ubsan | 易学教程

Clang 8 with MinGW-w64: How do I use address- & UB sanitizers?

阅读更多关于 Clang 8 with MinGW-w64: How do I use address- & UB sanitizers?

问题 Clang 8 release notes have this promising line: Allow using Address Sanitizer and Undefined Behaviour Sanitizer on MinGW. However, I unable to figure out how to use those properly. I'm using Clang 8.0.0 with MSYS2 MinGW GCC. Exact details are at the bottom of the question. I'm trying to compile following minimal piece of code: 1.cpp #include <iostream> int main() { // Testing ubsan int x = 0x7fffffff; x++; std::cout << x << std::endl; // Testing asan int *y = new int; delete y; std::cout <<

C++ UBSAN produces false positives with derived objects

阅读更多关于 C++ UBSAN produces false positives with derived objects

问题 I wanted to use UBSAN (undefined behavior sanitizer) but found it completely worthless as it reports to many false positives. E.g. a simple std::make_shared<int>(42); is enough to trigger warnings like member access within address 0x00000236de70 which does not point to an object of type '_Sp_counted_base' Reducing this example to a MWE shows that the problem is more general with base classes and inheritance: Example: struct Foo{ int f(){ return g(); } virtual int g() = 0; }; struct Bar: Foo{

C++ UBSAN produces false positives with derived objects

阅读更多关于 C++ UBSAN produces false positives with derived objects

undefined reference to `__ubsan_handle_nonnull_arg' [duplicate]

阅读更多关于 undefined reference to `__ubsan_handle_nonnull_arg' [duplicate]

问题 This question already has answers here : Using GCC Undefined Behavior Sanitizer (2 answers) Closed last year . I have been working on the problem set speller for the last days and so far this is what I have. Unfortunately, it does not compile and I am a bit lost. I would be really grateful if somebody can help me out and tell me, what I am doing wrong. // Implements a dictionary's functionality #include <stdbool.h> #include <stdio.h> #include <string.h> #include <strings.h> #include <stdlib.h

Call to function (unknown) through pointer to incorrect function type

阅读更多关于 Call to function (unknown) through pointer to incorrect function type

问题 I have a program that dynamically links against a library. The program passes a function pointer to that library, to execute. But the ubsan (Undefined Behavior Sanitizer) specified that the pointer is on an incorrect function type. And that occurs only if the callback function has a class as parameter if the callback function has a class as parameter, but only forward declared if I specify the compilation flags: -fvisibility=hidden. I use clang to compile my project. Is it a bug in clang

Call to function (unknown) through pointer to incorrect function type

阅读更多关于 Call to function (unknown) through pointer to incorrect function type

How to suppress some unsigned-integer-overflow errors from UBsan?

阅读更多关于 How to suppress some unsigned-integer-overflow errors from UBsan?

问题 Most of my -fsanitize=unsigned-integer-overflow errors are bugs, but sometimes I explicitly use it as intended, which results in UBSan producing false positives. Is there a way to turn UBSan unsigned-integer-overflow check off for a particular expression? EDIT in response to Shafik comment, here is an example: unsigned a = 0; unsigned b = a - 1; // error: unsigned integer overflow Most of the time that is a bug, sometimes it isn't. With UBSan one can find every time that happens, fix the bugs

Segmentation fault on gcc caused by lambda wrapper over variadic template function call

阅读更多关于 Segmentation fault on gcc caused by lambda wrapper over variadic template function call

问题 I've spent quite a few hours today trying to understand why this code segfaults on g++6.2 and g++7.0 , while happily working as intended on clang++3.9 (and 4.0 ) . I reduced the issue to a 85 lines self-contained code snippet, which does not segfault upon normal execution, but always reports an error under UBSAN. The issue is reproducible on wandbox, by compiling with g++7 , enabling optimizations and passing -fsanitize=undefined as an extra flag. This is what UBSAN reports: prog.cc: In

How to suppress some unsigned-integer-overflow errors from UBsan?

阅读更多关于 How to suppress some unsigned-integer-overflow errors from UBsan?

Most of my -fsanitize=unsigned-integer-overflow errors are bugs, but sometimes I explicitly use it as intended, which results in UBSan producing false positives. Is there a way to turn UBSan unsigned-integer-overflow check off for a particular expression? EDIT in response to Shafik comment, here is an example: unsigned a = 0; unsigned b = a - 1; // error: unsigned integer overflow Most of the time that is a bug, sometimes it isn't. With UBSan one can find every time that happens, fix the bugs, but I haven't found a way to silence the false positives. EDIT 2: to enable the check one needs to

Segmentation fault on gcc caused by lambda wrapper over variadic template function call

阅读更多关于 Segmentation fault on gcc caused by lambda wrapper over variadic template function call

I've spent quite a few hours today trying to understand why this code segfaults on g++6.2 and g++7.0 , while happily working as intended on clang++3.9 (and 4.0 ) . I reduced the issue to a 85 lines self-contained code snippet , which does not segfault upon normal execution, but always reports an error under UBSAN. The issue is reproducible on wandbox , by compiling with g++7 , enabling optimizations and passing -fsanitize=undefined as an extra flag. This is what UBSAN reports: prog.cc: In function 'int main()': prog.cc:61:49: warning: 'ns#0' is used uninitialized in this function [