Hacker News new | ask | show | jobs
by bhk 2495 days ago
The C standard includes an appendix that lists ~200 examples of undefined behavior. This list does not claim to be exhaustive.

Often, what constitutes undefined behavior is non-obvious (and not well justified). For example, when adding two signed integers results in an overflow, it is undefined behavior even if your program never uses the result.

Due to C's definition of "undefined" behavior, it means that all of the guarantees we rely on to ensure security go out the window whenever the programmer steps on one of these land mines.
1 comments
caspper69 2495 days ago
Not all UB falls into this category. A lot of UB, such as your signed integer addition example, is dependent upon the behavior of the underlying hardware. Certain archs may throw an exception on signed integer overflow, or exhibit otherwise inconsistent behavior, for example. The standard is the standard, of course, but not all implementations inherit the UB of the standard.
link
bhk 2495 days ago
Whether or not something is "undefined behavior" has nothing to do with the hardware. The C specification says what is specified, what is "unspecified", what is "implementation defined", and what is "undefined".

If something is "undefined" according to C, you can't rely on what the hardware does, because the hardware might not even get a chance to do anything. The compiler may completely elide sections of your program -- and they do in practice (for example, bounds checks).

Actually, hardware always does something reasonable for add instructions (throw exception or overflow or saturate). It's additions in C that can have unreasonable results.

link
Gibbon1 2495 days ago
> A lot of UB, such as your signed integer addition example, is dependent upon the behavior of the underlying hardware.

That problem is you can no longer depend on that because the compiler writers have decided they can do anything during AST optimization when there is undefined behavior.

link
qw3rty01 2495 days ago
That's because...they can. Because the behavior of the statement is undefined.
link
perl4ever 2495 days ago
“Those who can make you believe absurdities, can make you commit atrocities.” -Voltaire

Who knew he was talking about C compilers??

link