The 2016 SEI CERT C Coding Standard [free download] gives this definition of Undefined Behavior:
Behavior, upon use of a nonportable or erroneous program construct or of erroneous data, for which the C Standard imposes no requirements.An example of an action that causes undefined behavior is signed integer overflow. Professor John Regehr at U of Utah has a blog post that gives several possible examples of what C compilers *could* do with this C statement in a program:
printf ("%d\n", (INT_MAX+1) < 0);The possibilities Regehr lists include printing 0, 1, 42 or formatting your hard drive. While the latter won't actually happen, undefined behavior can cause data corruption and/or security vulnerabilities.
The CERT C Coding Standard lists. in Appendix C, all undefined behaviors in the current C standard: C11 (more formally known as: ISO/IEC 9899:2011) There are 203.
Since I've mentioned the C11 standard here, I should probably have a Things an "Expert" C Developer Knows post about C standards.
No comments:
Post a Comment