MicrosoftDocs
diff --git a/‎docs/code-quality/c28196.md
Lines changed: 2 additions & 2 deletions b/‎docs/code-quality/c28196.md
Lines changed: 2 additions & 2 deletions
diff --git a/‎docs/sanitizers/asan.md
Lines changed: 85 additions & 31 deletions b/‎docs/sanitizers/asan.md
Lines changed: 85 additions & 31 deletions
diff --git a/‎docs/sanitizers/media/asan-basic-global-overflow.png
70.1 KB b/‎docs/sanitizers/media/asan-basic-global-overflow.png
70.1 KB
diff --git a/‎docs/sanitizers/media/asan-cmake-configuration-drop-down.png
43.7 KB b/‎docs/sanitizers/media/asan-cmake-configuration-drop-down.png
43.7 KB
diff --git a/‎docs/sanitizers/media/asan-cmake-configuration-dropdown.png
-268 KB b/‎docs/sanitizers/media/asan-cmake-configuration-dropdown.png
-268 KB
diff --git a/‎docs/sanitizers/media/asan-cmake-error-f5.png
-167 KB b/‎docs/sanitizers/media/asan-cmake-error-f5.png
-167 KB
diff --git a/‎docs/sanitizers/media/asan-cmake-json.png
-96.9 KB b/‎docs/sanitizers/media/asan-cmake-json.png
-96.9 KB
diff --git a/‎docs/sanitizers/media/asan-global-buffer-overflow-f5.png
-308 KB b/‎docs/sanitizers/media/asan-global-buffer-overflow-f5.png
-308 KB
diff --git a/‎docs/sanitizers/media/asan-project-system-dialog.png
-121 KB b/‎docs/sanitizers/media/asan-project-system-dialog.png
-121 KB
@@ -50,5 +50,5 @@ Item *get_item(_In_reads_(len) Item *items, size_t len, size_t index) {
 
 ## See also
 
-[Annotating function parameters and return values](./annotating-function-parameters-and-return-values.md)
-[Specifying When and Where an Annotation Applies](./specifying-when-and-where-an-annotation-applies.md)
+[Annotating function parameters and return values](./annotating-function-parameters-and-return-values.md)\
+[Specifying When and Where an Annotation Applies](./specifying-when-and-where-an-annotation-applies.md)\
@@ -1,7 +1,7 @@
 ---
 title: "AddressSanitizer"
 description: "Top-level description of the AddressSanitizer feature for Microsoft C/C++."
-ms.date: 03/05/2021
+ms.date: 06/13/2023
 f1_keywords: ["AddressSanitizer"]
 helpviewer_keywords: ["ASan", "AddressSanitizer", "Address Sanitizer", "compiling for AddressSanitizer"]
 ---
@@ -32,23 +32,21 @@ Use AddressSanitizer to reduce your time spent on:
 - Stress testing
 - Integrating new code
 
-AddressSanitizer, originally [introduced by Google](https://www.usenix.org/conference/atc12/technical-sessions/presentation/serebryany), provides run-time bug-finding technologies that use your existing build systems and existing test assets directly.
+AddressSanitizer, originally [introduced by Google](https://www.usenix.org/conference/atc12/technical-sessions/presentation/serebryany), provides runtime bug-finding technologies that use your existing build systems and existing test assets directly.
 
 AddressSanitizer is integrated with the Visual Studio project system, the CMake build system, and the IDE. Projects can enable AddressSanitizer by setting a project property, or by using one extra compiler option: **`/fsanitize=address`**. The new option is compatible with all levels of optimization and configurations of x86 and x64. However, it isn't compatible with [edit-and-continue](/visualstudio/debugger/edit-and-continue-visual-cpp), [incremental linking](../build/reference/incremental-link-incrementally.md), and [`/RTC`](../build/reference/rtc-run-time-error-checks.md).
 
