Sanitizing code to analyze the software and find potential issues
Sanitizers are tools, originally developed by Google, used to detect and prevent various types of issues or security vulnerabilities in code, helping developers catch bugs early in the development process, reducing the cost of issues being fixed late, and increasing software stability and security.
Sanitizers are usually integrated into development environments and are usually enabled during manual testing or when running unit tests, continuous integration (CI) pipelines, or code review pipelines.
C++ compilers, such as GCC and Clang, have compiler options to generate code when building the program to track the execution at runtime and report errors and vulnerabilities. They are implemented in Clang from version 3.1 and GCC from version 4.8.
As extra instructions are injected into the program’s binary code, there is a performance penalty of around 1.5x to 4x slowdowns depending on the sanitizer type...
