On 2018-05-10 14:35, Wol's lists wrote: > > Code may be "security-sensitive" but buggy. Is the compiler writer > > really responsible for guessing what the programmer meant to > > accomplish with buggy code? > > What do you mean by "buggy"?
Relying on UB, or not telling the compiler the whole truth. You have a point in that I should have been more specific. > So if the compiler can't detect undefined behaviour, how the hell do > you expect the programmer to? Number one reason is that UB is at least in part a run-time concept. Clearly the compiler cannot try all possible inputs to a function and run a simulation on them. The programmer _can_ insert guard code at the calling site to prevent the undefined cases from happening. A "whole program" compiler (ie. one that analyzes code across source modules) may be able to detect the _possibility_ of UB. But if you put such a compiler to work on the kernel (for example), you can probably take a short vacation while you await the result ;-) > Oh - and please explain - what is buggy about wanting the following > program to compile and actually *do* what the code is asking, rather > than compiling to a no-op ... and 0x00ff is the address of your > network adaptor? Do you want THAT to be optimised away "because it > doesn't do anything"? > int main () { > int a, b, c; > a = 2; > b = 4; > c = 6; > } > int main () { > void *a; > a = 0x00ff; > *a = 6; > } This is actually not UB, but a different problem. Yes, if I write it like this, I want it eliminated. When I want to keep it, I will use the "volatile" keyword which is in the language precisely for this purpose. -- Please don't Cc: me privately on mailing lists and Usenet, if you also post the followup to the list or newsgroup. To reply privately _only_ on Usenet and on broken lists which rewrite From, fetch the TXT record for no-use.mooo.com.