hngopher.com

       [HN Gopher] Look out: Divergent representations are everywhere
       ___________________________________________________________________
        
       Look out: Divergent representations are everywhere
        
       Author : ingve
       Score  : 39 points
       Date   : 2022-11-10 13:59 UTC (9 hours ago)
        
 (HTM) web link (blog.trailofbits.com)
 (TXT) w3m dump (blog.trailofbits.com)
        
       | Diggsey wrote:
       | > The best way to prevent a divergent representation is to avoid
       | including undefined behavior in a program. That's not
       | particularly actionable advice, though.
       | 
       | I mean... It is pretty actionable TBH. There are sanitizers you
       | can use to detect UB. You could use a memory safe language. You
       | could use a fuzzer. You could improve your test coverage. You
       | could use static analysis tools. All of these can help reduce the
       | chance of UB in your program.
        
         | fulafel wrote:
         | I assume you know this but to clarify, it's important to
         | distinguish between tools like fuzzers or UB sanitizers which
         | can detect some cases when UB is triggered under heavy testing,
         | from more sound languages which give you strong assurance
         | against it.
         | 
         | UB in C is a dynamic behaviour, not something that can be
         | detected by static analysis. A lot of it is triggered for
         | example by certain values in passed-in parameters or other
         | implicit state consumed by functions. And flagging any
         | potential UB that might be caused by bad inputs is would yield
         | so many positives that it's unworkable.
         | 
         | See eg "There is No Reliable Way to Determine if a Large
         | Codebase Contains Undefined Behavior" section in
         | http://blog.llvm.org/2011/05/what-every-c-programmer-should-...
        
       | Queue29 wrote:
       | > That's not particularly actionable advice, though.
       | 
       | Yes it is. Stop using C.
        
       | bregma wrote:
       | Investigator finds that undefined behaviour means the program can
       | do pretty much anything. Recommends programmers not make
       | assumptions about what undefined behaviour can do. Film at 11.
        
       | cwzwarich wrote:
       | It's pretty sad that C/C++ finally accepted that arithmetic on
       | contemporary computers is twos-complement but kept UB on signed
       | overflow to ensure that compilers can continue to optimize loops
       | with signed indices. If everyone used unsigned indices as the
       | default for loops, then the UB could be eliminated with no real
       | performance consequences.
        
       | formerly_proven wrote:
       | This seems exactly like what an optimizing compiler is supposed
       | to do.
        
       ___________________________________________________________________
       (page generated 2022-11-10 23:02 UTC)