1.\" $OpenBSD: kubsan.4,v 1.5 2024/09/06 13:31:59 mbuhl Exp $ 2.\" 3.\" Copyright (c) 2019 Anton Lindqvist <anton@openbsd.org> 4.\" 5.\" Permission to use, copy, modify, and distribute this software for any 6.\" purpose with or without fee is hereby granted, provided that the above 7.\" copyright notice and this permission notice appear in all copies. 8.\" 9.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES 10.\" WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF 11.\" MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR 12.\" ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES 13.\" WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN 14.\" ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF 15.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. 16.Dd $Mdocdate: September 6 2024 $ 17.Dt KUBSAN 4 18.Os 19.Sh NAME 20.Nm kubsan 21.Nd kernel undefined behavior sanitizer 22.Sh SYNOPSIS 23.Cd option KUBSAN 24.Sh DESCRIPTION 25.Nm 26detects undefined behavior at runtime inside the kernel. 27Detected undefined behavior is printed to the system console, 28including the offending line in the source code. 29.Pp 30By default, 31.Nm 32is not enabled but instead requires the following line to be present in the 33kernel configuration: 34.Bd -literal -offset indent 35option KUBSAN 36.Ed 37.Pp 38The following undefined behavior is detected: 39.Bl -tag -width 4n 40.It Float cast overflow 41The conversion from a floating point to an integer cannot be represented by 42the destination type. 43.It Integer overflow 44The result of an arithmetic computation on two integer operands cannot be 45represented by the destination type. 46.It Negate overflow 47Negation of an integer cannot be represented by the destination type. 48.It Pointer overflow 49Pointer arithmetic overflow. 50.It Out of bounds 51Array indexing out of bounds, limited to cases where the size of the array 52can be statically determined. 53.It Shift out of bounds 54Undefined logical shift caused by: 55.Bl -dash 56.It 57The shift amount being negative. 58.It 59The shift operand being negative. 60.It 61The shift amount exceeds the number of bits as given by the shift operand 62type. 63.It 64The result of the shift computation cannot be represented by the destination 65type. 66.El 67.It Non-null argument 68Passing 69.Dv NULL 70as the value for a function argument annotated with 71.Dv __nonnull__ . 72.It Invalid builtin 73Passing zero to a compiler builtin where not allowed. 74.It Invalid load 75Loading a value that cannot be represented by the destination type. 76.It Type mismatch 77Mismatch between pointer and value type caused by: 78.Bl -dash 79.It 80A pointer which does not fulfill the alignment requirements of the value type. 81.It 82A pointer to an address which lacks sufficient space to store the value type. 83.El 84.It Unreachable 85Execution reached passed a function annotated with 86.Dv __dead . 87.El 88.Sh SEE ALSO 89.Xr options 4 90.Sh HISTORY 91The 92.Nm 93implementation 94is derived from 95.Nx 96and first appeared in 97.Ox 6.5 . 98.Sh AUTHORS 99The 100.Nm 101implementation was written by 102.An Anton Lindqvist Aq Mt anton@openbsd.org . 103.Sh CAVEATS 104The 105.Nm 106implementation is limited to architectures using 107.Xr clang 1 108as their default compiler. 109