Skip to main content

Documentation Index

Fetch the complete documentation index at: https://mintlify.com/MicrosoftDocs/cpp-docs/llms.txt

Use this file to discover all available pages before exploring further.

AddressSanitizer (ASan) is a compiler and runtime technology built into MSVC that exposes hard-to-find memory safety bugs with zero false positives. Starting in Visual Studio 2019 version 16.9, ASan is fully integrated into the Visual Studio IDE, the MSBuild project system, and CMake workflows. You compile your code with a single extra flag, run your program normally, and ASan reports precisely diagnosed errors directly in the debugger.

How ASan Works

ASan instruments memory references — loads, stores, allocations, scopes, and CRT functions — during compilation. At runtime, a shadow memory region tracks the state of every byte of addressable memory. When your program accesses memory it shouldn’t, ASan intercepts the operation, prints a detailed report showing the exact source file and line, and terminates the process (or triggers a Visual Studio exception).
ASan is not recommended for production builds. Use it during development, testing, and CI pipelines. It is compatible with all optimization levels (/Od, /O1, /O2, /O2 /GL) and CRT variants (/MD, /MDd, /MT, /MTd), but is incompatible with /ZI (Edit and Continue), /RTC, and /INCREMENTAL linking.

Enabling ASan

Compile with /fsanitize=address from a Developer Command Prompt. Include /Zi for full call stack symbolization:
cl /fsanitize=address /Zi myapp.cpp
The linker option /INFERASANLIBS (enabled by default) automatically links the correct clang_rt.asan* runtime libraries. No extra linker flags are required for most projects.

Heap Buffer Overflow Example

The following example demonstrates a classic heap buffer overflow and the ASan output you will see: 
// heap-overflow.cpp
#include <stdlib.h>
#include <string.h>

int main() {
    // Allocate a 10-byte buffer on the heap
    char* buf = (char*)malloc(10);
    // Write 15 bytes — 5 bytes past the end!
    memset(buf, 'A', 15);  // Boom: heap-buffer-overflow
    free(buf);
    return 0;
}
Compile and run: 
cl /fsanitize=address /Zi heap-overflow.cpp
heap-overflow.exe
ASan prints a report similar to: 
==12345==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x...
WRITE of size 15 at 0x... thread T0
    #0 memset (heap-overflow.cpp)
    #1 main heap-overflow.cpp:8

0x... is located 0 bytes to the right of 10-byte region [0x..., 0x...)
allocated by thread T0 here:
    #0 malloc
    #1 main heap-overflow.cpp:6
In the Visual Studio IDE, the same error is presented as an Exception Thrown dialog that opens the source file at the offending line.

Types of Errors Detected

Heap Errors

  • heap-buffer-overflow — write/read past allocated heap memory
  • heap-use-after-free — access memory after free()
  • double-free — calling free() twice on the same pointer
  • alloc-dealloc-mismatch — mismatched allocator/deallocator (e.g., malloc/delete)
  • allocation-size-too-big — allocation request exceeds addressable memory

Stack Errors

  • stack-buffer-overflow / stack-buffer-underflow — write past a stack array
  • stack-use-after-return — use a pointer to a local after the function returns (requires /fsanitize-address-use-after-return)
  • stack-use-after-scope — access a local variable outside its enclosing block
  • dynamic-stack-buffer-overflow — overflow of a VLA or alloca buffer

Global Errors

  • global-buffer-overflow — write past a global array

Other Errors

  • calloc-overflow — integer overflow in calloc size computation
  • new-delete-type-mismatchnew T followed by delete[]
  • memcpy-param-overlap / strncat-param-overlap — overlapping buffers in CRT functions
  • use-after-poison — access to manually poisoned memory regions

ASan Runtime Options (ASAN_OPTIONS)

