A Guide to Undefined Behavior in C and C++ (2010)
10 comments
·March 13, 2025jasonthorsness
zyedidia
I think data races can cause undefined behavior in Go, which can cause memory safety to break down. See https://research.swtch.com/gorace for details.
jjmarr
> I wish they would have some kind of super strict mode for C or C++ where compilation fails unless you somehow fix things at the call sites to tell the compiler the behavior you want explicitly.
The C++ language committee _does not_ want to add more annotations to increase memory safety.
tialaramex
Several programming languages can testify to the fact than a Benevolent Dictator For Life is not a panacea. Several more than testify that having a Committee to design the language is likewise not a panacea. Perhaps uniquely C++ can clarify for us that both is in fact worse than either alone.
steveklabnik
Safe Rust has no undefined behavior. Unsafe Rust does.
guimplen
The first example (signed integer overflow) is no longer valid in newer standards of C. Now it should use the two-complement semantics and no UB.
Rusky
I believe they only standardized the two's-complement representation (so casts to unsigned have a more specific behavior, for example) but they did not make overflow defined.
fsckboy
my opinion as a very experienced C system programmer:
there must be better sources to guide people than a poorly written and infantilizing article from 15 years ago.
staunton
Being a very experienced programmer, I'm sure you know many such sources. Can you share any?
ultrarunner
Perhaps you could draw on your wealth of experience to write one. I’d love to read it!
This is an area the newer languages get right - I don’t think Rust or Go has any undefined behavior? I wish they would have some kind of super strict mode for C or C++ where compilation fails unless you somehow fix things at the call sites to tell the compiler the behavior you want explicitly.