-Starting in Visual Studio 2019 version 16.9, Microsoft's AddressSanitizer technology enables integration with the Visual Studio IDE. The functionality can optionally create a crash dump file when the sanitizer finds a bug at runtime. If you set the `ASAN_SAVE_DUMPS=MyFileName.dmp` environment variable before you run your program, a crash dump file gets created with extra metadata for efficient [post-mortem debugging](#crash-dumps) of precisely diagnosed bugs. These dump files make extended use of AddressSanitizer easier for:
+Starting in Visual Studio 2019 version 16.9, Microsoft's AddressSanitizer technology enables integration with the Visual Studio IDE. The functionality can optionally create a crash dump file when the sanitizer finds a bug at runtime. If you set the `ASAN_SAVE_DUMPS=MyFileName.dmp` environment variable before you run your program, a crash dump file is created with extra metadata for efficient [post-mortem debugging](#crash-dumps) of precisely diagnosed bugs. These dump files make extended use of AddressSanitizer easier for:
 
-- Local machine testing,
-- On-premise distributed testing, and
-- Cloud-based workflows for testing.
+- Local machine testing
+- On-premises distributed testing
+- Cloud-based workflows for testing
 
 ### Install AddressSanitizer
 
-C++ workloads in the Visual Studio Installer install the AddressSanitizer libraries and IDE integration by default. However, if you're upgrading from an older version of Visual Studio 2019, use the Installer to enable ASan support after the upgrade:
+C++ workloads in the Visual Studio Installer install the AddressSanitizer libraries and IDE integration by default. However, if you're upgrading from an older version of Visual Studio 2019, use the Installer to enable ASan support after the upgrade. You can open the installer from the Visual Studio main menu via **Tools** > **Get Tools and Features...** Choose **Modify** on your existing Visual Studio installation from the Visual Studio Installer to get to the following screen.
 
-:::image type="content" source="media/asan-installer-option.png" alt-text="Visual Studio Installer screenshot highlighting the C++ AddressSanitizer component":::
-
-You can choose **Modify** on your existing Visual Studio installation from the Visual Studio Installer to get to the screen above.
+:::image type="content" source="media/asan-installer-option.png" alt-text="Screenshot of the Visual Studio Installer. The C++ AddressSanitizer component, under the Optional section, is highlighted.":::
 
 > [!NOTE]
 > If you run Visual Studio on the new update but haven't installed ASan, you'll get an error when you run your code:
@@ -79,14 +77,14 @@ Microsoft recommends you use AddressSanitizer in these three standard workflows:
   - [Azure OneFuzz](https://www.microsoft.com/security/blog/2020/09/15/microsoft-onefuzz-framework-open-source-developer-tool-fix-bugs/)
   - Local Machine
 
-This article covers the information you require to enable the three workflows listed above. The information is specific to the **platform-dependent** Windows 10 implementation of AddressSanitizer. This documentation supplements the excellent documentation from [Google, Apple, and GCC](#external-docs) already published.
+This article covers the information you require to enable the three workflows listed previously. The information is specific to the **platform-dependent** Windows 10 implementation of AddressSanitizer. This documentation supplements the excellent documentation from [Google, Apple, and GCC](#external-docs) already published.
 
 > [!NOTE]
 > Current support is limited to x86 and x64 on Windows 10. [Send us feedback](https://aka.ms/vsfeedback/browsecpp) on what you'd like to see in future releases. Your feedback helps us prioritize other sanitizers for the future, such as **`/fsanitize=thread`**, **`/fsanitize=leak`**, **`/fsanitize=memory`**, **`/fsanitize=undefined`**, or **`/fsanitize=hwaddress`**. You can [report bugs here](https://aka.ms/feedback/report?space=62) if you run into issues.
 
