Undefined behaviour in C [was Re: The Cost of Dynamism]

Ben Bacarisse ben.usenet at bsb.me.uk
Sun Mar 27 16:06:01 EDT 2016 

Steven D'Aprano <steve at pearwood.info> writes:

> On Sun, 27 Mar 2016 05:13 pm, Paul Rubin wrote:
>
>> Steven D'Aprano <steve at pearwood.info> writes:
>>> For example, would you consider that this isolated C code is
>>> "meaningless"?
>>> int i = n + 1;
>> 
>> It's meaningful as long as n is in a certain range of values so there's
>> no overflow.
>> 
>>> But according to the standard, it's "meaningless", since it might
>>> overflow, and signed int overflow is Undefined Behaviour.
>> 
>> No it's not meaningless if it "might" overflow, it's meaningless if it
>> -does- overflow, 
>
> No! That's exactly wrong!
>
> Paul, thank you for inadvertently proving the point I am trying to get
> across. People, even experienced C coders, simply don't understand what the
> C standard says and what C compilers can and will do.
>
> If the C compiler cannot prove that n is strictly less than MAXINT (or is
> that spelled INT_MAX?),

(the latter)

> the *entire program* (or at least the bits reachable from this line,
> in both directions) is Undefined, and the compiler has no obligations
> at all.

If I understand you correctly, you are claiming that in this program

  #include <stdio.h>

  int main(int argc, char **argv)
  {
     int n = argc > 1 ? atoi(argv[1]) : 0;
     int i = n + 1;  // not needed but used because it's the line in question
     printf("Hello world\n");
  }

everything after "int i = n + 1;" is undefined because the compiler
can't prove that n is strictly less than INT_MAX.  (In fact atoi
exhibits undefined behaviour in some cases which the compiler can't
prove don't apply here either, so the trouble could happen even
earlier.)

Given that the only observable behaviour is the printf call, would the
fact that the program is undefined by that point mean that a compiler
could generate code equivalent to

  #include <stdio.h>

  int main(void) { puts("You loose!\n"); }

and still be conforming according to the language standard?  (Obviously
this is a rather mild option given that anything is permitted.)  That
*seems* to be what you are saying, but it's not backed up by what the C
people I know say.  In particular

<snip>
> But don't believe me. What do I know about C, I don't even know whether to
> spell the biggest int MAXINT or INT_MAX or MAX_INT. Instead, believe these
> guys:
>
> http://blog.regehr.org/archives/213
> http://blog.regehr.org/archives/226
> http://blog.regehr.org/archives/232
>
> http://blog.llvm.org/2011/05/what-every-c-programmer-should-know.html
> http://blog.llvm.org/2011/05/what-every-c-programmer-should-know_14.html
> http://blog.llvm.org/2011/05/what-every-c-programmer-should-know_21.html

don't seem to be saying that.  Whilst I've not yet read them all, they
seem be unexceptional explanations of UB in C (by which I mean they
accord with what I understand it to be!) and I don't see how they
confirm what I think you are saying.

<snip>
-- 
Ben.

More information about the Python-list mailing list