Glossary

UndefinedBehaviorSanitizer (UBSan)

A runtime checker that detects C/C++ undefined behavior — signed overflow, null dereference, misaligned access, and more.

UndefinedBehaviorSanitizer (UBSan) is a compile-time instrumentation tool from LLVM/GCC that inserts runtime checks for operations with undefined behavior in C and C++. Checked categories include signed integer overflow, shift-amount violations, null pointer dereferences, misaligned pointer access, invalid enum casts, and out-of-bounds array indexing. Unlike AddressSanitizer, UBSan has very low overhead (typically 5-20%) and can be enabled in production or near-production builds. In fuzzing, UBSan catches bugs that don't directly crash the target but are exploitable or indicate logic errors — a signed overflow that quietly wraps in debug builds may corrupt a length calculation and lead to a heap overflow. UBSan is routinely combined with ASan and a coverage-guided fuzzer in the same build.

AddressSanitizer (ASan)

A fast memory-error detector that catches heap/stack buffer overflows, use-after-free, and similar bugs at runtime.

MemorySanitizer (MSan)

A detector for uses of uninitialized memory in C/C++ programs, catching a class of bugs that ASan misses.

Fuzz Testing

Automated software testing that generates many semi-random inputs to find crashes, hangs, and security vulnerabilities.

libFuzzer

An in-process, coverage-guided fuzzing library built into LLVM that links directly into the target binary.

Instrumentation

The process of inserting probes into a program at compile or binary rewrite time to collect runtime information for the fuzzer.

UndefinedBehaviorSanitizer (UBSan)

Related