UB exist kyun karta hai? Taaki compilers har jagah defensive checks daale bina fast code generate kar sakein. Standard kehta hai "agar programmer X likhta hai, toh hum assume karte hain ki woh kabhi bad case trigger nahi karega, isliye hum optimize karne ke liye free hain." Woh freedom speed ke liye great hai — aur jab tum actually trigger karte ho toh correctness ke liye nightmare.
clang -fsanitize=undefined -fno-sanitize-recover=all -g file.c -o prog./prog# Pehle UB par: print karta hai e.g.# file.c:12:9: runtime error: signed integer overflow:# 2147483647 + 1 cannot be represented in type 'int'
-g → debug info rakho taaki line numbers print ho sakein.
-fno-sanitize-recover=all → pehli error par abort karo (warna UBSan report karta hai aur continue karta hai, jo "pehla" cause hide kar sakta hai).
Signed integer overflow lo 32-bit int ke liye. Representable range hai
[−231,231−1].
Yeh bounds kyun?n=32 bits ke saath Two's complement: most significant bit ka weight −2n−1 hota hai, baaki positive weights add karte hain up to 2n−1−1. Toh:
INT_MIN=−231,INT_MAX=231−1.
Addition-overflow condition derive karna. True mathematical sum s=a+b compute karo (unbounded integers mein). Overflow = "s representable nahi hai":
overflow(a,b)⟺s<−231∨s>231−1.
Yeh step kyun? UBSan unbounded integers mein cheaply compute nahi kar sakta, isliye yeh ek hardware fact use karta hai: do same-sign numbers ko add karna sirf usi sign ki taraf overflow kar sakta hai. Formally, overflow tab hota hai jab a aur b ka same sign ho aur result ka sign alag ho:
Kya signed overflow UB hai? Kya unsigned overflow UB hai? ⇒ signed = UB; unsigned = well-defined (wraps mod 232)
n << 32 "kaam" kaise kar sakta hai phir bhi UB kyun hai? ⇒ x86 shift ko & 31 se mask karta hai, deta hai galat-lekin-crash-na-karne-wala result
Recall Feynman: ek 12-saal ke bachche ko explain karo
Socho language mein kuch "forbidden moves" hain — jaise apne calculator pe dikhayi dene wale sabse bade number se aage count karna. Agar tum ek forbidden move karo, toh rulebook kehta hai "kuch bhi ho sakta hai" aur machine shayad ek weird answer de, ya crash kar jaaye, ya theek lagta rahe aur baad mein betray kare. UBSan ek referee ki tarah hai jo game dekh raha hai aur jaise hi tum forbidden move karo, usi waqt whistle bajata hai, exact line point karta hai: "Yahan! Tumne maximum se zyada add karne ki koshish ki!" Toh ek spooky bug jo randomly agle mahine dikhe uski jagah, tum immediately pakde jaate ho.
UBSan ka full form kya hai aur yeh kya detect karta hai?
Undefined Behavior Sanitizer; ek compiler runtime checker jo undefined behavior ke liye hai (signed overflow, bad shifts, null/misaligned pointers, INT_MIN/-1, etc.).
UBSan enable karne wala compiler flag kaunsa hai?
-fsanitize=undefined.
UBSan ke saath -fno-sanitize-recover=all kyun combine karo?
Taaki program pehle violation par abort kare report karke continue karne ki jagah, true root cause reveal ho.
Kya C mein unsigned integer overflow UB hai?
Nahi — unsigned arithmetic modulo 2n wrap karne ke liye defined hai. Sirf signed overflow UB hai.
32-bit int ki two's-complement range kya hai aur kyun?
[−231,231−1]; top bit ka weight −231 hota hai, baaki bits 231−1 tak add hoti hain.
Signed addition overflow kab hota hai (single-bit test)?
Jab dono operands sign bit share karein lekin wrapped result ka sign bit alag ho — exactly CPU overflow flag.
INT_MIN / -1 undefined kyun hai?
Result 231 hai jo INT_MAX (231−1) se zyada hai; division overflow karta hai aur trap bhi ho sakta hai.
n << 32 x86 par silently galat answer kyun de sakta hai?
Hardware shift count ko & 31 se mask karta hai, toh n << 0 compute hota hai; standard phir bhi ise UB kehta hai.
Kya clean UBSan run prove karta hai ki program UB-free hai?
Nahi — yeh sirf executed paths check karta hai aur har UB category cover nahi karta; ASan/MSan/TSan aur static analysis ke saath pair karo.