Fun with -fsanitize=undefined and Picolibc: An Embedded C Adventure
This blog post details the integration of GCC and Clang's -fsanitize=undefined flag into the Picolibc library to detect undefined or implementation-defined C language behaviors. This process unearthed and fixed eight real bugs, including missing NULL checks in setlocale/newlocale and type errors in qsort. It also revealed hidden undefined behaviors in the code, such as pointer arithmetic out-of-bounds and signed integer overflows. While much of the work involved replacing undefined behavior with defined behavior, the author also wrote lsl and asr macros to handle left and arithmetic right shifts, expressing dissatisfaction with the C language specification's shortcomings regarding shift operators. The author concludes by encouraging developers to try the undefined behavior sanitizer to improve code quality.