On Wed, May 27, 2020 at 2:50 PM Greg A. Woods <woods@robohack.ca> wrote:

A big part of the problem is that the C Standard mandates compilation
will and must succeed (and allows this success to be totally silent too)
even if the code contains instances of undefined behaviour.

No it does not.

To quote C11:

undefined behavior

behavior, upon use of a nonportable or erroneous program construct or of erroneous data, for which this International Standard imposes no requirements

NOTE Possible undefined behavior ranges from ignoring the situation completely with unpredictable results, to behaving during translation or program execution in a documented manner characteristic of the environment (with or without the issuance of a diagnostic message), to terminating a translation or execution (with the issuance of a diagnostic message).

Much UB cannot be detected at compile time. Much UB is too expensive to detect at run time.

Take strlen(const char* s) for example. s must be a valid pointer that points to a '\0'-terminated string. How would you detect that at compile time? How would you set up your run time to detect that and error out?

How would you design your codegen and runtime to detect and error out when UB is invoked in this code:

#include <stdio.h>
#include <string.h>

void A(const char* a, const char* b) {
    printf("%zu %zu\n", strlen(a), strlen(b));
}

// Separate compilation unit
int main() {
    const char a[] = {'A'};
    const char b[] = {'\0'};

    A(a, b);
}
-- 
 Nevin ":-)" Liber  <mailto:nliber@gmail.com>  +1-847-691-1404