
A Differential Approach to Undefined Behavior Detection - nkurz
http://cacm.acm.org/magazines/2016/3/198849-a-differential-approach-to-undefined-behavior-detection/fulltext
======
nkurz
I'm currently dealing with an older C++ code base that relies on a lot of
classic undefined behavior[1]. Stuff like this:

    
    
      // check for wraparound
      const char *maxPtr = ptr + minSize;
      if (maxPtr < ptr) maxPtr = ...
    
      // force crash by dereferencing NULL
      if (thing_that_should_not_happen) {
        char *xx=NULL; *xx=0;
      }
    

Some of these are obvious patterns that I can search for and replace, but I'm
sure there are lots of cases that are more subtle. What are the current best
tools (preferably for Linux) that detect places in the code that are suspect,
so that they can be reviewed manually?

[1] At least, I think this is undefined behavior in C++. I'm much more
familiar with C, and am extrapolating. Are there big differences in undefined
behavior between the two that I should be aware of?

