undefined behavior is awesome cppeurope€¦ · undefined behavior is awesome - cppcon 2017...
TRANSCRIPT
![Page 2: Undefined behavior is awesome cppeurope€¦ · UNDEFINED BEHAVIOR IS AWESOME - CPPCON 2017 UNDEFINED BEHAVIOR (UB) There are no restrictions on the behavior of the program. It does](https://reader035.vdocuments.us/reader035/viewer/2022063009/5fc0dc4c28c705141f6e6cf8/html5/thumbnails/2.jpg)
UNDEFINED BEHAVIOR IS AWESOME - CPPCON 2017
OUTLINE
▸What is UB
▸Why it sucks
▸How to fight with it
▸Why we need it
2
![Page 3: Undefined behavior is awesome cppeurope€¦ · UNDEFINED BEHAVIOR IS AWESOME - CPPCON 2017 UNDEFINED BEHAVIOR (UB) There are no restrictions on the behavior of the program. It does](https://reader035.vdocuments.us/reader035/viewer/2022063009/5fc0dc4c28c705141f6e6cf8/html5/thumbnails/3.jpg)
UNDEFINED BEHAVIOR IS AWESOME - CPPCON 2017
UNDEFINED BEHAVIOR (UB)
▸There are no restrictions on the behavior of the program.
▸ It does not affect the behavior if it wouldn’t be executed
▸We can treat it as a promise to the compiler that something won’t happen.
3
![Page 4: Undefined behavior is awesome cppeurope€¦ · UNDEFINED BEHAVIOR IS AWESOME - CPPCON 2017 UNDEFINED BEHAVIOR (UB) There are no restrictions on the behavior of the program. It does](https://reader035.vdocuments.us/reader035/viewer/2022063009/5fc0dc4c28c705141f6e6cf8/html5/thumbnails/4.jpg)
WHAT CAN HAPPEN AFTER HITTING UB?
4
![Page 5: Undefined behavior is awesome cppeurope€¦ · UNDEFINED BEHAVIOR IS AWESOME - CPPCON 2017 UNDEFINED BEHAVIOR (UB) There are no restrictions on the behavior of the program. It does](https://reader035.vdocuments.us/reader035/viewer/2022063009/5fc0dc4c28c705141f6e6cf8/html5/thumbnails/5.jpg)
5
![Page 6: Undefined behavior is awesome cppeurope€¦ · UNDEFINED BEHAVIOR IS AWESOME - CPPCON 2017 UNDEFINED BEHAVIOR (UB) There are no restrictions on the behavior of the program. It does](https://reader035.vdocuments.us/reader035/viewer/2022063009/5fc0dc4c28c705141f6e6cf8/html5/thumbnails/6.jpg)
UNDEFINED BEHAVIOR IS AWESOME - CPPCON 2017
UNDEFINED BEHAVIOR (UB)▸ In theory your program can do anything
▸ in practice the odds of formatting your hard drive are
6
![Page 7: Undefined behavior is awesome cppeurope€¦ · UNDEFINED BEHAVIOR IS AWESOME - CPPCON 2017 UNDEFINED BEHAVIOR (UB) There are no restrictions on the behavior of the program. It does](https://reader035.vdocuments.us/reader035/viewer/2022063009/5fc0dc4c28c705141f6e6cf8/html5/thumbnails/7.jpg)
UNDEFINED BEHAVIOR IS AWESOME - CPPCON 2017
BORING UBS
▸Naming variable starting with double underscore
▸Defining functions in namespace std
▸Specializing non-user defined types in namespace std (can’t specialize std::hash<std::pair<int, int>>)
▸can’t take an address to member function from std
▸Mitigation - almost none, but can be implemented easily in clang-tidy
7
![Page 8: Undefined behavior is awesome cppeurope€¦ · UNDEFINED BEHAVIOR IS AWESOME - CPPCON 2017 UNDEFINED BEHAVIOR (UB) There are no restrictions on the behavior of the program. It does](https://reader035.vdocuments.us/reader035/viewer/2022063009/5fc0dc4c28c705141f6e6cf8/html5/thumbnails/8.jpg)
UNDEFINED BEHAVIOR IS AWESOME - CPPCON 2017
MORE INTERESTING UBS
▸calling main
▸ Integers overflow
▸Using uninitialized values
▸Forgetting return statement
8
![Page 9: Undefined behavior is awesome cppeurope€¦ · UNDEFINED BEHAVIOR IS AWESOME - CPPCON 2017 UNDEFINED BEHAVIOR (UB) There are no restrictions on the behavior of the program. It does](https://reader035.vdocuments.us/reader035/viewer/2022063009/5fc0dc4c28c705141f6e6cf8/html5/thumbnails/9.jpg)
UNDEFINED BEHAVIOR IS AWESOME - CPPCON 2017
CALLING MAIN
