The sanitizers are a group of dynamic analysis tools that find mistakes in programs at runtime through additional instrumentation that was inserted by the compiler. This includes detecting memory safety issues. Android supports and strongly recommends usage of the following sanitizers:
Hardware-assisted AddressSanitizer (HWASan)
HWASan is the main sanitizer to provide detection for memory safety problems. It requires ARM64 and can detect:
- Stack and heap buffer overflow or underflow
- Heap use after free
- Stack use after scope
- Stack use after return
- Double free or wild free
Address sanitizer (ASan)
ASan is a tool similar to HWASan. It works on more platforms, but is unsupported on Android.
KernelAddress sanitizer (KASan)
KASan is the kernel counterpart of the userspace tools above. It shares the same compiler implementation. KASan and ASan/HWASan are complementary as one tool applies to the kernel and another to userspace. We recommend enabling both at the same time to reduce the number of build configurations and to reduce the testing matrix.
UndefinedBehavior sanitizer (UBSan)
UBSan performs compile-time instrumentation to check for various types of (non memory-safety) undefined behavior. This includes signed and unsigned integer overflow checking (IntSan), bounds checks for statically-sized arrays (BoundsSan), and lots of other types of undefined behavior. IntSan and BoundsSan are also suitable for enabling in production as a security mitigation.