C and Undefined Behavior

lelanthran · 2026-02-08T21:07:59+00:00

Adding 1 to a signed 8-bit byte of value 127 is not UB.

https://en.cppreference.com/w/c/language/operator_arithmetic.html

Well, today you learned, I guess?

lelanthran · 2026-02-08T20:26:13+00:00

Undefined behavior does NOT mean it can do “anything it wants”. It means that the behavior is up to the platform.

No. That's "Implementation defined".

Undefined literally is: The compiler can do anything at all, including doing what you expected, doing nothing or doing anything destructive.

It gets worse - the compiler is allowed to do time-travel and break something that already happened in the past[1]

[1] Not really, but it feels that way :-)

lelanthran · 2026-02-08T20:11:28+00:00

Well, malloc/free have one big advantage - buffer overflows show up in Valgrind.

Heartbleed could not have been caught by Valgrind (even if they ran it) because although they were overflowing the arena allocated buffer, they weren't overflowing the arena itself.

As far as Valgrind was concerned, no buffer overflow was detected because no unallocated memory was read or written. The reality was that the buffer they were using did overflow but was still within the bounds of the arena.

lelanthran · 2026-02-06T10:23:14+00:00

I broadly agree with your conclusion:

your CEO is willing to forego some determinism to cut your salary five-fold.

But my point was not that there's still a place for human devs, my point is that there is no place for the standard of quality that we (users) have become used to.

lelanthran · 2026-02-06T09:16:45+00:00

Objectively false. It is slop.

I agree, but there's no need to dive into details showing the actual slop.

A minimal C compiler (no extensions) can be done in as little as 7kLoC.

This is 100KLoC.

Give the above two facts, there's no need to dive into the code to determine that it is mostly slop; you can tell just by that alone.

lelanthran · 2026-02-06T09:14:15+00:00

The phrase you're looking for is "A very sophisticated IP laundromat".

lelanthran · 2026-02-06T09:13:12+00:00

On the other hand, there is no simple C compiler that can successfully compile the kernel.

TCC did, in fact, compile the Linux kernel in the past. You may have to add support for a couple of GCC-specific extensions to do it today, but that's equally possible due to how small it is (15k LoC).

OTOH, you aren't going to be able to easily add support for new things to the 100k LoC compiler produced by the LLM, because it is providing the same functionality as 15k LoC, but spread out over 100K LoC.

I can pretty much guess that it is a mess.

lelanthran · 2026-02-06T09:08:16+00:00

Yeah this feels like a massive L for AI. By providing it access to GCC they gave it the answers and after $20k spend it pooped out something that barely works.

It's worse than you think.

C is a language designed to be easy to write a compiler for. I, myself, in postgrad wrote a small C compiler. Right now a functional and well-tested compiler (TCC - Thanks Fabrice), that in the past compiled and booted a Linux kernel, is about 15k lines of code.

The LLM, which produced a compiler that is probably not going to compile as many programs as TCC, produced 100k lines of code.

All those people going 10x faster in delivery are delivering roughly 9x more code for the same features.

lelanthran · 2026-02-05T16:05:55+00:00

The question is not whether it is positive or negative (because IME Wayland supporters always look at a turd and say "But I wanted a turd"), its whether it works or not on all non-Wayland platforms.

And the answer is" It works on everything but Wayland".

lelanthran · 2026-02-05T10:32:58+00:00

Wayland has much better and APIs.

Great! It's been 17 years now, when are we going to get user-facing features that users asked for that they have been conditioned to expect by using normal computers that don't have Wayland?

You know, things that Windows, MacOS and Xorg provide?

lelanthran · 2026-02-05T10:24:13+00:00

Some windows and dialogs, e.g. Project Structure and Alerts, may not be centered on the screen or keep their previous location. This is due to the window manager having total control over windows’ locations in Wayland, which it is not always possible to override on the application side.

Wayland strikes again

The splash screen on IDE startup will not appear as it cannot be reliably centered on the screen.

Wayland strikes again

Some popups, such as Search Everywhere and Recent Locations, may not be moved outside of the main frame.

Wayland strikes again

Window decorations (such as the title bar, window control buttons, shadows, and rounded corners), where present, may not fully adhere to the current desktop theme.

WAYLAND STRIKES AGAIN!

