is much slower at this, and until recently [1] you would never see most race conditions in multithreaded programs because Valgrind's schedule would run each thread until it yielded voluntarily, rather than pre-empting and time-multiplexing between threads. In contrast, with ASan all threads are running close to at-speed and simultaneously, so in my case performance was >100x better and I actually saw the race conditions I cared about.

Valgrind supports more platforms than ASan (see [2] vs. [3]), and does not require compiler support (so you can use it to debug code from any compiler), but does tend to lag behind new platform features a bit. For example, until recently it borked if you used the new x86_64 RDTSCP instruction.

Mudflap seems similar in concept, but there appear to be issues with the implementation (see "Known Shortcomings" at [4])

[1] 3.8.0 and on have the --fair-sched=yes option http://valgrind.org/docs/manual/manual-core.html#manual-core... [2] http://valgrind.org/info/platforms.html [3] http://llvm.org/releases/3.1/tools/clang/docs/AddressSanitiz... [4] http://gcc.gnu.org/wiki/Mudflap_Pointer_Debugging




> Valgrind interprets your program

No, it has a JIT. It's running compiled code. See http://valgrind.org/docs/valgrind2007.pdf for details, section 3 in particular.


You're right (and you should know!), my mistake. I knew it too, and just mistyped. I would edit the post above if I could.


and is it still 20-50x slower? i haven't done measurements, but it feels like a factor of 2 or 3 these days, to me (single threaded).


Thanks! That is very helpful. I'm looking forward to trying on the stable gcc




Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact

Search: