The gcc and clang compilers provide functionality to test for memory violations and other undefined behaviour; this is often referred to as “Address Sanitizer” (or ASAN) and “Undefined Behaviour Sanitizer” (UBSAN). The Writing R Extension manual describes this in some detail in Section 4.3 titled Checking Memory Access.
This feature has to be enabled in the corresponding binary, eg in R, which is somewhat involved as it also required a current compiler toolchain which is not yet widely available, or in the case of Windows, not available at all (via the common Rtools mechanism).
As an alternative, pre-built Docker containers such as Rocker’s r-devel-san or the SAN builds inside multi-purpose r-debug image can be used.
This R package then provides a means of testing the compiler setup as the known code failures provides in the sample code here should be detected correctly, whereas a default build of R will let the package pass.
The code samples are based on the examples from the Address Sanitizer Wiki.
We can use the Rocker Project container r-devel-san I also maintain. Launching it in, say, a checkout of this repo as
docker run --rm -ti -v $PWD:/work -w /work rocker/r-devel-san bash
launches a bash
shell in the current directory which
should contain the checked-out repo. We can then install this package
using the sanitizer build (important: using RD
aka
r-devel, not R
the standard package version) via
RD CMD INSTALL .
When we then launch RD
we can tickle the sanitizer
vioaliations by calling the respective functions:
> sanitizers::stackAddressSanitize()
:16:32: runtime error: index 110 out of bounds for type 'int [100]'
stack_address.cpp:16:11: runtime error: load of address 0x7ffd22bcb7b8 with insufficient space for an object of type 'int'
stack_address.cpp0x7ffd22bcb7b8: note: pointer points here
00 00 38 f3 bd d3 0f 7f 00 00 40 b8 bc 22 fd 7f 00 00 09 69 b7 d3 0f 7f 00 00 20 d4 4f da
fd 7f ^
1] -742526152
[> sanitizers::heapAddressSanitize()
:16:11: runtime error: load of address 0x558eda5d9a58 with insufficient space for an object of type 'int'
heap_address.cpp0x558eda5d9a58: note: pointer points here
55 00 00 40 d8 5d da 8e 55 00 00 80 9a 5d da 8e 55 00 00 78 fd c7 d7 8e 55 00 00 20 fe c7 d7
8e ^
1] -631384000
[> sanitizers::intOverflowSanitize()
:17:11: runtime error: signed integer overflow: -2147483648 - 1 cannot be represented in type 'int'
int_overflow.cpp1] 2147483647
[>
This demonstrates that the r-devel-san
container is
correctly instrumented, and that we launched the appropriate R(-devel)
instance triggering the true positives manifested in this package.
Dirk Eddelbuettel
GPL (>= 2)