|
|
|
|
|
|
by the_why_of_y
2657 days ago
|
|
|
I see, you are merely unfamiliar with terminology. The word "static" refers to compile-time; a static analysis reports errors or warnings based only on the source code of the program. Sanitizers are dynamic analysis based on instrumentation. https://github.com/google/sanitizers/wiki/AddressSanitizer The tool consists of a compiler instrumentation module
(currently, an LLVM pass) and a run-time library which
replaces the malloc function.
In order to detect bugs with sanitizers, you have to find a test input that actually moves program execution towards UB. This is best done with a fuzzing setup like clusterfuzz, and lots and lots of CPUs, which Google fortunately has no shortage of.https://github.com/google/clusterfuzz As Dijkstra said, Program testing can be used to show the presence of bugs, but never to show their absence. |
|
|