17

Coming from Linux/gcc/clang I find myself working more and more on Windows/Visual Studio.

What I am really missing there is the address sanitizer (bounds checking, leaks, use after free,...). I've done some research and also tried a few things but haven't found a replacement that is complete (feature-wise) as well as reliable. I've tried Dr. Memory for example but learned it doesn't work for Qt-based programs (at least not on Windows 10).

So how do I get address sanitizer-like functionality on Windows/MSVC?

phuclv
  • 37,963
  • 15
  • 156
  • 475
Frank Meerkötter
  • 2,778
  • 2
  • 20
  • 26
  • If msvc isn't a hard requirement then develop and check on Linux and then cross-compile it with gcc and MXE/mingw, etc. If you're handed a closed-source library compiled with msvc then valgrind still kind of works with Linux+wine on that. – Velkan Dec 11 '17 at 14:08
  • 2
    Thank you for your response, but I am specifically interested in having the functionality outlined in my question on msvs. – Frank Meerkötter Dec 11 '17 at 18:26

2 Answers2

18

At least ASan and Ubsan from clang are supposed to work on Windows, with some limitations. These can be used with msvc toolchains using clang-cl as a drop-in replacement for cl.exe - google seems to be working on this, mozilla too.

Issues that I am aware of (and that keeped me from using it myself until now):

  • linking with the required libraries is not automatic. There are two versions of them, depending on how the CRT is linked in your application ( /MT means static CRT, /MD means dynamic CRT, the latter is typically used in Qt). To find the required linker parameters, open Visual Studio command prompt, add clang bin folder to the path, and compile a simple main.cpp (empty main function) with verbose options with clang-cl like this: clang-cl -v /MD -fsanitize=address main.cpp The required link.exe command is in the end of verbose output, extract the required libs for linking from there.

  • only release builds are supported on Windows

  • no support for exceptions on Windows ( see this issue)

  • there doesn't seem to be much further work on the Windows port, the wiki e.g. is terribly outdated (last change in 2015), so I doubt that many people are using this productively. So getting help from other users online might be quite hard ...

Talking about other alternatives on Windows, there are:

Sanitizers and Valgrind on Linux IMO are much more advanced and/or have much better performance than these tools, so keeping an application building on Linux seems the best idea, at least when working with a cross-platform toolkit like Qt (as you are mentioning).

FourtyTwo
  • 1,616
  • 2
  • 15
  • 43
  • 3
    Good stuff in this answer. Also be aware that there is pretty good heap memory tracking features built into MSVC's run-time libraries, but you have to turn them on. https://learn.microsoft.com/en-us/visualstudio/debugger/crt-debug-heap-details – Adrian McCarthy Feb 02 '18 at 18:56
  • 1
    Appverifier link is broken. Here it is right now: https://learn.microsoft.com/en-us/windows-hardware/drivers/devtest/application-verifier – Andreas May 27 '20 at 09:32
  • @Andreas fixed. – FourtyTwo May 27 '20 at 13:06
16

Microsoft has integrated the Address Sanitizer into Visual Studio 2019 version 16.1 Preview 3 and up. Unfortunately currently only the Linux build is supported. But at least you can still use your favorite IDE and debug apps in WSL

Update:

Address Sanitizer for Windows projects is also available since Visual Studio 2019 version 16.4

We are pleased to announce AddressSanitizer (ASan) support for the MSVC toolset. ASan is a fast memory error detector that can find runtime memory issues such as use-after-free and perform out of bounds checks. Support for sanitizers has been one of our more popular suggestions on Developer Community, and we can now say that we have an experience for ASan on Windows, in addition to our existing support for Linux projects.

AddressSanitizer (ASan) for Windows with MSVC

The latest release 16.7 supports both x86 and x64 (the initial release only supported x86).

In Visual Studio 2019 version 16.1 Preview 3 we have integrated AddressSanitizer (ASan) into Visual Studio for Linux projects. ASan is a runtime memory error detector for C/C++ that catches the following errors:

  • Use after free (dangling pointer reference)
  • Heap buffer overflow
  • Stack buffer overflow
  • Use after return
  • Use after scope
  • Initialization order bugs

ASAN error example

ASAN option

AddressSanitizer (ASan) for the Linux Workload in Visual Studio 2019

Note that MSVC itself already have various tools for debugging memory issues like CRT Debug Heap as mentioned above by Adrian McCarthy or Control Flow Guard

There are many tools that try to make your code secure from outside the box: Valgrind and address/thread sanitizers are popular examples. And there are many of these tools on Windows as well, both from Microsoft and other companies. But MSVC features powerful technologies inside the compiler that integrate security with your code. For example, Control Flow Guard, is highly-optimized security feature that combats many memory corruption vulnerabilities. We can’t talk openly our current security research but we’re always working to make your code (and ours!) safe from increasingly sophisticated attackers.

https://devblogs.microsoft.com/cppblog/msvc-the-best-choice-for-windows/

See also

Contango
  • 76,540
  • 58
  • 260
  • 305
phuclv
  • 37,963
  • 15
  • 156
  • 475
  • 1
    MSVS is your favorite IDE for C++? :0 – Marek R Jun 17 '19 at 14:34
  • 7
    @MarekR it's irrelevant here. The question is about MSVC. Anyway MSVC since 2017 and up is a great IDE compared to many others – phuclv Jun 17 '19 at 15:05
  • 1
    You could add that right now (16.4) address sanitizer with msvc only works with x86 and not x64. Took me some time until I realized, why I got linker/compiler errors when trying to use it. – MikeMB Jan 20 '20 at 11:38
  • 2
    @MikeMB As of 16.7.7, address sanitizer works with both x64 and x86. – Contango Oct 31 '20 at 09:54