Let me show some exmaple on c, and two common memory error detect
tool.
example 1 (stack overflow):
---
int a = 100;
printf("%p\n", &a);
int *b = &a+1;
printf("%p\n", &b);
*b = 100;
---
valgrind: nothing detected
address sanitizer: ==1996== ERROR: AddressSanitizer:
stack-buffer-overflow on address 0x7fffc976dbc4
example 2 (cross address)
---
int a = 100;
int b = 200;
printf("%p\n", &a);
printf("%p\n", &b);
int *c = &a+(&b-&a);
printf("%p\n", c);
*c = 100;
---
Of course it can't be detected.
example 3 (heap overflow)
---
int *a = (int*) malloc(sizeof(int));
printf("%p\n", a);
int *b = a + 1;
printf("%p\n", b);
*b = 100;
---
valgrind: Address 0x51f0044 is 0 bytes after a block of size 4
alloc'd
address sanitizer: AddressSanitizer: heap-buffer-overflow on
address 0x60040000dff4
It's possible to a certain extent.
Reference:
http://valgrind.org/docs/manual/mc-manual.html#mc-manual.vaddress
http://code.google.com/p/address-sanitizer/wiki/AddressSanitizerAlgorithm
I understand implemented this is hard and it need huge cost.
It still be useful if we only use it to detect memory error and
trun it off when release.
I'll be glad if I can see it on D after some years.