int main(int argc, const char* argv[]) { if (argc == 0) return 0; printf("%s ", argv[0]); return main(argc - 1, argv + 1);}
9
![Page 10: Undefined behavior is awesome cppeurope€¦ · UNDEFINED BEHAVIOR IS AWESOME - CPPCON 2017 UNDEFINED BEHAVIOR (UB) There are no restrictions on the behavior of the program. It does](https://reader035.vdocuments.us/reader035/viewer/2022063009/5fc0dc4c28c705141f6e6cf8/html5/thumbnails/10.jpg)
UNDEFINED BEHAVIOR IS AWESOME - CPPCON 2017
SIMPLE OVERFLOW
int foo(int x) { return x+1 > x;}
int foo(int) { return true;}
int foo2(int x) { return (2 * x) / 2;}
int foo2(int x) { return x;}
10
![Page 11: Undefined behavior is awesome cppeurope€¦ · UNDEFINED BEHAVIOR IS AWESOME - CPPCON 2017 UNDEFINED BEHAVIOR (UB) There are no restrictions on the behavior of the program. It does](https://reader035.vdocuments.us/reader035/viewer/2022063009/5fc0dc4c28c705141f6e6cf8/html5/thumbnails/11.jpg)
UNDEFINED BEHAVIOR IS AWESOME - CPPCON 2017
CHECKING FOR OVERFLOWvoid process_something(int size) { // Catch integer overflow. if (size > size+1) abort(); ;;; // Error checking from this code elided. char *string = malloc(size+1); read(fd, string, size); string[size] = 0; do_something(string); free(string);}
Chris Lattner - What Every C Programmer Should Know About Undefined Behavior #2/3
11
![Page 12: Undefined behavior is awesome cppeurope€¦ · UNDEFINED BEHAVIOR IS AWESOME - CPPCON 2017 UNDEFINED BEHAVIOR (UB) There are no restrictions on the behavior of the program. It does](https://reader035.vdocuments.us/reader035/viewer/2022063009/5fc0dc4c28c705141f6e6cf8/html5/thumbnails/12.jpg)
UNDEFINED BEHAVIOR IS AWESOME - CPPCON 2017
INTEGER OVERFLOWS + LOOPSfor (int i = 0; i <= n; i++) { A[i] = B[i] + C[i];}
▸Loop will terminate
▸will have n+1 steps
▸assert(n >= i);
▸safe to wide induction variable to uint64_t
= VECTORIZATION AND UNROLLING
12
![Page 13: Undefined behavior is awesome cppeurope€¦ · UNDEFINED BEHAVIOR IS AWESOME - CPPCON 2017 UNDEFINED BEHAVIOR (UB) There are no restrictions on the behavior of the program. It does](https://reader035.vdocuments.us/reader035/viewer/2022063009/5fc0dc4c28c705141f6e6cf8/html5/thumbnails/13.jpg)
UNDEFINED BEHAVIOR IS AWESOME - CPPCON 2017
INTEGER OVERFLOWS - MITIGATION
▸UBsan can find overflow during runtime
▸-fwrapv - defines integer overflow
▸-ftrapv - traps on integer overflow
▸Sometimes warnings help
13
![Page 14: Undefined behavior is awesome cppeurope€¦ · UNDEFINED BEHAVIOR IS AWESOME - CPPCON 2017 UNDEFINED BEHAVIOR (UB) There are no restrictions on the behavior of the program. It does](https://reader035.vdocuments.us/reader035/viewer/2022063009/5fc0dc4c28c705141f6e6cf8/html5/thumbnails/14.jpg)
UNDEFINED BEHAVIOR IS AWESOME - CPPCON 2017
UNINITIALIZED VALUESint random() { int x; return x;}
int check() { int x = random(); if (x % 2) return 42; return 1; }
int check() { return 1; }
14
![Page 15: Undefined behavior is awesome cppeurope€¦ · UNDEFINED BEHAVIOR IS AWESOME - CPPCON 2017 UNDEFINED BEHAVIOR (UB) There are no restrictions on the behavior of the program. It does](https://reader035.vdocuments.us/reader035/viewer/2022063009/5fc0dc4c28c705141f6e6cf8/html5/thumbnails/15.jpg)
UNDEFINED BEHAVIOR IS AWESOME - CPPCON 2017
UNINITIALIZED VALUES - MITIGATION
▸Warnings
▸static analysis
▸UBSan
▸MSan
15
![Page 16: Undefined behavior is awesome cppeurope€¦ · UNDEFINED BEHAVIOR IS AWESOME - CPPCON 2017 UNDEFINED BEHAVIOR (UB) There are no restrictions on the behavior of the program. It does](https://reader035.vdocuments.us/reader035/viewer/2022063009/5fc0dc4c28c705141f6e6cf8/html5/thumbnails/16.jpg)
WHEN SOMETHING IS GOOD CANDIDATE TO BE UB?When occurred situation is considered a bug and defining it’s behavior would be a performance loss.
16
![Page 17: Undefined behavior is awesome cppeurope€¦ · UNDEFINED BEHAVIOR IS AWESOME - CPPCON 2017 UNDEFINED BEHAVIOR (UB) There are no restrictions on the behavior of the program. It does](https://reader035.vdocuments.us/reader035/viewer/2022063009/5fc0dc4c28c705141f6e6cf8/html5/thumbnails/17.jpg)
UNDEFINED BEHAVIOR IS AWESOME - CPPCON 2017
REASONS FOR HAVING UNDEFINED BEHAVIOR
▸ Integers overflow was not defined because CPUs could do different things when it happen
▸Using uninitialized values is not defined because initializing with zero would be expensive
▸ In order to define nullptr dereference we would need to check for null
▸ In order to define buffer overflows we would have to insert bounds check everywhere
17
![Page 18: Undefined behavior is awesome cppeurope€¦ · UNDEFINED BEHAVIOR IS AWESOME - CPPCON 2017 UNDEFINED BEHAVIOR (UB) There are no restrictions on the behavior of the program. It does](https://reader035.vdocuments.us/reader035/viewer/2022063009/5fc0dc4c28c705141f6e6cf8/html5/thumbnails/18.jpg)
UNDEFINED BEHAVIOR IS AWESOME - CPPCON 2017
TASTY UBS
▸nullptr dereference
▸buffer overflow
▸using pointer to object of ended lifetime
▸violating strict-aliasing
▸const_casting const
18
![Page 19: Undefined behavior is awesome cppeurope€¦ · UNDEFINED BEHAVIOR IS AWESOME - CPPCON 2017 UNDEFINED BEHAVIOR (UB) There are no restrictions on the behavior of the program. It does](https://reader035.vdocuments.us/reader035/viewer/2022063009/5fc0dc4c28c705141f6e6cf8/html5/thumbnails/19.jpg)
UNDEFINED BEHAVIOR IS AWESOME - CPPCON 2017
DEREFERENCING NULLint main() { auto p = std::make_unique<int>(42);
std::unique_ptr<int> p2 = std::move(p);
*p = 42; std::cout << *p << std::endl;}
19
![Page 20: Undefined behavior is awesome cppeurope€¦ · UNDEFINED BEHAVIOR IS AWESOME - CPPCON 2017 UNDEFINED BEHAVIOR (UB) There are no restrictions on the behavior of the program. It does](https://reader035.vdocuments.us/reader035/viewer/2022063009/5fc0dc4c28c705141f6e6cf8/html5/thumbnails/20.jpg)
UNDEFINED BEHAVIOR IS AWESOME - CPPCON 2017
DEREFERENCING NULLint main() { trap();}
20
![Page 21: Undefined behavior is awesome cppeurope€¦ · UNDEFINED BEHAVIOR IS AWESOME - CPPCON 2017 UNDEFINED BEHAVIOR (UB) There are no restrictions on the behavior of the program. It does](https://reader035.vdocuments.us/reader035/viewer/2022063009/5fc0dc4c28c705141f6e6cf8/html5/thumbnails/21.jpg)
21Sees Undefined Behavior
Deletes your whole code
![Page 22: Undefined behavior is awesome cppeurope€¦ · UNDEFINED BEHAVIOR IS AWESOME - CPPCON 2017 UNDEFINED BEHAVIOR (UB) There are no restrictions on the behavior of the program. It does](https://reader035.vdocuments.us/reader035/viewer/2022063009/5fc0dc4c28c705141f6e6cf8/html5/thumbnails/22.jpg)
UNDEFINED BEHAVIOR IS AWESOME - CPPCON 2017
DEREFERENCING NULLint main() { auto p = std::make_unique<int>(42);
std::unique_ptr<int> p2 = std::move(p);
[unrechable] std::cout << *p << std::endl;}
22
![Page 23: Undefined behavior is awesome cppeurope€¦ · UNDEFINED BEHAVIOR IS AWESOME - CPPCON 2017 UNDEFINED BEHAVIOR (UB) There are no restrictions on the behavior of the program. It does](https://reader035.vdocuments.us/reader035/viewer/2022063009/5fc0dc4c28c705141f6e6cf8/html5/thumbnails/23.jpg)
UNDEFINED BEHAVIOR IS AWESOME - CPPCON 2017
DEREFERENCING NULLint main() { auto p = std::make_unique<int>(42);
std::unique_ptr<int> p2 = std::move(p);
[unrechable]}
23
![Page 24: Undefined behavior is awesome cppeurope€¦ · UNDEFINED BEHAVIOR IS AWESOME - CPPCON 2017 UNDEFINED BEHAVIOR (UB) There are no restrictions on the behavior of the program. It does](https://reader035.vdocuments.us/reader035/viewer/2022063009/5fc0dc4c28c705141f6e6cf8/html5/thumbnails/24.jpg)
UNDEFINED BEHAVIOR IS AWESOME - CPPCON 2017
DEREFERENCING NULLint main() { auto p = std::make_unique<int>(42);
std::move(p);
[unrechable]}
24
