...
C99 Section 4 explains how the standard identifies undefined behavior. (See also undefined behavior 1 of Annex J.)
If a "shall" or "shall not" requirement that appears outside of a constraint is violated, the behavior is undefined. Undefined behavior is otherwise indicated in this International Standard by the words "undefined behavior" or by the omission of any explicit definition of behavior. There is no difference in emphasis among these three; they all describe "behavior that is undefined".
C99 Annex J.2, "Undefined behavior," enumerates the circumstances under which the behavior of a program is undefined. This list is duplicated on the CC. Undefined Behavior page.
Behavior can be classified as undefined by the C standards committee for the following reasons:
...
All of this puts the onus on the programmer to write strictly conforming code, with or without the help of the compiler. Because performance is a primary emphasis of the C language, this situation is likely to get worse before it gets better.
...
An example of undefined behavior in C99 is the behavior on signed integer overflow. (See also rule INT32-C. Ensure that operations on non-atomic signed integers do not result in overflow.) This noncompliant code example depends on this behavior to catch the overflow.
...
CERT C++ Secure Coding Standard: MSC15-CPP. Do not depend on undefined behavior
ISO/IEC 9899:1999 Section 3.4.3, "undefined behavior," Section 4, "Conformance," and Annex J.2, "Undefined behavior"
ISO/IEC TR 24772 "BQF Unspecified Behaviour", "EWF Undefined Behaviour" and "FAB Implementation-defined Behaviour"
Bibliography
[Seacord 2005] Chapter 5, "Integers"
...