Memory/Address Sanitizer vs Valgrind

Question

I want some tool to diagnose use-after-free bugs and uninitialized bugs. I am considering Sanitizer(Memory and/or Address) and Valgrind. But I have very little idea about their advantages and disadvantages. Can anyone tell the main features, differences and pros/cons of Sanitizer and Valgrind?

Edit: I found some of comparisons like: Valgrind uses DBI(dynamic binary instrumentation) and Sanitizer uses CTI(compile-time instrumentation). Valgrind makes the program much slower(20x) whether Sanitizer runs much faster than Valgrind(2x). If anyone can give me some more important points to consider, it will be a great help.

question from:https://stackoverflow.com/questions/47251533/memory-address-sanitizer-vs-valgrind

Answer 1

I think you'll find this wiki useful.

TLDR main advantages of sanitizers are

• much smaller CPU overheads (Lsan is practically free, UBsan is 1.25x, Asan and Msan are 2-4x for computationally intensive tasks and 1.05-1.1x for GUIs, Tsan is 5-15x)
• wider class of detected errors (stack and global overflows, use-after-return)
• full support of multi-threaded apps (Valgrind support for multi-threading is a joke)
• much smaller memory overhead (up to 2x for Asan, up to 3x for Msan, up to 10x for Tsan which is way better than Valgrind)

Disadvantages are

• more complicated integration (you need to teach your build system to understand Asan and sometimes work around limitations/bugs in Asan itself, you also need to use relatively recent compiler)
• MemorySanitizer is not reall^W easily usable at the moment as it requires one to rebuild all dependencies under Msan (including all standard libraries e.g. libstdc++); this means that casual users can only use Valgrind for detecting uninitialized errors
• sanitizers typically can not be combined with each other (the only supported combination is Asan+UBsan+Lsan) which means that you'll have to do separate QA runs to catch all types of bugs