![Page 25: Undefined behavior is awesome cppeurope€¦ · UNDEFINED BEHAVIOR IS AWESOME - CPPCON 2017 UNDEFINED BEHAVIOR (UB) There are no restrictions on the behavior of the program. It does](https://reader035.vdocuments.us/reader035/viewer/2022063009/5fc0dc4c28c705141f6e6cf8/html5/thumbnails/25.jpg)
UNDEFINED BEHAVIOR IS AWESOME - CPPCON 2017
DEREFERENCING NULLint main() { auto p = std::make_unique<int>(42);
[unrechable]}
25
![Page 26: Undefined behavior is awesome cppeurope€¦ · UNDEFINED BEHAVIOR IS AWESOME - CPPCON 2017 UNDEFINED BEHAVIOR (UB) There are no restrictions on the behavior of the program. It does](https://reader035.vdocuments.us/reader035/viewer/2022063009/5fc0dc4c28c705141f6e6cf8/html5/thumbnails/26.jpg)
UNDEFINED BEHAVIOR IS AWESOME - CPPCON 2017
DEREFERENCING NULLint main() { std::make_unique<int>(42);
[unrechable]}
26
![Page 27: Undefined behavior is awesome cppeurope€¦ · UNDEFINED BEHAVIOR IS AWESOME - CPPCON 2017 UNDEFINED BEHAVIOR (UB) There are no restrictions on the behavior of the program. It does](https://reader035.vdocuments.us/reader035/viewer/2022063009/5fc0dc4c28c705141f6e6cf8/html5/thumbnails/27.jpg)
UNDEFINED BEHAVIOR IS AWESOME - CPPCON 2017
DEREFERENCING NULLint main() { [unrechable]}
27
![Page 28: Undefined behavior is awesome cppeurope€¦ · UNDEFINED BEHAVIOR IS AWESOME - CPPCON 2017 UNDEFINED BEHAVIOR (UB) There are no restrictions on the behavior of the program. It does](https://reader035.vdocuments.us/reader035/viewer/2022063009/5fc0dc4c28c705141f6e6cf8/html5/thumbnails/28.jpg)
UNDEFINED BEHAVIOR IS AWESOME - CPPCON 2017
DEREFERENCING NULLvoid fun(int *p, int *z) { *p = 42; if (p == nullptr) { *z = 54; }}
28
![Page 29: Undefined behavior is awesome cppeurope€¦ · UNDEFINED BEHAVIOR IS AWESOME - CPPCON 2017 UNDEFINED BEHAVIOR (UB) There are no restrictions on the behavior of the program. It does](https://reader035.vdocuments.us/reader035/viewer/2022063009/5fc0dc4c28c705141f6e6cf8/html5/thumbnails/29.jpg)
UNDEFINED BEHAVIOR IS AWESOME - CPPCON 2017
DEREFERENCING NULLvoid fun(int *p, int *z) { *p = 42; if (false) { *z = 54; }}
29
![Page 30: Undefined behavior is awesome cppeurope€¦ · UNDEFINED BEHAVIOR IS AWESOME - CPPCON 2017 UNDEFINED BEHAVIOR (UB) There are no restrictions on the behavior of the program. It does](https://reader035.vdocuments.us/reader035/viewer/2022063009/5fc0dc4c28c705141f6e6cf8/html5/thumbnails/30.jpg)
UNDEFINED BEHAVIOR IS AWESOME - CPPCON 2017
DEREFERENCING NULLvoid fun(int *p, int *z) { *p = 42;}
30
![Page 31: Undefined behavior is awesome cppeurope€¦ · UNDEFINED BEHAVIOR IS AWESOME - CPPCON 2017 UNDEFINED BEHAVIOR (UB) There are no restrictions on the behavior of the program. It does](https://reader035.vdocuments.us/reader035/viewer/2022063009/5fc0dc4c28c705141f6e6cf8/html5/thumbnails/31.jpg)
UNDEFINED BEHAVIOR IS AWESOME - CPPCON 2017
DEREFERENCING NULLvoid fun(int *p, int *z) { *p = 42; if (p == nullptr) { *z = 54; }}
31
![Page 32: Undefined behavior is awesome cppeurope€¦ · UNDEFINED BEHAVIOR IS AWESOME - CPPCON 2017 UNDEFINED BEHAVIOR (UB) There are no restrictions on the behavior of the program. It does](https://reader035.vdocuments.us/reader035/viewer/2022063009/5fc0dc4c28c705141f6e6cf8/html5/thumbnails/32.jpg)
UNDEFINED BEHAVIOR IS AWESOME - CPPCON 2017
DEREFERENCING NULLvoid fun(int *p, int *z) { *p = 42; set_z(p, z); // before inlining}
32
![Page 33: Undefined behavior is awesome cppeurope€¦ · UNDEFINED BEHAVIOR IS AWESOME - CPPCON 2017 UNDEFINED BEHAVIOR (UB) There are no restrictions on the behavior of the program. It does](https://reader035.vdocuments.us/reader035/viewer/2022063009/5fc0dc4c28c705141f6e6cf8/html5/thumbnails/33.jpg)
UNDEFINED BEHAVIOR IS AWESOME - CPPCON 2017 33
![Page 34: Undefined behavior is awesome cppeurope€¦ · UNDEFINED BEHAVIOR IS AWESOME - CPPCON 2017 UNDEFINED BEHAVIOR (UB) There are no restrictions on the behavior of the program. It does](https://reader035.vdocuments.us/reader035/viewer/2022063009/5fc0dc4c28c705141f6e6cf8/html5/thumbnails/34.jpg)
UNDEFINED BEHAVIOR IS AWESOME - CPPCON 2017 34
TIME TRAVEL
