Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Sanitizing 
All* The Things

Greg Heo
September 12, 2017
Technology
0
57

Sanitizing 
All* The Things

Address sanitizer and thread sanitizer. What, why, how?

Greg Heo

September 12, 2017
Tweet

More Decks by Greg Heo

See All by Greg Heo
Concurrency From the Ground Up
gregheo
0
160
The least you need to know about hashing in Swift
gregheo
0
110
Shared Mutable State
gregheo
0
370
Promises, Futures, and the Shape of Your Code
gregheo
0
59
Shared, Exclusive, Mutable, Immutable
gregheo
0
140
Getting Under Swift’s Skin
gregheo
0
520
Sanitizing Threads for Fun & Profit
gregheo
0
110
Thirteen Ways of Looking at a View Controller
gregheo
0
120
Five Unbelievable Secrets of Reactive Programming the Experts Don't Want You to Know!
gregheo
3
350

Other Decks in Technology

See All in Technology
rootlessコンテナのすゝめ - 研究室サーバーでもできる安全なコンテナ管理
kitsuya0828
3
390
アプリエンジニアのためのGraphQL入門.pdf
spycwolf
0
100
Taming you application's environments
salaboy
0
190
OCI Vault 概要
oracle4engineer
PRO
0
9.7k
マルチモーダル / AI Agent / LLMOps 3つの技術トレンドで理解するLLMの今後の展望
hirosatogamo
37
12k
10XにおけるData Contractの導入について: Data Contract事例共有会
10xinc
6
660
生成AIが変えるデータ分析の全体像
ishikawa_satoru
0
170
Amplify Gen2 Deep Dive / バックエンドの型をいかにしてフロントエンドへ伝えるか #TSKaigi #TSKaigiKansai #AWSAmplifyJP
tacck
PRO
0
390
The Role of Developer Relations in AI Product Success.
giftojabu1
0
140
VideoMamba: State Space Model for Efficient Video Understanding
chou500
0
190
これまでの計測・開発・デプロイ方法全部見せます! / Findy ISUCON 2024-11-14
tohutohu
3
370
OS 標準のデザインシステムを超えて - より柔軟な Flutter テーマ管理 | FlutterKaigi 2024
ronnnnn
0
220

Featured

See All Featured
Fight the Zombie Pattern Library - RWD Summit 2016
marcelosomers
232
17k
The Cost Of JavaScript in 2023
addyosmani
45
6.8k
How GitHub (no longer) Works
holman
310
140k
Understanding Cognitive Biases in Performance Measurement
bluesmoon
26
1.4k
Typedesign – Prime Four
hannesfritz
40
2.4k
The Power of CSS Pseudo Elements
geoffreycrofte
73
5.3k
[RailsConf 2023 Opening Keynote] The Magic of Rails
eileencodes
28
9.1k
Making the Leap to Tech Lead
cromwellryan
133
8.9k
KATA
mclloyd
29
14k
Building Better People: How to give real-time feedback that sticks.
wjessup
364
19k
Stop Working from a Prison Cell
hatefulcrawdad
267
20k
RailsConf & Balkan Ruby 2019: The Past, Present, and Future of Rails at GitHub
eileencodes
131
33k

Transcript

  1. Sanitizing
 All* The Things tacow / September 2017 / @gregheo

  2. ❓ ✋

  3. None

  5. None

  6. ‣ ASAN ‣ TSAN

  7. ‣ What? ‣ So what? ‣ How? ‣ Show me?

  8. Address Sanitizer allocated buffer unallocated!

  9. ‣ Buffer overflows ‣ Subtle bugs ‣ Security vulnerabilities

  10. None

  11. allocated buffer padding shadow memory poisoned poisoned OK

  12. asan_malloc malloc asan_free free Shadow memory check Pointer access

  13. Live Coding!

  14. Address Sanitizer Memory corruption & errors Security & crashes Custom

    malloc & free

  15. Thread Sanitizer memory buffer read write

  16. ‣ Race conditions ‣ Very subtle and
 difficult-to-reproduce bugs ‣

    Thread mismatch errors
  17. None

  18. ‣ Thread ID ‣ Timestamp ‣ Read or write? ‣

    Bytes accessed
  19. None

  20. Live Coding!

  21. Thread Sanitizer Data race detector Find race conditions & thread

    issues Thread IDs & timestamps

  22. Address Sanitizer Memory corruption & errors Security & crashes Custom

    malloc & free
  23. None

  24. @gregheo