28 May
2020
28 May
'20
3 a.m.
On Wed, May 27, 2020 at 2:50 PM Greg A. Woods <woods(a)robohack.ca> wrote:
A big part of the problem is that the C Standard
mandates compilation
will and must succeed (and allows this success to be totally silent too)
even if the code contains instances of undefined behaviour.
No it does not.
To quote C11:
undefined behavior
behavior, upon use of a nonportable or erroneous program construct or of
erroneous data, for which this International Standard imposes no
requirements
NOTE Possible undefined behavior ranges from ignoring the situation
completely with unpredictable results, to behaving during translation or
program execution in a documented manner characteristic of the environment
(with or without the issuance of a diagnostic message), to terminating a
translation or execution (with the issuance of a diagnostic message).
Much UB cannot be detected at compile time. Much UB is too expensive to
detect at run time.
Take strlen(const char* s) for example. s must be a valid pointer that
points to a '\0'-terminated string. How would you detect that at compile
time? How would you set up your run time to detect that and error out?
How would you design your codegen and runtime to detect and error out when
UB is invoked in this code:
#include <stdio.h>
#include <string.h>
void A(const char* a, const char* b) {
printf("%zu %zu\n", strlen(a), strlen(b));
}
// Separate compilation unit
int main() {
const char a[] = {'A'};
const char b[] = {'\0'};
A(a, b);
}
--
Nevin ":-)" Liber <mailto:nl
<nevin@eviloverlord.com>iber@gmail.com>
+1-847-691-1404