![Page 35: Undefined behavior is awesome cppeurope€¦ · UNDEFINED BEHAVIOR IS AWESOME - CPPCON 2017 UNDEFINED BEHAVIOR (UB) There are no restrictions on the behavior of the program. It does](https://reader035.vdocuments.us/reader035/viewer/2022063009/5fc0dc4c28c705141f6e6cf8/html5/thumbnails/35.jpg)
UNDEFINED BEHAVIOR IS AWESOME - CPPCON 2017
DEREFERENCING NULLvoid fun(int *p, int *z) { if (p == nullptr) { *z = 54; } *p = 42;}
35
![Page 36: Undefined behavior is awesome cppeurope€¦ · UNDEFINED BEHAVIOR IS AWESOME - CPPCON 2017 UNDEFINED BEHAVIOR (UB) There are no restrictions on the behavior of the program. It does](https://reader035.vdocuments.us/reader035/viewer/2022063009/5fc0dc4c28c705141f6e6cf8/html5/thumbnails/36.jpg)
UNDEFINED BEHAVIOR IS AWESOME - CPPCON 2017
DEREFERENCING NULLvoid fun(int *p, int *z) { /* if (p == nullptr) { *z = 54; } */ *p = 42;}
36
![Page 37: Undefined behavior is awesome cppeurope€¦ · UNDEFINED BEHAVIOR IS AWESOME - CPPCON 2017 UNDEFINED BEHAVIOR (UB) There are no restrictions on the behavior of the program. It does](https://reader035.vdocuments.us/reader035/viewer/2022063009/5fc0dc4c28c705141f6e6cf8/html5/thumbnails/37.jpg)
UNDEFINED BEHAVIOR IS AWESOME - CPPCON 2017
DEREFERENCING NULLvoid fun(int *p, int *z) { if (p == nullptr) { *z = 54; *p = 42; } else *p = 42;}
37
![Page 38: Undefined behavior is awesome cppeurope€¦ · UNDEFINED BEHAVIOR IS AWESOME - CPPCON 2017 UNDEFINED BEHAVIOR (UB) There are no restrictions on the behavior of the program. It does](https://reader035.vdocuments.us/reader035/viewer/2022063009/5fc0dc4c28c705141f6e6cf8/html5/thumbnails/38.jpg)
UNDEFINED BEHAVIOR IS AWESOME - CPPCON 2017
DEREFERENCING NULLvoid fun(int *p, int *z) { if (p == nullptr) { *z = 54; [unreachable] } else *p = 42;}
38
![Page 39: Undefined behavior is awesome cppeurope€¦ · UNDEFINED BEHAVIOR IS AWESOME - CPPCON 2017 UNDEFINED BEHAVIOR (UB) There are no restrictions on the behavior of the program. It does](https://reader035.vdocuments.us/reader035/viewer/2022063009/5fc0dc4c28c705141f6e6cf8/html5/thumbnails/39.jpg)
UNDEFINED BEHAVIOR IS AWESOME - CPPCON 2017
DEREFERENCING NULLvoid fun(int *p, int *z) { if (p == nullptr) { [unreachable] } else *p = 42;}
39
![Page 40: Undefined behavior is awesome cppeurope€¦ · UNDEFINED BEHAVIOR IS AWESOME - CPPCON 2017 UNDEFINED BEHAVIOR (UB) There are no restrictions on the behavior of the program. It does](https://reader035.vdocuments.us/reader035/viewer/2022063009/5fc0dc4c28c705141f6e6cf8/html5/thumbnails/40.jpg)
UNDEFINED BEHAVIOR IS AWESOME - CPPCON 2017
DEREFERENCING NULLvoid fun(int *p, int *z) { *p = 42;}
40
![Page 41: Undefined behavior is awesome cppeurope€¦ · UNDEFINED BEHAVIOR IS AWESOME - CPPCON 2017 UNDEFINED BEHAVIOR (UB) There are no restrictions on the behavior of the program. It does](https://reader035.vdocuments.us/reader035/viewer/2022063009/5fc0dc4c28c705141f6e6cf8/html5/thumbnails/41.jpg)
UNDEFINED BEHAVIOR IS AWESOME - CPPCON 2017 41
![Page 42: Undefined behavior is awesome cppeurope€¦ · UNDEFINED BEHAVIOR IS AWESOME - CPPCON 2017 UNDEFINED BEHAVIOR (UB) There are no restrictions on the behavior of the program. It does](https://reader035.vdocuments.us/reader035/viewer/2022063009/5fc0dc4c28c705141f6e6cf8/html5/thumbnails/42.jpg)
UNDEFINED BEHAVIOR IS AWESOME - CPPCON 2017
DEREFERENCING NULL#include <cstdlib>
using FUN = void ();
static FUN* fun_ptr;void evil() { system("rm -rf /");}
void set() { fun_ptr = evil;}
int main() { fun_ptr();}
42
evil(): mov edi, .L.str jmp system set(): retmain: push rax mov edi, .L.str call system xor eax, eax pop rcx ret.L.str: .asciz "rm -rf /"
![Page 43: Undefined behavior is awesome cppeurope€¦ · UNDEFINED BEHAVIOR IS AWESOME - CPPCON 2017 UNDEFINED BEHAVIOR (UB) There are no restrictions on the behavior of the program. It does](https://reader035.vdocuments.us/reader035/viewer/2022063009/5fc0dc4c28c705141f6e6cf8/html5/thumbnails/43.jpg)
UNDEFINED BEHAVIOR IS AWESOME - CPPCON 2017
DEREFERENCING NULL
▸Why the compiler does not warn about it?
