It has been an exciting few months for the Address Sanitizer<\/a> (ASan) since our last update. In addition to our continuous focus on quality and correctness, our internal \u201cdogfooding\u201d (i.e. internal adoption) effort has reached several important milestones.<\/p>\n In this update, I want to go over some of the quality improvements since Visual Studio 2022 version 17.13<\/a>,<\/a> and to give a peek into how ASan is now protecting our C++ toolset against memory safety errors during development.<\/p>\n This release also contains several other improvements, many of which were contributed by the ASan open-source community in the LLVM repo<\/a>. By contributing to LLVM upstream, you are also contributing to MSVC\u2019s ASan. We thank the entire LLVM ASan community for their efforts, and plan to continue contributing our improvements upstream as well.<\/p>\n To protect the toolchain against memory safety errors, all PRs made against the MSVC toolset and libraries now need to pass ASan instrumentation tests. These are tests where the compiler itself is instrumented with ASan to catch memory safety violations while executing our compiler test suite.<\/p>\n To be clear, this is different from compiling test programs with ASan, i.e. having the compiler run Through this process, we have learned a lot about how to adopt ASan in a large and historied codebase like MSVC and it\u2019s helped us drive several improvements in both the toolset as well as in ASan itself, so we\u2019re excited about the quality improvement cycle that dogfooding ASan within MSVC unlocks for us.<\/p>\n The ASan team is proud to help you secure your C++ applications, and we would love to hear from you. If you\u2019re not using it already, download Visual Studio and give the Address Sanitizer a try. We can be reached out through the comments below and through our official support channels: Developer Community<\/a> or through Visual Studio by clicking Help > Send Feedback > Report A Problem \/ Provide a suggestion in the product.<\/a><\/p>\n Until next time!<\/p>\n","protected":false},"excerpt":{"rendered":" Introduction It has been an exciting few months for the Address Sanitizer (ASan) since our last update. In addition to our continuous focus on quality and correctness, our internal \u201cdogfooding\u201d (i.e. internal adoption) effort has reached several important milestones. In this update, I want to go over some of the quality improvements since Visual Studio […]<\/p>\n","protected":false},"author":182306,"featured_media":35994,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[270,1],"tags":[],"class_list":["post-35494","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-announcement","category-cplusplus"],"acf":[],"blog_post_summary":" Introduction It has been an exciting few months for the Address Sanitizer (ASan) since our last update. In addition to our continuous focus on quality and correctness, our internal \u201cdogfooding\u201d (i.e. internal adoption) effort has reached several important milestones. In this update, I want to go over some of the quality improvements since Visual Studio […]<\/p>\n","_links":{"self":[{"href":"https:\/\/devblogs.microsoft.com\/cppblog\/wp-json\/wp\/v2\/posts\/35494","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/devblogs.microsoft.com\/cppblog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/devblogs.microsoft.com\/cppblog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/cppblog\/wp-json\/wp\/v2\/users\/182306"}],"replies":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/cppblog\/wp-json\/wp\/v2\/comments?post=35494"}],"version-history":[{"count":0,"href":"https:\/\/devblogs.microsoft.com\/cppblog\/wp-json\/wp\/v2\/posts\/35494\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/cppblog\/wp-json\/wp\/v2\/media\/35994"}],"wp:attachment":[{"href":"https:\/\/devblogs.microsoft.com\/cppblog\/wp-json\/wp\/v2\/media?parent=35494"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/cppblog\/wp-json\/wp\/v2\/categories?post=35494"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/cppblog\/wp-json\/wp\/v2\/tags?post=35494"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}Some improvements in Visual Studio 2022 version 17.14<\/h2>\n
\n
__asan_default_options<\/code>, the alternative to the environment variable ASAN_OPTIONS<\/code>. This was an adoption blocker for apps that, for security reasons, can\u2019t access the environment during execution.<\/li>\nDbgHelp<\/code> symbolization helpers, minimizing loader lock contention.<\/li>\nProtecting the C++ toolchain<\/h2>\n
\/fsanitize=address<\/code> on some .cpp<\/code> file. Instead, the compiler itself is built with \/fsanitize=address<\/code> before executing its test matrix so that ASan may monitor allocations during compilation.<\/p>\nLet\u2019s harden our C++ code together!<\/h2>\n