address-sanitizer

# AddressSanitizer (ASan) AddressSanitizer (ASan) is a widely adopted memory error detection tool used extensively during software testing, particularly fuzzing. It helps detect memory corruption bugs that might otherwise go unnoticed, such as buffer overflows, use-after-free errors, and other memory safety violations. ## Overview ASan is a standard practice in fuzzing due to its effectiveness in identifying memory vulnerabilities. It instruments code at compile time to track memory allocations and accesses, detecting illegal operations at runtime. ### Key Concepts | Concept | Description | |---------|-------------| | Instrumentation | ASan adds runtime checks to memory operations during compilation | | Shadow Memory | Maps 20TB of virtual memory to track allocation state | | Performance Cost | Approximately 2-4x slowdown compared to non-instrumented code | | Detection Scope | Finds buffer overflows, use-after-free, double-free, and memory leaks | ## When to Apply **Apply this technique when:** - Fuzzing C/C++ code for memory safety vulnerabilities - Testing Rust code with unsafe blocks - Debugging crashes related to memory corruption - Running unit tests where memory errors are suspected **Skip this technique when:** - Running production code (ASan can reduce security) - Platform is Windows or macOS (limited ASan support) - Performance overhead is unacceptable for your use case - Fuzzing pure safe languages without FFI (e.g., pure Go, pure Java) ## Quick Reference ...