|
|
|
|
|
|
by MaxBarraclough
679 days ago
|
|
|
> Or there are many high level function structures as, which also has no UB (with some assumption on the called functions): void bar() { struct foo *p = foo_alloc(); foo_do1(p); foo_do2(p); foo_delete(p); }
Are we assuming foo_alloc always succeeds? malloc returns NULL to indicate failure to allocate, which this code wouldn't handle.> Such code can be easily screened and also this can be done automatically. That doesn't sound right at all. Robust static analysis of C code is extremely involved. It's an area of ongoing research. Prior efforts along these lines have not been successful. Even adopting the MISRA C ruleset doesn't guarantee absence of undefined behaviour, for instance. |
|
|