I wanted to use UBSAN (undefined behavior sanitizer) but found it completely worthless as it reports to many false positives.
E.g. a simple std::make_shared<int>(42);
is enough to trigger warnings like
member access within address 0x00000236de70 which does not point to an object of type '_Sp_counted_base'
Reducing this example to a MWE shows that the problem is more general with base classes and inheritance:
Example:
struct Foo{
int f(){ return g(); }
virtual int g() = 0;
};
struct Bar: Foo{
int g(){ return 42; }
};
int main(){
auto f = new Bar();
return f->g();
}
Compile with -fsanitize=undefined
and watch
example.cpp:15:16: runtime error: member call on address 0x000000726e70 which does not point to an object of type 'Bar'
0x000000726e70: note: object has invalid vptr
See https://godbolt.org/z/0UiVtu.
How are not even these simple cases properly handled? Did I miss anything? How should I properly use UBSAN to check my code? (This requires [almost] no false positives)
Edit: As it seems the MWE only works on godbolt, the original code looks like this:
#include <boost/iostreams/device/mapped_file.hpp>
#include <boost/iostreams/stream.hpp>
using MMStream = boost::iostreams::stream<boost::iostreams::mapped_file_source>;
int main(){
MMStream stream;
stream.open("a.out");
return !stream;
}
Compile with clang++-8 -fsanitize=undefined -fvisibility=hidden -I /opt/boost_1_64_0/include/ test.cpp /opt/boost_1_64_0/lib/libboost_iostreams.so
and run which results in errors like
runtime error: member call on address 0x00000126ef30 which does not point to an object of type 'boost::detail::sp_counted_base'