In this guide you will compile a small C++ program with AddressSanitizer, trigger a crash, capture a structuredDocumentation Index
Fetch the complete documentation index at: https://mintlify.com/ispras/casr/llms.txt
Use this file to discover all available pages before exploring further.
.casrep report with casr-san, inspect it interactively with casr-cli, and then run casr-cluster to deduplicate and group a collection of reports. By the end you will have a working triage pipeline you can adapt to your own projects.
Install CASR
If you have not installed CASR yet, the fastest path is via Cargo:For full installation options — prebuilt binaries, Docker, build-from-source — see the Installation guide.
Create a test program with AddressSanitizer
Save the following double-free example as Compile with AddressSanitizer enabled and debug symbols included:
test_asan_df.cpp:The
-O0 -g flags disable optimizations and embed debug info so that CASR can include source-level context (file name, line number, surrounding code) inside the report.Generate a crash report
Run On success you will see a confirmation line and the report will be saved to Key fields at a glance:
casr-san and pass the target binary after the -- separator. CASR intercepts the AddressSanitizer output, enriches it with OS metadata, register values, and disassembly, then writes a .casrep file:asan.casrep.What’s inside a .casrep file?Reports are plain JSON — you can open them with any text editor or process them programmatically. Here is a representative excerpt:| Field | Description |
|---|---|
CrashSeverity.Type | Exploitability class: EXPLOITABLE, PROBABLY_EXPLOITABLE, NOT_EXPLOITABLE, NOT_CRITICAL |
CrashSeverity.ShortDescription | Human-readable crash type (e.g. HeapDoubleFree, SourceAv) |
Stacktrace | Full symbolized stack trace |
CrashLine | Source file and line where the crash occurred |
Source | Code snippet around the crash site |
AsanReport | Raw sanitizer output captured from stderr |
View the report
casr-cli opens the report in an interactive TUI that lets you navigate the stack trace, review source context, and inspect register values and disassembly — all without leaving the terminal:casr-cli at a directory of reports to see joint cluster statistics — total crashes, severity distribution, unique crash types:Deduplicate reports
After a fuzzing run you typically have hundreds of crash inputs that trigger the same underlying bug.
casr-cluster -d compares stack traces and copies only the unique reports into a new output directory:- Input:
reports/— directory containing raw.casrepfiles - Output:
dedup/— deduplicated subset, one report per unique crash
Deduplication is based on stack-trace similarity using the gdb-command library. CASR also disables ASLR before analysis so that addresses are stable across runs.
Cluster reports
Once duplicates are removed, Or open a specific cluster:
casr-cluster -c groups the remaining reports by root-cause similarity. Each cluster corresponds to a distinct crash location in the code:- Input:
dedup/— deduplicated reports from the previous step - Output:
clusters/— subdirectoriescl1/,cl2/, … each containing related reports
Full Triage Pipeline at a Glance
Next Steps
casr-san
Learn all flags for ASAN, MSAN, and stdin-based crash collection.
casr-cluster
Advanced clustering options including similarity thresholds and UBSAN triage.
casr-afl / casr-libfuzzer
One-command end-to-end triage for AFL++ and libFuzzer campaigns.