UB in D
Shachar Shemesh via Digitalmars-d
digitalmars-d at puremagic.com
Mon Jul 11 22:33:47 PDT 2016
On 10/07/16 02:44, H. S. Teoh via Digitalmars-d wrote:
> I find this rather disturbing, actually. There is a fine line between
> taking advantage of assert's to elide stuff that the programmer promises
> will not happen, and eliding something that's defined to be UB and
> thereby resulting in memory corruption.
I like clang's resolution to this problem. On the one hand, leaving
things undefined allows the compiler to optimize away cases that would,
otherwise, be horrible for performance.
On the other hand, these optimizations sometimes turn code that was
meant to be okay into really not okay.
LLVM, at least for C and C++, has an undefined behavior sanitizer. You
can turn it on, and any case where a test that superficial reading of
the code suggests takes place, but was optimized away due to undefined
behavior, turns into a warning. This allows you to write code in a sane
way while not putting in a ton (metric or otherwise, as I won't fight
over 10% difference) of security holes.
Shachar
More information about the Digitalmars-d
mailing list