Detecting Memory Leaks and Errors with AddressSanitizer (ASan)

Overview

AddressSanitizer (ASan) is a memory error detection tool bundled with GCC 4.8+ and Clang. It can detect memory leaks, heap/global buffer overflows, use‑after‑free, stack‑use‑after‑scope, and initialization‑order bugs on Linux, macOS, Android, and other platforms.

Enabling ASan

Compile your program with: g++ -fsanitize=address -g source.cpp -o program Run the resulting binary normally. ASan will abort on the first detected error and print a detailed report.

Typical Error Types

Memory leaks

Heap‑buffer‑overflow

Global‑buffer‑overflow

Stack‑use‑after‑scope

Heap‑use‑after‑free

Initialization‑order‑fiasco

Examples

Memory leak

#include <stdlib.h>
void func1() { malloc(7); }
void func2() { malloc(5); }
int main() {
    func1();
    func2();
    return 0;
}

Run: g++ -fsanitize=address -g leak.cpp && ./a.out ASan reports two direct leaks of 7 and 5 bytes with stack traces pointing to the allocation sites.

Heap‑buffer‑overflow

#include <iostream>
int main() {
    int *array = new int[100];
    array[0] = 0;
    int res = array[100]; // out of bounds
    delete[] array;
    return res;
}

ASan aborts and prints the offending address, the source line, and shadow‑byte information.

Global‑buffer‑overflow

#include <iostream>
int global_array[100] = {0};
int main() {
    int res = global_array[100]; // out of bounds
    return 0;
}

ASan detects the overflow and shows the global variable location.

Stack‑use‑after‑scope

volatile int *p = 0;
int main() {
    {
        int x = 0;
        p = &x;
    }
    *p = 5; // use after scope
    return 0;
}

ASan reports stack-use-after-scope with the line where the dangling pointer is dereferenced.

Heap‑use‑after‑free

#include <iostream>
int main() {
    int *array = new int[100];
    delete[] array;
    int a = array[0]; // use after free
    return 0;
}

ASan prints a heap-use-after-free error and the allocation/deallocation stack traces.

Initialization‑order‑fiasco

// test_memory1.cc
#include <stdio.h>
extern int extern_global;
int read_extern_global() { return extern_global; }
int x = read_extern_global() + 1;
int main() { printf("%d
", x); }

// test_memory2.cc
int foo() { return 123; }
int extern_global = foo();

Compiling the files in different orders yields different outputs (1 vs. 124). To detect the bug, set the environment variable:

ASAN_OPTIONS=check_initialization_order=true:strict_init_order=true

Then compile with ASan:

g++ -fsanitize=address -g test_memory1.cc test_memory2.cc

Running the program prints an initialization-order-fiasco report with a stack trace.

Running with Environment Variables

For initialization‑order checks, export:

export ASAN_OPTIONS=check_initialization_order=true:strict_init_order=true

Other ASan options can be added as needed.

Key Takeaways

ASan requires only the -fsanitize=address -g flags; no additional instrumentation is needed.

Diagnostic messages include the error type, exact source location, and a shadow‑byte view to aid debugging.

Common error types detected are memory leaks, heap/global buffer overflows, stack‑use‑after‑scope, heap‑use‑after‑free, and initialization‑order bugs.

For the full list of options and detailed documentation, see the official AddressSanitizer wiki at https://github.com/google/sanitizers/wiki/AddressSanitizer