Boost :

Date view	Thread view	Subject view	Author view

Subject: Re: [boost] [variant2] never-empty guarantee considered harmful
From: Andrzej Krzemienski (akrzemi1_at_[hidden])
Date: 2019-04-15 07:11:19

Next message: Andrzej Krzemienski: "Re: [boost] [variant2] never-empty guarantee considered harmful"
Previous message: Emil Dotchevski: "Re: [boost] [variant2] Formal review"
In reply to: Rainer Deyke: "Re: [boost] [variant2] never-empty guarantee considered harmful"

sob., 13 kwi 2019 o 08:06 Rainer Deyke via Boost <boost_at_[hidden]>
napisaÅ‚(a):

> On 13.04.19 01:47, Frank Mori Hess via Boost wrote:
> > On Fri, Apr 12, 2019 at 7:26 PM Andrzej Krzemienski via Boost
> > <boost_at_[hidden]> wrote:
> >> UB is a useful symptom of a bug and
> >> therefore can help detect and remove bugs
> >
> > It seems like you are using a different definition of undefined
> > behavior than what I understand it to be. UB is not a useful symptom
> > because it can be anything, and can vary by implementation. It
> > doesn't necessarily mean the program crashes, it could for example
> > result in exactly the harmless unnoticed response to a bug you object
> > to.
>
> UB is not a runtime check that detects bugs (although compiling with
> undefined behavior sanitizer turns it into one). It is a conceptual
> tool for verifying the correctness of your program. If your program
> invokes undefined behavior, it is incorrect. Conversely, if your
> program is correct, then it does not invoke undefined behavior.
>

Exactly. UB is not a tool for detecting bugs *at run-time* (even though it
is possible today). It is too late to detect bugs at run-time. It is for
detecting the bugs before the program is run for the first time: at static
analysis time, or code-review time.

Regards,
&rzej;

>
> Undefined behavior is not a defect of the C++ language. It's a
> deliberate feature. The standards committee could have easily defined
> the result of reading an uninitialized variable as "whatever arbitrary
> value happens to occupy that memory location". Instead, they chose to
> mark it as undefined behavior, because a program that uses uninitialized
> variables is /wrong/.
>
> This bears repeating. Reading from an uninitialized variable is not
> wrong because it is undefined behavior, but the other way around.
> Reading from an uninitialized variable is undefined behavior because it
> is wrong.
>
>
> --
> Rainer Deyke (rainerd_at_[hidden])
>
>
> _______________________________________________
> Unsubscribe & other changes:
> http://lists.boost.org/mailman/listinfo.cgi/boost
>

Next message: Andrzej Krzemienski: "Re: [boost] [variant2] never-empty guarantee considered harmful"
Previous message: Emil Dotchevski: "Re: [boost] [variant2] Formal review"
In reply to: Rainer Deyke: "Re: [boost] [variant2] never-empty guarantee considered harmful"

Date view	Thread view	Subject view	Author view

Boost list run by bdawes at acm.org, gregod at cs.rpi.edu, cpdaniel at pacbell.net, john at johnmaddock.co.uk