Boost logo

Boost :

Subject: Re: [boost] [variant2] never-empty guarantee considered harmful
From: Christian Mazakas (christian.mazakas_at_[hidden])
Date: 2019-04-13 15:05:04


While UB sanitizers and other tools like valgrind are incredibly powerful
and useful, a test suite is and always will be more portable, reliable and
self-documenting. Emphasizing UB for the sake of debugging or ensuring
correctness is not as effective as emphasizing test suites instead.

A strong guarantee gives sufficient reasoning and logical guarantees for
programmers.

- Chris

On Fri, Apr 12, 2019 at 11:06 PM Rainer Deyke via Boost <
boost_at_[hidden]> wrote:

> On 13.04.19 01:47, Frank Mori Hess via Boost wrote:
> > On Fri, Apr 12, 2019 at 7:26 PM Andrzej Krzemienski via Boost
> > <boost_at_[hidden]> wrote:
> >> UB is a useful symptom of a bug and
> >> therefore can help detect and remove bugs
> >
> > It seems like you are using a different definition of undefined
> > behavior than what I understand it to be. UB is not a useful symptom
> > because it can be anything, and can vary by implementation. It
> > doesn't necessarily mean the program crashes, it could for example
> > result in exactly the harmless unnoticed response to a bug you object
> > to.
>
> UB is not a runtime check that detects bugs (although compiling with
> undefined behavior sanitizer turns it into one). It is a conceptual
> tool for verifying the correctness of your program. If your program
> invokes undefined behavior, it is incorrect. Conversely, if your
> program is correct, then it does not invoke undefined behavior.
>
> Undefined behavior is not a defect of the C++ language. It's a
> deliberate feature. The standards committee could have easily defined
> the result of reading an uninitialized variable as "whatever arbitrary
> value happens to occupy that memory location". Instead, they chose to
> mark it as undefined behavior, because a program that uses uninitialized
> variables is /wrong/.
>
> This bears repeating. Reading from an uninitialized variable is not
> wrong because it is undefined behavior, but the other way around.
> Reading from an uninitialized variable is undefined behavior because it
> is wrong.
>
>
> --
> Rainer Deyke (rainerd_at_[hidden])
>
>
> _______________________________________________
> Unsubscribe & other changes:
> http://lists.boost.org/mailman/listinfo.cgi/boost
>


Boost list run by bdawes at acm.org, gregod at cs.rpi.edu, cpdaniel at pacbell.net, john at johnmaddock.co.uk