Home → Magazine Archive → March 2016 (Vol. 59, No. 3) → Technical Perspective: Stacking Up Undefined Behaviors → Abstract

Technical Perspective: Stacking Up Undefined Behaviors

By John Regehr

Communications of the ACM, Vol. 59 No. 3, Page 98

Any computer system must make trade-offs between freedoms retained by the system and guarantees made to the system's users. Designers attempt to balance conflicting goals, such as throughput and ease of use. Programming languages must make these trade-offs too. For example, a language with built-in garbage collection often retains the freedom to move objects around in memory, making it difficult to share objects with other processes or with hardware devices.

C and C++ are based on an extreme set of trade-offs: In these languages, a wide variety of hard-to-avoid program behaviors, such as signed integer overflow and out-of-bounds array references, are "undefined behaviors." No guarantees at all are made to a program that executes an undefined behavior. The languages' heavy reliance on undefined behaviors stems from C's obsolete philosophy of "trust the programmer" and also from pragmatic efforts by standards committees to encompass a wide variety of implementations. Bugs arising from undefined behaviors are difficult to prevent and during the last few decades they have led to a huge number of exploitable vulnerabilities in security-critical computer programs.


No entries found