Hacker News new | comments | ask | show | jobs | submit login
[dupe] C Standard Undefined Behavior vs. Wittgenstein [pdf] (yodaiken.com)
16 points by ColinWright 8 months ago | hide | past | web | favorite | 2 comments

Undefined behavior is almost inevitable if optimum performance is desired.

A function which _appears_ to need bounds-checking (for instance a function which takes int *x and immediately returns x[0]) might _in-fact_ only ever be called after bounds-checking has already been performed. Adding bounds-checking into said function would waste time.

The compiler can't determine whether or not the function will or will not be called dangerously, that would require solving the halting problem.

To reconcile our security demands with our performance demands, we must develop a language which has UB, but whose compiler only accepts programs accompanied by formal proofs that those programs are safe.

Applications are open for YC Summer 2019

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact