Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Sanitizing All* The Things
Search
Sponsored
·
Ship Features Fearlessly
Turn features on and off without deploys. Used by thousands of Ruby developers.
→
Greg Heo
September 12, 2017
Technology
0
63
Sanitizing All* The Things
Address sanitizer and thread sanitizer. What, why, how?
Greg Heo
September 12, 2017
Tweet
Share
More Decks by Greg Heo
See All by Greg Heo
Concurrency From the Ground Up
gregheo
0
230
The least you need to know about hashing in Swift
gregheo
0
170
Shared Mutable State
gregheo
0
520
Promises, Futures, and the Shape of Your Code
gregheo
0
68
Shared, Exclusive, Mutable, Immutable
gregheo
0
150
Getting Under Swift’s Skin
gregheo
0
550
Sanitizing Threads for Fun & Profit
gregheo
0
150
Thirteen Ways of Looking at a View Controller
gregheo
0
130
Five Unbelievable Secrets of Reactive Programming the Experts Don't Want You to Know!
gregheo
3
410
Other Decks in Technology
See All in Technology
Kaggleコンペティション「MABe Challenge - Social Action Recognition in Mice」振り返り
yu4u
1
750
3分でわかる!新機能 AWS Transform custom
sato4mi
1
210
書籍執筆での生成AIの活用
sat
PRO
1
210
[Iceberg Meetup #4] ゼロからはじめる: Apache Icebergとはなにか? / Apache Iceberg for Beginners
databricksjapan
0
430
Werner Vogelsが14年間 問い続けてきたこと
yusukeshimizu
2
210
Agentic Coding 実践ワークショップ
watany
40
27k
2026/01/16_実体験から学ぶ 2025年の失敗と対策_Progate Bar
teba_eleven
1
220
【NGK2026S】日本株のシステムトレードに入門してみた
kazuhitotakahashi
0
140
AI開発の落とし穴 〜馬には乗ってみよAIには添うてみよ〜
sansantech
PRO
9
3.8k
DEVCON 14 Report at AAMSX RU65: V9968, MSX0tab5, MSXDIY etc
mcd500
0
220
【Oracle Cloud ウェビナー】ランサムウェアが突く「侵入の隙」とバックアップの「死角」 ~ 過去の教訓に学ぶ — 侵入前提の防御とデータ保護 ~
oracle4engineer
PRO
2
220
Oracle Cloud Infrastructure:2026年1月度サービス・アップデート
oracle4engineer
PRO
0
140
Featured
See All Featured
How to Create Impact in a Changing Tech Landscape [PerfNow 2023]
tammyeverts
55
3.2k
Exploring the relationship between traditional SERPs and Gen AI search
raygrieselhuber
PRO
2
3.6k
We Analyzed 250 Million AI Search Results: Here's What I Found
joshbly
1
560
A Modern Web Designer's Workflow
chriscoyier
698
190k
Digital Projects Gone Horribly Wrong (And the UX Pros Who Still Save the Day) - Dean Schuster
uxyall
0
180
A Tale of Four Properties
chriscoyier
162
24k
Ruling the World: When Life Gets Gamed
codingconduct
0
130
sira's awesome portfolio website redesign presentation
elsirapls
0
130
Visualizing Your Data: Incorporating Mongo into Loggly Infrastructure
mongodb
49
9.8k
The Director’s Chair: Orchestrating AI for Truly Effective Learning
tmiket
1
82
Organizational Design Perspectives: An Ontology of Organizational Design Elements
kimpetersen
PRO
1
69
Public Speaking Without Barfing On Your Shoes - THAT 2023
reverentgeek
1
290
Transcript
Sanitizing All* The Things tacow / September 2017 / @gregheo
❓ ✋
None
✅
None
‣ ASAN ‣ TSAN
‣ What? ‣ So what? ‣ How? ‣ Show me?
Address Sanitizer allocated buffer unallocated!
‣ Buffer overflows ‣ Subtle bugs ‣ Security vulnerabilities
None
allocated buffer padding shadow memory poisoned poisoned OK
asan_malloc malloc asan_free free Shadow memory check Pointer access
Live Coding!
Address Sanitizer Memory corruption & errors Security & crashes Custom
malloc & free
Thread Sanitizer memory buffer read write
‣ Race conditions ‣ Very subtle and difficult-to-reproduce bugs ‣
Thread mismatch errors
None
‣ Thread ID ‣ Timestamp ‣ Read or write? ‣
Bytes accessed
None
Live Coding!
Thread Sanitizer Data race detector Find race conditions & thread
issues Thread IDs & timestamps
Address Sanitizer Memory corruption & errors Security & crashes Custom
malloc & free
None
@gregheo
gregheo
yu4u
sato4mi
sat
databricksjapan
yusukeshimizu
watany
teba_eleven
kazuhitotakahashi
sansantech
mcd500
oracle4engineer
tammyeverts
raygrieselhuber
joshbly
chriscoyier
uxyall
codingconduct
elsirapls
mongodb
tmiket
kimpetersen
reverentgeek
