Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

My favourite description of undefined behaviour. The poster is corrected later on in the thread about whether the specific operation discussed would invoke undefined behaviour, but the description of what happens when undefined behaviour occurs is gold:

https://groups.google.com/g/comp.lang.c/c/ZE2B2UorTtM/m/1ROv...

Joona I Palaste, 2001-01-19, comp.lang.c

    This isn't about the post-increment operator, this is about the order
    of evaluation of the operands.
    Since you're modifying the value of i twice without a sequence point
    in between, either of the two results are exactly as much "expected".
    Also, equally "expected" behaviour includes incrementing every
    variable in the array, flipping all the bits in every variable in the
    array, converting all instances of the text string "/usr" in memory
    to "fsck", changing the colours of your screen to purple, calling the
    police on your modem line and telling them you're being attacked by
    a one-eyed Martian wielding a herring while singing "Hi ho, it's off
    to work we go", and even weirder stuff.
    So... what it all boils to... when writing your compiler, just flip
    a coin and use the one of the two behaviours you listed that
    corresponds with the coin's face.


And yet the standard explicitly states that undefined behaviour can behave in some documented manner characteristic of the environment. As a simple question of quality of implementation, we should surely be able to demand that nothing confusing happens.


I don't disagree, and I think the quote above follows that idea. Undefined behaviour means that anything _could_ happen, but compiler writers should ensure something sensible happens in those cases. At least, that's what I took from it.


At this point we should just bite the bullet and make it not just defined, but defined in a way that results in safe code, even if that code is slower (e.g. for overflow, panic). We have computers that are many orders of magnitude faster than anything that was around back in the days C++, much less C, was originally designed. And most code that runs on them is not performance critical, so we could absolutely turn on null checks, overflow checks, bounds checks etc most everywhere and things would still be fine - but with less (and more visible, thus easier to find) bugs. This whole mentality that if you are writing in C++, you must let the compiler squeeze every last bit of perf out of your code, is both dangerous and unneeded.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: