Everything in C is undefined behavior
15 hours ago
- #software-security
- #c-programming
- #undefined-behavior
- The author asserts that all non-trivial C/C++ code contains undefined behavior (UB), and that writing correct C or C++ is impossible.
- UB is not just about optimization; it means the compiler can assume code is valid, leading to unpredictable results even without optimizations.
- Examples of UB include unaligned pointer access, unsafe char-to-int conversions in functions like isxdigit(), and casting float to int when values exceed integer limits.
- Common misconceptions: UB isn't only triggered by obvious mistakes like double-free; subtle issues like misaligned atomic operations also cause UB.
- The author highlights that LLMs are effective at detecting UB in code, suggesting that using LLMs for supervision is essential for writing safer C/C++ in modern development.
- Despite UB's prevalence, completely abandoning C/C++ codebases isn't feasible; instead, integrating LLMs to identify and fix UB at scale is recommended.