29 Sep
2024
29 Sep
'24
10:29 p.m.
Gradually the writers of optimizing compilers have leaned so hard on the
implementation-defined and undefined behaviors that, while far from
useless, C and C++ have become non-portable and dangerously insecure, as
well as often very surprising to the point that the US government arguing
against using them.
-rob
On Mon, Sep 30, 2024 at 2:56 AM Douglas McIlroy <
douglas.mcilroy(a)dartmouth.edu> wrote:
>>
malloc(0) isn't undefined behaviour but implementation defined.
>
> In modern C there is no difference between those two concepts.
Can you explain more about your view
There certainly is a difference, but in this case the practical
implications are the same: avoid malloc(0). malloc(0) lies at the high end
of a range of severity of concerns about implementation-definedness. At the
low end are things like the size of ints, which only affects applications
that may confront very large numbers. In the middle is the default
signedness of chars, which generally may be mitigated by explicit type
declarations.
For the size of ints, C offers guardrails like INT_MAX. There is no test
to discern what an error return from malloc(0) means.
Is there any other C construct that implementation-definedness renders
useless?
Doug