|
|
|
|
|
|
by pjc50
761 days ago
|
|
|
> C/C++ being non-opinionated is the main source of the security vulnerabilities This. "Undefined behavior" is such a terrible way of thinking. As is the "we can assume in the optimizer that UB does not happen and then eliminate code on that basis", which allows the compiler to introduce bugs that only appear at certain -O levels. It took decades to get them to define arithmetic as twos-complement. |
|
|
I'm not sure this is right? IIRC C++20/C23 require two's complement representation for signed integers but generally leave other behaviors (including signed overflow) the same.
[0]: https://www.open-std.org/jtc1/sc22/wg21/docs/papers/2018/p09...