 ## <a name="command-prompt"></a> Use AddressSanitizer from a developer command prompt
 
-Use the **`/fsanitize=address`** compiler option in a [developer command prompt](../build/building-on-the-command-line.md#developer_command_prompt_shortcuts) to enable compiling for the AddressSanitizer runtime. The **`/fsanitize=address`** option is compatible with all existing C++ or C optimization levels (for example, `/Od`, `/O1`, `/O2`, `/O2 /GL`, and `PGO`). The option works with static and dynamic CRTs (for example, `/MD`, `/MDd`, `/MT`, and `/MTd`). It works whether you create an EXE or a DLL. Debug information is required for optimal formatting of call stacks. In the example below, `cl /fsanitize=address /Zi` is passed on the command line.
+Use the **`/fsanitize=address`** compiler option in a [developer command prompt](../build/building-on-the-command-line.md#developer_command_prompt_shortcuts) to enable compiling for the AddressSanitizer runtime. The **`/fsanitize=address`** option is compatible with all existing C++ or C optimization levels (for example, `/Od`, `/O1`, `/O2`, `/O2 /GL`, and `PGO`). The option works with static and dynamic CRTs (for example, `/MD`, `/MDd`, `/MT`, and `/MTd`). It works whether you create an EXE or a DLL. Debug information is required for optimal formatting of call stacks. In the following example, `cl /fsanitize=address /Zi` is passed on the command line.
 
 The AddressSanitizer libraries (.lib files) are linked for you automatically. For more information, see [AddressSanitizer language, build, and debugging reference](asan-building.md).
 
@@ -105,13 +103,15 @@ int main() {
 
 Using a developer command prompt for Visual Studio 2019, compile *`main.cpp`* using `/fsanitize=address /Zi`
 
-:::image type="content" source="media/asan-command-basic-global-overflow.png" alt-text="Screenshot of a command prompt showing the command to compile with AddressSanitizer options.":::
+:::image type="content" source="media/asan-command-basic-global-overflow.png" alt-text="Screenshot of a command prompt showing the command to compile with AddressSanitizer options. The command is: `cl main.cpp -faanitize-address /Zi`.":::
 
-When you run the resulting *`main.exe`* at the command line, it creates the formatted error report seen below.
+When you run the resulting *`main.exe`* at the command line, it creates the formatted error report that follows.
 
 Consider the overlaid, red boxes that highlight seven key pieces of information:
 
-:::image type="content" source="media/asan-basic-global-overflow.png" alt-text="Screenshot of the debugger showing a basic global overflow error.":::
+:::image type="complex" source="media/asan-basic-global-overflow.png" alt-text="Screenshot of the debugger showing a basic global overflow error.":::
+There are seven red highlights identifying key pieces of information in the error report. They map to the numbered list that follows this screenshot. The numbered boxes highlight the following text: 1) global-buffer-overflow 2) WRITE of size 4 3) basic-global-overflow.cpp 7 4) to the right of global variable 'x' defined in 'basic-global-overflow.cpp:3:8' 5) of size 400 6) 00 00[f9]f9 f9 7) Box is in the shadow byte legend area and contains Global redzone: f9
+:::image-end:::
 
 ### Red highlights, from top to bottom
 
@@ -138,34 +138,88 @@ To build from the IDE, opt out of any [incompatible options](./asan-known-issues
 - Turn off [`/RTC1` (runtime checks)](../build/reference/rtc-run-time-error-checks.md)
 - Turn off [`/INCREMENTAL` (incremental linking)](../build/reference/incremental-link-incrementally.md)
 
-To build and run the debugger, enter **F5**. You'll see this window in Visual Studio:
+To build and run the debugger, press **F5**. An **Exception Thrown** window appears in Visual Studio:
 
 :::image type="content" source="media/asan-global-buffer-overflow-F5.png" alt-text="Screenshot of the debugger showing a global buffer overflow error.":::
 
 ## <a name="ide-cmake"></a> Use AddressSanitizer from Visual Studio: CMake
 
-To enable AddressSanitizer for [a CMake project created to target Windows](../build/cmake-projects-in-visual-studio.md), take these steps:
+To enable AddressSanitizer for a [CMake project created to target Windows](../build/cmake-projects-in-visual-studio.md), follow these steps:
 
 1. Open the **Configurations** dropdown in the toolbar at the top of the IDE and select **Manage Configurations**.
 
-   :::image type="content" source="media/asan-cmake-configuration-dropdown.png" alt-text="Screenshot of the CMake configuration dropdown.":::
+   :::image type="content" source="media/asan-cmake-configuration-drop-down.png" alt-text="Screenshot of the CMake configuration dropdown. It displays options like x64 Debug, x64 Release, and so on. At the bottom of the list, Manage Configurations... is highlighted.":::
 
-   That selection opens the CMake Project Settings editor, which is saved in a CMakeSettings.json file.
+   That opens the CMake Project Settings editor, which reflects the contents of your project's `CMakeSettings.json` file.
 