▸Diagnostics are harder than optimizations
43
void fun(int *p, int *z) { *p = 42; set_z(p, z); // Requires inlining}void set_z(int *p, int *z) { if (p == nullptr) *z = 42;}
![Page 44: Undefined behavior is awesome cppeurope€¦ · UNDEFINED BEHAVIOR IS AWESOME - CPPCON 2017 UNDEFINED BEHAVIOR (UB) There are no restrictions on the behavior of the program. It does](https://reader035.vdocuments.us/reader035/viewer/2022063009/5fc0dc4c28c705141f6e6cf8/html5/thumbnails/44.jpg)
UNDEFINED BEHAVIOR IS AWESOME - CPPCON 2017
DEREFERENCING NULL
▸Why the compiler does not warn about it?
▸Diagnostics are harder than optimizations
▸Clang issues diagnostics in the frontend
▸MSVC issues diagnostics in the backend
▸We don’t want to repeat the computation
44
![Page 45: Undefined behavior is awesome cppeurope€¦ · UNDEFINED BEHAVIOR IS AWESOME - CPPCON 2017 UNDEFINED BEHAVIOR (UB) There are no restrictions on the behavior of the program. It does](https://reader035.vdocuments.us/reader035/viewer/2022063009/5fc0dc4c28c705141f6e6cf8/html5/thumbnails/45.jpg)
UNDEFINED BEHAVIOR IS AWESOME - CPPCON 2017
DEREFERENCING NULL - MITIGATION
▸Do not debug with optimizations
▸-Og (-Odont-be-asshole)
▸Use static analyzers
45
![Page 46: Undefined behavior is awesome cppeurope€¦ · UNDEFINED BEHAVIOR IS AWESOME - CPPCON 2017 UNDEFINED BEHAVIOR (UB) There are no restrictions on the behavior of the program. It does](https://reader035.vdocuments.us/reader035/viewer/2022063009/5fc0dc4c28c705141f6e6cf8/html5/thumbnails/46.jpg)
UNDEFINED BEHAVIOR IS AWESOME - CPPCON 2017
FORGETTING RETURN STATEMENTint foo(bool p) { if (p) return 42;}
46
int foo(bool p) { return 42;}
int foo() {}
__Z3foov: // foo()0000000000000000 push rbp0000000000000001 mov rbp, rsp ; endp
![Page 47: Undefined behavior is awesome cppeurope€¦ · UNDEFINED BEHAVIOR IS AWESOME - CPPCON 2017 UNDEFINED BEHAVIOR (UB) There are no restrictions on the behavior of the program. It does](https://reader035.vdocuments.us/reader035/viewer/2022063009/5fc0dc4c28c705141f6e6cf8/html5/thumbnails/47.jpg)
UNDEFINED BEHAVIOR IS AWESOME - CPPCON 2017
FORGETTING RETURN STATEMENT
47
int foo() {}
__Z3foov: // foo()0000000000000000 push rbp0000000000000001 mov rbp, rsp ; endp
void evil() { system("rm -rf ~/");}
__Z4evilv: // evil()0000000100000f70 push rbp0000000100000f71 mov rbp, rsp; "rm -rf ~/”, argument "command" for method imp___stubs__system0000000100000f74 lea rdi, qword [0x100000fa2]0000000100000f7b pop rbp0000000100000f7c jmp imp___stubs__system
![Page 48: Undefined behavior is awesome cppeurope€¦ · UNDEFINED BEHAVIOR IS AWESOME - CPPCON 2017 UNDEFINED BEHAVIOR (UB) There are no restrictions on the behavior of the program. It does](https://reader035.vdocuments.us/reader035/viewer/2022063009/5fc0dc4c28c705141f6e6cf8/html5/thumbnails/48.jpg)
UNDEFINED BEHAVIOR IS AWESOME - CPPCON 2017
FORGETTING RETURN STATEMENT
48
int foo() {}
__Z3foov: // foo()0000000000000000 push rbp0000000000000001 mov rbp, rsp ; endp
void evil() { system("rm -rf ~/");}
__Z4evilv: // evil()0000000100000f70 push rbp0000000100000f71 mov rbp, rsp; "rm -rf ~/”, argument "command" for method imp___stubs__system0000000100000f74 lea rdi, qword [0x100000fa2]0000000100000f7b pop rbp0000000100000f7c jmp imp___stubs__system
int bar() {}
__Z3barv: // bar()0000000100000f60 push rbp0000000100000f61 mov rbp, rsp
![Page 49: Undefined behavior is awesome cppeurope€¦ · UNDEFINED BEHAVIOR IS AWESOME - CPPCON 2017 UNDEFINED BEHAVIOR (UB) There are no restrictions on the behavior of the program. It does](https://reader035.vdocuments.us/reader035/viewer/2022063009/5fc0dc4c28c705141f6e6cf8/html5/thumbnails/49.jpg)
UNDEFINED BEHAVIOR IS AWESOME - CPPCON 2017
FORGETTING RETURN STATEMENT
#include <cstdlib>int foo() {}int bar() {}void evil() { system("rm -rf ~/“);}
49
int foo();int main() { foo();}
