...
Unfortunately, undefined behaviors do occur, particularly in the presence of an an attacker. Optimizations make it difficult to determine how these systems will behave in the presence of undefined behaviors. This is particularly true when visually inspecting source code , because if the code which relies on undefined behaviors, a code reviewer cannot be certain if the code will be compiled or if it will be optimized out. Furthermore, just because a compiler currently generates object code for an undefined behavior, does not mean that future versions of the compiler are obligated to do the same; this behavior may be viewed as an opportunity for further optimization. Compilers are also not required to issue diagnostics for undefined behavior, so there is frequently no easy way to identify undefined behavior in code.
...
This compliant solution does not depended upon undefined behavior so a compliant solution is required to generate code for the overflow test since it generates code to test for overflow in the assertion.
| Code Block | ||
|---|---|---|
| ||
#include <assert.h>
int foo(int a) {
assert(a < (INT_MAX - 100));
printf("%d %d\n", a + 100, a);
return a;
}
int main(void) {
foo(100);
foo(INT_MAX);
}
|
...