Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Sanitizing All* The Things
Search
Greg Heo
September 12, 2017
Technology
0
59
Sanitizing All* The Things
Address sanitizer and thread sanitizer. What, why, how?
Greg Heo
September 12, 2017
Tweet
Share
More Decks by Greg Heo
See All by Greg Heo
Concurrency From the Ground Up
gregheo
0
180
The least you need to know about hashing in Swift
gregheo
0
120
Shared Mutable State
gregheo
0
410
Promises, Futures, and the Shape of Your Code
gregheo
0
59
Shared, Exclusive, Mutable, Immutable
gregheo
0
140
Getting Under Swift’s Skin
gregheo
0
520
Sanitizing Threads for Fun & Profit
gregheo
0
120
Thirteen Ways of Looking at a View Controller
gregheo
0
120
Five Unbelievable Secrets of Reactive Programming the Experts Don't Want You to Know!
gregheo
3
380
Other Decks in Technology
See All in Technology
家電アプリ共通PF "Linova" のAPI利用とPostman活用事例ご紹介
yukiogawa
0
130
スタートアップ1人目QAエンジニアが QAチームを立ち上げ、“個”からチーム、 そして“組織”に成長するまで / How to set up QA team at reiwatravel
mii3king
1
1.1k
Oracle Base Database Service 技術詳細
oracle4engineer
PRO
6
57k
開発者が自律的に AWS Security Hub findings に 対応する仕組みと AWS re:Invent 2024 登壇体験談 / Developers autonomously report AWS Security Hub findings Corresponding mechanism and AWS re:Invent 2024 presentation experience
kaminashi
0
190
明日からできる!技術的負債の返済を加速するための実践ガイド~『ホットペッパービューティー』の事例をもとに~
recruitengineers
PRO
3
100
滅・サービスクラス🔥 / Destruction Service Class
sinsoku
6
1.5k
事業継続を支える自動テストの考え方
tsuemura
0
300
自動テストの世界に、この5年間で起きたこと
autifyhq
10
7.1k
Ask! NIKKEI RAG検索技術の深層
hotchpotch
13
2.8k
現場で役立つAPIデザイン
nagix
29
10k
飲食店予約台帳を支えるインタラクティブ UI 設計と実装
siropaca
6
1.4k
データ資産をシームレスに伝達するためのイベント駆動型アーキテクチャ
kakehashi
PRO
2
230
Featured
See All Featured
For a Future-Friendly Web
brad_frost
176
9.5k
Site-Speed That Sticks
csswizardry
3
370
The Psychology of Web Performance [Beyond Tellerrand 2023]
tammyeverts
45
2.3k
Performance Is Good for Brains [We Love Speed 2024]
tammyeverts
7
630
Optimizing for Happiness
mojombo
376
70k
What’s in a name? Adding method to the madness
productmarketing
PRO
22
3.3k
Building a Scalable Design System with Sketch
lauravandoore
460
33k
The Illustrated Children's Guide to Kubernetes
chrisshort
48
49k
The Web Performance Landscape in 2024 [PerfNow 2024]
tammyeverts
4
400
CSS Pre-Processors: Stylus, Less & Sass
bermonpainter
356
29k
Speed Design
sergeychernyshev
25
780
How to Ace a Technical Interview
jacobian
276
23k
Transcript
Sanitizing All* The Things tacow / September 2017 / @gregheo
❓ ✋
None
✅
None
‣ ASAN ‣ TSAN
‣ What? ‣ So what? ‣ How? ‣ Show me?
Address Sanitizer allocated buffer unallocated!
‣ Buffer overflows ‣ Subtle bugs ‣ Security vulnerabilities
None
allocated buffer padding shadow memory poisoned poisoned OK
asan_malloc malloc asan_free free Shadow memory check Pointer access
Live Coding!
Address Sanitizer Memory corruption & errors Security & crashes Custom
malloc & free
Thread Sanitizer memory buffer read write
‣ Race conditions ‣ Very subtle and difficult-to-reproduce bugs ‣
Thread mismatch errors
None
‣ Thread ID ‣ Timestamp ‣ Read or write? ‣
Bytes accessed
None
Live Coding!
Thread Sanitizer Data race detector Find race conditions & thread
issues Thread IDs & timestamps
Address Sanitizer Memory corruption & errors Security & crashes Custom
malloc & free
None
@gregheo