SoylentNews is people
SoylentNews
from the for-all-you-code-writing-types-out-there dept.
John Regehr, Professor of Computer Science, University of Utah, writes:
Undefined behavior (UB) in C and C++ is a clear and present danger to developers, especially when they are writing code that will execute near a trust boundary. A less well-known kind of undefined behavior exists in the intermediate representation (IR) for most optimizing, ahead-of-time compilers. For example, LLVM IR has undef and poison in addition to true explodes-in-your-face C-style UB. When people become aware of this, a typical reaction is: "Ugh, why? LLVM IR is just as bad as C!" This piece explains why that is not the correct reaction.
Undefined behavior is the result of a design decision: the refusal to systematically trap program errors at one particular level of a system. The responsibility for avoiding these errors is delegated to a higher level of abstraction. For example, it is obvious that a safe programming language can be compiled to machine code, and it is also obvious that the unsafety of machine code in no way compromises the high-level guarantees made by the language implementation. Swift and Rust are compiled to LLVM IR; some of their safety guarantees are enforced by dynamic checks in the emitted code, other guarantees are made through type checking and have no representation at the LLVM level. Either way, UB at the LLVM level is not a problem for, and cannot be detected by, code in the safe subsets of Swift and Rust. Even C can be used safely if some tool in the development environment ensures that it will not execute UB. The L4.verified project does exactly this.
(Score: 3, Insightful) by maxwell demon on Thursday February 16 2017, @07:21PM
A language having constructs with undefined behaviour doesn't make that language inherently unsafe. Code that triggers undefined behaviour is inherently unsafe.
The Tao of math: The numbers you can count are not the real numbers.
(Score: 2) by DannyB on Thursday February 16 2017, @08:25PM
Absolutely true.
However, how unsafe I would consider a language is directly related to how often and how easy it is to use those constructs with undefined behavior.
The Centauri traded Earth jump gate technology in exchange for our superior hair mousse formulas.
(Score: -1, Troll) by Anonymous Coward on Thursday February 16 2017, @09:05PM
Sure, if you're an idiot that needs a slow, safe language to hold your hand.
(Score: 2) by bob_super on Friday February 17 2017, @01:07AM
C is highly unsafe, and so is ASM.
(Score: 2) by DannyB on Friday February 17 2017, @02:15PM
Yep. That is what makes C and ASM a great system language for an OS or for microcontrollers or device drivers. But such a bad choice as an application programming language.
The Centauri traded Earth jump gate technology in exchange for our superior hair mousse formulas.