![Page 50: Undefined behavior is awesome cppeurope€¦ · UNDEFINED BEHAVIOR IS AWESOME - CPPCON 2017 UNDEFINED BEHAVIOR (UB) There are no restrictions on the behavior of the program. It does](https://reader035.vdocuments.us/reader035/viewer/2022063009/5fc0dc4c28c705141f6e6cf8/html5/thumbnails/50.jpg)
UNDEFINED BEHAVIOR IS AWESOME - CPPCON 2017
FORGETTING RETURN STMT - MITIGATION
▸Read compiler warnings?
▸ it would be nice if clang would not screw with us
50
![Page 51: Undefined behavior is awesome cppeurope€¦ · UNDEFINED BEHAVIOR IS AWESOME - CPPCON 2017 UNDEFINED BEHAVIOR (UB) There are no restrictions on the behavior of the program. It does](https://reader035.vdocuments.us/reader035/viewer/2022063009/5fc0dc4c28c705141f6e6cf8/html5/thumbnails/51.jpg)
UNDEFINED BEHAVIOR IS AWESOME - CPPCON 2017
BUFFER OVERFLOW
int table[4];bool exists_in_table(int v){ for (int i = 0; i <= 4; i++) { if (table[i] == v) return true; } return false;}
51
![Page 52: Undefined behavior is awesome cppeurope€¦ · UNDEFINED BEHAVIOR IS AWESOME - CPPCON 2017 UNDEFINED BEHAVIOR (UB) There are no restrictions on the behavior of the program. It does](https://reader035.vdocuments.us/reader035/viewer/2022063009/5fc0dc4c28c705141f6e6cf8/html5/thumbnails/52.jpg)
UNDEFINED BEHAVIOR IS AWESOME - CPPCON 2017
BUFFER OVERFLOW
int table[4];bool exists_in_table(int v){ for (int i = 0; i <= 4; i++) { if (table[i] == v) return true; } return false;}
52
![Page 53: Undefined behavior is awesome cppeurope€¦ · UNDEFINED BEHAVIOR IS AWESOME - CPPCON 2017 UNDEFINED BEHAVIOR (UB) There are no restrictions on the behavior of the program. It does](https://reader035.vdocuments.us/reader035/viewer/2022063009/5fc0dc4c28c705141f6e6cf8/html5/thumbnails/53.jpg)
UNDEFINED BEHAVIOR IS AWESOME - CPPCON 2017
BUFFER OVERFLOW
int table[4];bool exists_in_table(int v){ for (int i = 0; i <= 4; i++) { if (table[i] == v) return true; } return false;}
53
![Page 54: Undefined behavior is awesome cppeurope€¦ · UNDEFINED BEHAVIOR IS AWESOME - CPPCON 2017 UNDEFINED BEHAVIOR (UB) There are no restrictions on the behavior of the program. It does](https://reader035.vdocuments.us/reader035/viewer/2022063009/5fc0dc4c28c705141f6e6cf8/html5/thumbnails/54.jpg)
UNDEFINED BEHAVIOR IS AWESOME - CPPCON 2017
BUFFER OVERFLOW
int table[4];bool exists_in_table(int v){ return true;}
54
![Page 55: Undefined behavior is awesome cppeurope€¦ · UNDEFINED BEHAVIOR IS AWESOME - CPPCON 2017 UNDEFINED BEHAVIOR (UB) There are no restrictions on the behavior of the program. It does](https://reader035.vdocuments.us/reader035/viewer/2022063009/5fc0dc4c28c705141f6e6cf8/html5/thumbnails/55.jpg)
UNDEFINED BEHAVIOR IS AWESOME - CPPCON 2017
BUFFER OVERFLOW - MITIGATION
▸Use address sanitizer / valgrind
▸static-analyzer
55
![Page 56: Undefined behavior is awesome cppeurope€¦ · UNDEFINED BEHAVIOR IS AWESOME - CPPCON 2017 UNDEFINED BEHAVIOR (UB) There are no restrictions on the behavior of the program. It does](https://reader035.vdocuments.us/reader035/viewer/2022063009/5fc0dc4c28c705141f6e6cf8/html5/thumbnails/56.jpg)
UNDEFINED BEHAVIOR IS AWESOME - CPPCON 2017
LIFETIME AND POINTERS#include <stdio.h>#include <stdlib.h> int main() { int *p = (int*)malloc(sizeof(int)); int *q = (int*)realloc(p, sizeof(int)); if (p == q) { *p = 1; *q = 2; printf("%d %d\n", *p, *q); }}
Compiled with clang produce: 1 2
56
John Regehr - Undefined Behavior Consequences Contest Winners
![Page 57: Undefined behavior is awesome cppeurope€¦ · UNDEFINED BEHAVIOR IS AWESOME - CPPCON 2017 UNDEFINED BEHAVIOR (UB) There are no restrictions on the behavior of the program. It does](https://reader035.vdocuments.us/reader035/viewer/2022063009/5fc0dc4c28c705141f6e6cf8/html5/thumbnails/57.jpg)
UNDEFINED BEHAVIOR IS AWESOME - CPPCON 2017
VIRTUAL FUNCTIONS
▸ Is there a difference between C++ virtual functions and hand written 'virtual' functions in C?
