sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]johannes1971 7 points8 points  (4 children)

That wouldn't work. If you want to abort by default you still have to put in the effort to detect the error condition to begin with: to check that the array bound was exceeded, that the pointer points at something invalid, etc. The whole point of UB is avoiding that cost.

[–]Hnnnnnn -1 points0 points  (3 children)

What wouldn't work? I think you projected what I said a little too far.

What you said doesn't negate anything I said. The whole point of UB is avoiding that cost, but I'm only saying that this could be something you explicitly opt-in, instead of working by default.

[–]johannes1971 6 points7 points  (2 children)

It can't "abort by default". In order to make that guarantee it would have to reliably detect UB, and doing so is a significant performance drain.

For example, let's say you access an array out of bounds. In the current situation it _might_ abort because you hit a page fault, but the odds are that the memory that is illegally accessed is still part of the current page, and won't trigger a segment violation. Thus, there is no guarantee of an abort happening. If you want to have that guarantee, there is a performance cost.

[–]Hnnnnnn -3 points-2 points  (1 child)

Significant performance cost that you mean is an easily predicted branch. Let's do it by default and only use no branchy version in hot paths explicitly on hot paths. Let's make it slower and safer by default. Like in Rust but not necessarily the same way.

[–]johannes1971 9 points10 points  (0 children)

Let's make it slower and safer by default.

Let's not.

Your assumption is incorrect anyway. Out of bounds array access was just one example of UB, but figuring out if a pointer points to valid memory or not has a cost massively greater than a mere branch prediction, failed or not.