Because it can only catch a subset of issues, it’s not guaranteed to catch issues (probabilistic), even issues it “could” catch may not be caught due to temporal distance of the free and a subsequent use, and requires the use of a different allocator that supports it. It’s also unclear to me how it know whether a given free is for a sampled or unsampled region - I suspect it must capture all free/realloc to accomplish that but it does imply all of these are sampled.
It’s nowhere near the same as robust bounds checking.
Because it can only catch a subset of issues, it’s not guaranteed to catch issues (probabilistic), even issues it “could” catch may not be caught due to temporal distance of the free and a subsequent use, and requires the use of a different allocator that supports it. It’s also unclear to me how it know whether a given free is for a sampled or unsampled region - I suspect it must capture all free/realloc to accomplish that but it does imply all of these are sampled.
It’s nowhere near the same as robust bounds checking.
ASAN/LSAN is amazing. It absolutely monkey-hammers performance though.
> ASAN/LSAN is amazing. It absolutely monkey-hammers performance though.
It's not so bad; until the sanitisers arrived all we had was valgrind :-/
The sanitisers are about 10x to 50x faster than valgrind.