Assert and undefined behavior

Timon Gehr timon.gehr at gmx.ch
Sun Oct 15 06:59:44 UTC 2017


On 14.10.2017 23:36, kdevel wrote:
> On Saturday, 14 October 2017 at 09:32:32 UTC, Timon Gehr wrote:
>> Also, UB can and does sometimes mean that the program can execute 
>> arbitrary code. It's called "arbitrary code execution": 
>> https://en.wikipedia.org/wiki/Arbitrary_code_execution
> 
> This confuses different levels of reasoning.

It's a correct statement about the semantics of programs produced from 
sources with UB by standard-compliant compilers.

> In C/C++ "undefined 
> behavior" is a property of the SOURCE code with respect to the 
> specification. It states: The spec does not not apply, it does not 
> define the semantic.
> ...

I.e., the semantics of a program produced by a conforming compiler can 
be arbitrary.

> This issue is totally different from the question what a given program 
> containing undefined behavior actually does after is compiles and the 
> after the linker produces an executable. This is reasoning about 
> generated MACHINE code.
> ...

Sure. This is very much intentional. The current subthread is about what 
kind of programs the compiler might produce (in practice) if the 
provided source code contains UB. The claim I was refuting was that the 
produced program cannot have branching and other behaviors not specified 
in the source.

> A result of this confusion has been that some clever people tried to 
> "detect" certain kinds of undefined behavior "after" they "happended". 
> E.g. <https://gcc.gnu.org/bugzilla/show_bug.cgi?id=30475> This is the 
> danger of undefined behavior: The MACHINE code may also work as the 
> programmer expected. At least for some time.
> 
> 

I'm not confused about this at all.


More information about the Digitalmars-d-learn mailing list