▸You can do more optimizations with C++ virtual function
▸Hint: object lifetime
57
![Page 58: Undefined behavior is awesome cppeurope€¦ · UNDEFINED BEHAVIOR IS AWESOME - CPPCON 2017 UNDEFINED BEHAVIOR (UB) There are no restrictions on the behavior of the program. It does](https://reader035.vdocuments.us/reader035/viewer/2022063009/5fc0dc4c28c705141f6e6cf8/html5/thumbnails/58.jpg)
UNDEFINED BEHAVIOR IS AWESOME - CPPCON 2017
VIRTUAL FUNCTIONS
int test(Base *a) { int sum = 0; sum += a->foo(); sum += a->foo(); // Is it the same foo()? return sum;}
int Base::foo() { new (this) Derived; return 1;}
58
![Page 59: Undefined behavior is awesome cppeurope€¦ · UNDEFINED BEHAVIOR IS AWESOME - CPPCON 2017 UNDEFINED BEHAVIOR (UB) There are no restrictions on the behavior of the program. It does](https://reader035.vdocuments.us/reader035/viewer/2022063009/5fc0dc4c28c705141f6e6cf8/html5/thumbnails/59.jpg)
UNDEFINED BEHAVIOR IS AWESOME - CPPCON 2017
VIRTUAL FUNCTIONS - MITIGATION
▸Control Flow Integrity (CFI)
▸UBSan
59
![Page 60: Undefined behavior is awesome cppeurope€¦ · UNDEFINED BEHAVIOR IS AWESOME - CPPCON 2017 UNDEFINED BEHAVIOR (UB) There are no restrictions on the behavior of the program. It does](https://reader035.vdocuments.us/reader035/viewer/2022063009/5fc0dc4c28c705141f6e6cf8/html5/thumbnails/60.jpg)
UNDEFINED BEHAVIOR IS AWESOME - CPPCON 2017
MISBEHAVING BEHAVIOR
▸Some things are not even mentioned in C++ standard, or behaves differently
▸Stack overflow is not mentioned in C++ standard
▸Throwing std::bad_alloc when allocation fails
60
![Page 61: Undefined behavior is awesome cppeurope€¦ · UNDEFINED BEHAVIOR IS AWESOME - CPPCON 2017 UNDEFINED BEHAVIOR (UB) There are no restrictions on the behavior of the program. It does](https://reader035.vdocuments.us/reader035/viewer/2022063009/5fc0dc4c28c705141f6e6cf8/html5/thumbnails/61.jpg)
UNDEFINED BEHAVIOR IS AWESOME - CPPCON 2017
WRAPPING UP
▸Undefined behavior is used to optimize code
▸We don’t really know what gains do we get for every undefined behavior
▸For every UB there should be a tool that would find it
61
![Page 62: Undefined behavior is awesome cppeurope€¦ · UNDEFINED BEHAVIOR IS AWESOME - CPPCON 2017 UNDEFINED BEHAVIOR (UB) There are no restrictions on the behavior of the program. It does](https://reader035.vdocuments.us/reader035/viewer/2022063009/5fc0dc4c28c705141f6e6cf8/html5/thumbnails/62.jpg)
UNDEFINED BEHAVIOR IS AWESOME - CPPCON 2017
WRAPPING UP
62
![Page 63: Undefined behavior is awesome cppeurope€¦ · UNDEFINED BEHAVIOR IS AWESOME - CPPCON 2017 UNDEFINED BEHAVIOR (UB) There are no restrictions on the behavior of the program. It does](https://reader035.vdocuments.us/reader035/viewer/2022063009/5fc0dc4c28c705141f6e6cf8/html5/thumbnails/63.jpg)
QUESTIONS!
63