
C Standard Undefined Behavior vs. Wittgenstein [pdf] - ColinWright
http://www.yodaiken.com/wp-content/uploads/2018/05/ub-1.pdf
======
signa11
dupe:
[https://news.ycombinator.com/item?id=17188955](https://news.ycombinator.com/item?id=17188955)

------
xamuel
Undefined behavior is almost inevitable if optimum performance is desired.

A function which _appears_ to need bounds-checking (for instance a function
which takes int *x and immediately returns x[0]) might _in-fact_ only ever be
called after bounds-checking has already been performed. Adding bounds-
checking into said function would waste time.

The compiler can't determine whether or not the function will or will not be
called dangerously, that would require solving the halting problem.

To reconcile our security demands with our performance demands, we must
develop a language which has UB, but whose compiler only accepts programs
accompanied by formal proofs that those programs are safe.