Control ASan behavior at runtime through the ASAN_OPTIONS environment variable. Set it before launching your program: 
set ASAN_OPTIONS=detect_stack_use_after_return=1:malloc_context_size=5:verbosity=1
myapp.exe
FlagDefaultDescription
detect_stack_use_after_returnfalseDetect use-after-return bugs. Requires /fsanitize-address-use-after-return at compile time.
malloc_context_size1Number of stack frames to record per allocation. Increase for deeper call stacks.
quarantine_size_mb-1Size (MB) of quarantine buffer for use-after-free detection.
abort_on_errorfalseCall abort() instead of _exit() after reporting an error.
continue_on_error01 = report errors and continue (output to stdout); 2 = report errors and continue (output to stderr).
verbosity0Increase to 1, 2, or 3 for more diagnostic output.
alloc_dealloc_mismatchfalseEnable detection of mismatched alloc/dealloc pairs.
windows_fast_fail_on_errorfalseTerminate via __fastfail(71) after reporting an error.
To set a permanent default without an environment variable, override the __asan_default_options() function in your code: 
extern "C" __declspec(dllexport) const char* __asan_default_options() {
    return "malloc_context_size=5:detect_stack_use_after_return=1";
}

Debugger Integration in Visual Studio

When your ASan-instrumented binary is launched under the Visual Studio debugger (F5), ASan exceptions are surfaced as first-chance exceptions in the IDE:
1

Exception dialog appears

Visual Studio shows an Exception Thrown window identifying the ASan error type (e.g., AddressSanitizer Error: Heap buffer overflow).
2

Source highlighting

The editor navigates to the exact source line that caused the memory error, with the call stack displayed in the Call Stack window.
3

Inspect variables

Use the Locals, Watch, and Memory windows to inspect the state of your program at the point of the error.
4

Crash dump support

Set ASAN_SAVE_DUMPS=MyFileName.dmp before running to save a crash dump that can be opened in Visual Studio later for offline analysis — ideal for CI/CD pipelines.
You can also launch from the command line and have Visual Studio open automatically on error: 
set ASAN_VCASAN_DEBUGGING=1
myapp.exe

Selectively Disabling ASan

Use __declspec(no_sanitize_address) to exempt specific functions or variables from instrumentation: 
#ifdef __SANITIZE_ADDRESS__
#define NO_SANITIZE __declspec(no_sanitize_address)
#else
#define NO_SANITIZE
#endif

// Entire function excluded from ASan instrumentation
NO_SANITIZE
void benchmark_memcpy(char* dst, const char* src, size_t n) {
    // Performance-critical path; ASan overhead not acceptable here
    memcpy(dst, src, n);
}

Known Limitations

The following features or combinations are not supported with MSVC ASan:
  • Profile-Guided Optimization (PGO) — ASan is incompatible with /GL PGO workflows.
  • Edit and Continue (/ZI) — must be replaced with /Zi.
  • Incremental linking — must be disabled when using /fsanitize=address.
  • /RTC runtime checks — conflicts with ASan instrumentation.
  • x86/x64 only — ARM and ARM64 are not currently supported on Windows.
  • stack-use-after-return — requires the additional /fsanitize-address-use-after-return compile flag; not enabled by ASAN_OPTIONS alone on MSVC (unlike Clang).
  • stack-use-after-scope — always enabled by default in MSVC ASan and cannot be turned off.

Linker Reference

The /INFERASANLIBS linker option (on by default) automatically selects and links the correct ASan runtime library based on your CRT choice:
CRT OptionLinked Libraries
/MT or /MTdclang_rt.asan_dynamic-{arch}.lib + /wholearchive:clang_rt.asan_static_runtime_thunk-{arch}.lib
/MD or /MDdclang_rt.asan_dynamic-{arch}.lib + /wholearchive:clang_rt.asan_dynamic_runtime_thunk-{arch}.lib
Use /INFERASANLIBS:NO if you need to provide ASan library paths manually in your build scripts.

Build docs developers (and LLMs) love

Get started for freeTalk to us