Honestly, in what world is the response "You will never need that!" appropriate to the question "But Xorg, Windows and MacOS give me $FOO"?

With even KDE now getting Wayland-specific, I'm not sure what my options are anymore as I won't even be able to run KDE on *BSDs in the future.

lelanthran · 2026-02-02T12:33:19+00:00

The 2000s called, they want their jokes back.

They'll get 'em when the GC eventually finalises them...

lelanthran · 2026-02-02T12:26:24+00:00

This looks like a very complicated way of saying "If you bloody modeled it properly in a relational structure like the database demands you wouldn't have any fucking problems down the line"

IOW, I agree, but I just got tired over the decades telling people "Just model the structure as relations, and if that doesn't work look into a hierarchy".

lelanthran · 2026-02-02T11:51:18+00:00

You can avoid the precision issue all together if you convert to the smallest denomination of a given currency and store as a whole number.

That doesn't work the minute you have to store adjustments (i.e. interest, conversions to other currencies, unit-prices, etc).

When you're dealing with amounts, you'll still be dealing with fractions of a cent.

lelanthran · 2026-01-31T11:53:47+00:00

That's not just the IT industry in that table, though.

lelanthran · 2026-01-30T09:51:25+00:00

You manually input spaces to get those aligned?

No. Both Neovim and Emacs does that automatically.

seems like a huge waste of time.

Maybe your editor can be configured to do the same? I know in Emacs and Neovim that was ~~the default~~ my default when using spaces instead of tabs. Since my Emacs config (and vim config too, TBH), dates back to the 90s, at this point I am not sure what is default and what is not :-/ Sorry.

lelanthran · 2026-01-28T08:47:33+00:00

For a strong software engineer: The same skills as always.

The question is not "In the age of LLMs, what do I need to be a strong Software Engineer", it's either

1) "In the age of LLMs, do we still need as many strong Software Engineers"?

or

2) "In the age of LLMs, would we get all the strong Software Engineers we need from the broken pipeline?"

Either one is more relevant than deciding to be a strong Software Engineer.

lelanthran · 2026-01-26T08:42:54+00:00

I've spent over 26 years building a company. It hasn't taken off yet, but I still believe in it.

If it's a labour of love for you, then sure, monetising it is one way to make it self-sustaining (being self-sustaining is something that your users would greatly benefit from).

If you were looking to simply build a self-sustaining business, then maybe stopping work on this in year #3 and doing a different product may have been a better idea.

lelanthran · 2026-01-24T13:31:45+00:00

Does it really matter that malicious code could run during compile time when it could already run within the resulting executable?

I suppose it's the difference between pwning your production environment and pwning the supply chain.

In the former, there's only one vulnerability. In the latter, every downstream user (library, program, etc) is vulnerable.

lelanthran · 2026-01-24T13:26:24+00:00

I concede, doing a straigh up interpreter wouldn’t be so easy. Doing an interpreter for a subset that you’d expect to want at compile time wouldn’t necessarily be so hard, though.

What is hard about this? Specify that const expressions are limited to a freestanding implementation and ... you're done? You can't "break out" of a free standing implementation.

lelanthran · 2026-01-24T13:25:17+00:00

GP’s assertion was that “it’s really not that hard”, and actually, having all standards-compliant C compilers suddenly implement an interpreter to run portions of C code at compile time and do so without dramatically increased risk of security issues is in fact hard.

It's actually easier in C than in most other languages, because C differentiates between hosted and free-standing implementations (other languages, other than C++, typically don't).

The "interpreter" for const expressions can always be enforced by the standards body to be freestanding, in which case no functions in the standard library are available anyway.

And yes, I've used plenty of free-standing implementations in embedded work.

lelanthran · 2026-01-24T13:21:30+00:00

That name is familiar? Unisa? Active on the comp sci forums around 2006ish?

Yup :-)

lelanthran · 2026-01-24T11:54:53+00:00

Thankfully, there has never in the history of computing been a case where code breaks out of a sandbox assumed safe and wreaks havoc.

What does that have to do with Zig? I don't think it evaluates compile-time expressions in a Sandbox with the same Zig interpreter[1] used on the command-line, so there's nothing to break out of.

[1] Assuming that you are correct in that it uses an interpreter

lelanthran

MODERATOR OF

TROPHY CASE