UB in D

Shachar Shemesh via Digitalmars-d digitalmars-d at puremagic.com
Mon Jul 11 22:33:47 PDT 2016


On 10/07/16 02:44, H. S. Teoh via Digitalmars-d wrote:
> I find this rather disturbing, actually.  There is a fine line between
> taking advantage of assert's to elide stuff that the programmer promises
> will not happen, and eliding something that's defined to be UB and
> thereby resulting in memory corruption.

I like clang's resolution to this problem. On the one hand, leaving 
things undefined allows the compiler to optimize away cases that would, 
otherwise, be horrible for performance.

On the other hand, these optimizations sometimes turn code that was 
meant to be okay into really not okay.

LLVM, at least for C and C++, has an undefined behavior sanitizer. You 
can turn it on, and any case where a test that superficial reading of 
the code suggests takes place, but was optimized away due to undefined 
behavior, turns into a warning. This allows you to write code in a sane 
way while not putting in a ton (metric or otherwise, as I won't fight 
over 10% difference) of security holes.

Shachar


More information about the Digitalmars-d mailing list