 1. Choose the **Edit JSON** link in the editor. This selection switches the view to raw JSON.
 
-1. Add the property: **"addressSanitizerEnabled": true**
-
-   This image is of CMakeSettings.json after that change:
-
-   :::image type="content" source="media/asan-cmake-json.png" alt-text="Screenshot of the text editor view of CMakeSettings.json.":::
-
-1. Enter **Ctrl+S** to save this JSON file, then enter **F5** to recompile and run under the debugger.
-
-This screenshot captures the error from the CMake build.
-
-:::image type="content" source="media/asan-cmake-error-f5.png" alt-text="Screenshot of the CMake build error message.":::
-
+1. Add the following snippet to the `"windows-base"` preset, inside `"configurePresets":` to turn on Address Sanitizer:
+
+    ```json
+    "environment": {
+      "CFLAGS": "/fsanitize=address",
+      "CXXFLAGS": "/fsanitize=address"
+    }
+    ```
+    
+    `"configurePresets"` looks something like this, afterwards:
+    
+    ```json
+        "configurePresets": [
+          {
+            "name": "windows-base",
+            "hidden": true,
+            "generator": "Ninja",
+            "binaryDir": "${sourceDir}/out/build/${presetName}",
+            "installDir": "${sourceDir}/out/install/${presetName}",
+            "cacheVariables": {
+              "CMAKE_C_COMPILER": "cl.exe",
+              "CMAKE_CXX_COMPILER": "cl.exe"
+            },
+            "condition": {
+              "type": "equals",
+              "lhs": "${hostSystemName}",
+              "rhs": "Windows"
+            },
+            "environment": {
+              "CFLAGS": "/fsanitize=address",
+              "CXXFLAGS": "/fsanitize=address"
+            }
+          },
+    ```
+
+1. Address sanitizer doesn't work if edit-and-continue is specified (`/ZI`), which is enabled by default for new CMake projects. In `CMakeLists.txt`, comment out (prefix with `#`) the line that starts with `set(CMAKE_MSVC_DEBUG_INFORMATION_FORMAT"`. That line looks something like this, afterwards:
+
+    ```json
+    # set(CMAKE_MSVC_DEBUG_INFORMATION_FORMAT "$<IF:$<AND:$<C_COMPILER_ID:MSVC>,$<CXX_COMPILER_ID:MSVC>>,$<$<CONFIG:Debug,RelWithDebInfo>:EditAndContinue>,$<$<CONFIG:Debug,RelWithDebInfo>:ProgramDatabase>>")
+    ```
+
+1. Enter **Ctrl+S** to save this JSON file
+1. Clear your CMake cache directory and reconfigure by choosing from the Visual Studio menu: **Project** > **Delete cache and Reconfigure**. Choose **Yes** when the prompt appears to clear your cache directory and reconfigure.
+1. Replace the contents of the source file (for example, `CMakeProject1.cpp`) with the following:
+
+    ```cpp
+    // CMakeProject1.cpp : Defines the entry point for the application
+    
+    #include <stdio.h>
+    
+    int x[100];
+    
+    int main()
+    {
+        printf("Hello!\n");
+        x[100] = 5; // Boom!
+        return 0;
+    }
+    ```
+
+1. Choose **F5** to recompile and run under the debugger.
+
+    This screenshot captures the error from the CMake build.
+    
+    :::image type="content" source="media/asan-cmake-error-f5.png" alt-text="Screenshot of an exception that says: Address Sanitizer Error: Global buffer overflow. In the background, address sanitizer output is visible in command window.":::
+    
 ## <a name="crash-dumps"></a> AddressSanitizer crash dumps
 
 We introduced new functionality in AddressSanitizer for use with cloud and distributed workflows. This functionality allows offline viewing of an AddressSanitizer error in the IDE. The error gets overlaid on top of your source, just as you would experience in a live debug session.