Path: csiph.com!weretis.net!feeder8.news.weretis.net!eternal-september.org!feeder3.eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail From: Tim Rentsch Newsgroups: comp.lang.c Subject: Re: Which tools are available for catching UB? Date: Sat, 10 Feb 2024 02:06:40 -0800 Organization: A noiseless patient Spider Lines: 32 Message-ID: <86a5o863bj.fsf@linuxsc.com> References: <8634ukeofy.fsf@linuxsc.com> <20240125203408.386@kylheku.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Injection-Info: dont-email.me; posting-host="c20874413056af7bcbd7e84e1693869d"; logging-data="3289873"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1+8wUv0yL7CiNQ0/Wi+BU3MWqLzPV/xVFs=" User-Agent: Gnus/5.11 (Gnus v5.11) Emacs/22.4 (gnu/linux) Cancel-Lock: sha1:rctvxoCsTTDCAcWCA73SdOnbJro= sha1:FW6PbOUkkWUMXPaQRGca3EJdfcY= Xref: csiph.com comp.lang.c:382262 Kaz Kylheku <433-929-6894@kylheku.com> writes: > On 2024-01-26, Tim Rentsch wrote: > >> Lew Pitcher writes: >> >>> [A] single call to a function not defined by your program source >>> code or by the ISO C standard will invoke "undefined behaviour". >> >> That isn't right. The C standard allows previously translated >> translation units "[to] be preserved individually or in libraries." >> Those translation units don't have to be your own code or even >> necessarily stored, or translated, on the same machine. > > This is a strawman interpretation of what Lew is almost certainly > saying, No, it isn't. You misunderstood my statement. > which is the salient point that using a function that is not > somewhere in your program (any translation unit from your sources > or any translated units you brought to the table yourself), and > not in the standard, is undefined behavior. No, it isn't. Whether a library, for example, was something you put on the machine yourself, or was put there by a hacker without your knowledge, doesn't affect the presence or absence of undefined behavior. All that matters is what's in the library. It's perfectly possible for a library installed by a hacker to perform only well-defined operations, be well-formed and ABI-compatible, etc. Just because you don't know what is in the library doesn't make it undefined behavior.