Skip to content
RIOT Documentation

Debugging Tools

Undefined Behavior Sanitizer (ubsan)

Section titled “Undefined Behavior Sanitizer (ubsan)”

RIOT contains Makefile convenience support for gcc/clang’s undefined behaviour sanitizer.

Overview

Section titled “Overview”

Both gcc and clang allow generation of code that does runtime checks for undefined behavior (UB).

E.g., the following code might trigger UB for some parameters:

void test(int foo)
{
    return (foo << 24);
}

In this case, the signed shift would be alright unless:

  • it would “push out” all bits to the left, with undefined runtime result. Here, that happens on architectures with 16-bit integers.
  • foo is negative, with implementation-specific runtime results.

Using ubsan, these can be caught at runtime.

There are three modes for ubsan that define what happens when the sanitizer observed undefined behaviour:

  1. trap -> cause a trap
  2. msg_exit -> print a message and exit
  3. msg_recover -> print a message and continue

trap is available on all RIOT platforms, whereas msg_exit and msg_recover are currently only available on native when building with gcc, as they require runtime support in the form of libubsan.

The default is trap, or msg_exit if available (currently, on native:gnu only).

How to Use

Section titled “How to Use”

  1. build with make all-ubsan.

  2. build with UBSAN_MODE=[trap|msg_exit|msg_recover] make all-ubsan to override the ubsan mode.