Renders the entire program meaningless if certain rules of the language are violated.

[edit]Explanation

The C++ standard precisely defines theobservable behavior of every C++ program that does not fall into one of the following classes:

• ill-formed - The program has syntax errors or diagnosable semantic errors.

• A conforming C++ compiler is required to issue a diagnostic, even if it defines a language extension that assigns meaning to such code (such as with variable-length arrays).
• The text of the standard usesshall,shall not, andill-formed to indicate these requirements.

• ill-formed,no diagnostic required - The program has semantic errors which may not be diagnosable in general case (e.g. violations of theODR or other errors that are only detectable at link time).

• The behavior is undefined if such program is executed.

• implementation-defined behavior - The behavior of the program varies between implementations, and the conforming implementation must document the effects of each behavior.

• For example, the type ofstd::size_t or the number of bits in a byte, or the text ofstd::bad_alloc::what.
• A subset of implementation-defined behavior islocale-specific behavior, which depends on the implementation-suppliedlocale.

• unspecified behavior - The behavior of the program varies between implementations, and the conforming implementation is not required to document the effects of each behavior.

• For example,order of evaluation, whether identicalstring literals are distinct, the amount of array allocation overhead, etc.
• Each unspecified behavior results in one of a set of valid results.

#include <cassert>#include <cstring> void f(){int d1, d2;// d1, d2 have erroneous valuesint e1= d1;// erroneous behaviorint e2= d1;// erroneous behaviorassert(e1== e2);// holdsassert(e1== d1);// holds, erroneous behaviorassert(e2== d1);// holds, erroneous behavior std::memcpy(&d2,&d1, sizeof(int));// no erroneous behavior, but// d2 has an erroneous value assert(e1== d2);// holds, erroneous behaviorassert(e2== d2);// holds, erroneous behavior} unsignedchar g(bool b){unsignedchar c;// c has erroneous valueunsignedchar d= c;// no erroneous behavior, but d has an erroneous valueassert(c== d);// holds, both integral promotions have erroneous behaviorint e= d;// erroneous behaviorreturn b? d:0;// erroneous behavior if b is true}

• undefined behavior - There are no restrictions on the behavior of the program.

• Some examples of undefined behavior are data races, memory accesses outside of array bounds, signed integer overflow, null pointer dereference,more than one modifications of the same scalar in an expressionwithout any intermediate sequence point(until C++11)that is unsequenced(since C++11), access to an object througha pointer of a different type, etc.
• Implementations are not required to diagnose undefined behavior (although many simple situations are diagnosed), and the compiled program is not required to do anything meaningful.

[edit]UB and optimization

Because correct C++ programs are free of undefined behavior, compilers may produce unexpected results when a program that actually has UB is compiled with optimization enabled:

For example,

[edit]Signed overflow

int foo(int x){return x+1> x;// either true or UB due to signed overflow}

may be compiled as (demo)

foo(int):        mov     eax,1        ret

[edit]Access out of bounds

int table[4]={};bool exists_in_table(int v){// return true in one of the first 4 iterations or UB due to out-of-bounds accessfor(int i=0; i<=4; i++)if(table[i]== v)returntrue;returnfalse;}

May be compiled as (demo)

exists_in_table(int):        mov     eax,1        ret

[edit]Uninitialized scalar

std::size_t f(int x){std::size_t a;if(x)// either x nonzero or UB        a=42;return a;}

May be compiled as (demo)

f(int):        mov     eax,42        ret

#include <cstdio> int main(){bool p;// uninitialized local variableif(p)// UB access to uninitialized scalarstd::puts("p is true");if(!p)// UB access to uninitialized scalarstd::puts("p is false");}

p is truep is false

[edit]Invalid scalar

int f(){bool b=true;unsignedchar* p=reinterpret_cast<unsignedchar*>(&b);*p=10;// reading from b is now UBreturn b==0;}

May be compiled as (demo)

f():        mov     eax,11        ret

[edit]Null pointer dereference

The examples demonstrate reading from the result of dereferencing a null pointer.

int foo(int* p){int x=*p;if(!p)return x;// Either UB above or this branch is never takenelsereturn0;} int bar(){int* p= nullptr;return*p;// Unconditional UB}

may be compiled as (demo)

foo(int*):        xor     eax, eax        retbar():        ret

[edit]Access to pointer passed tostd::realloc

#include <cstdlib>#include <iostream> int main(){int* p=(int*)std::malloc(sizeof(int));int* q=(int*)std::realloc(p, sizeof(int));*p=1;// UB access to a pointer that was passed to realloc*q=2;if(p== q)// UB access to a pointer that was passed to reallocstd::cout<<*p<<*q<<'\n';}

12

[edit]Infinite loop without side-effects

#include <iostream> bool fermat(){constint max_value=1000; // Non-trivial infinite loop with no side effects is UBfor(int a=1, b=1, c=1;true;){if(((a* a* a)==((b* b* b)+(c* c* c))))returntrue;// disproved :()        a++;if(a> max_value){            a=1;            b++;}if(b> max_value){            b=1;            c++;}if(c> max_value)            c=1;} returnfalse;// not disproved} int main(){std::cout<<"Fermat's Last Theorem ";    fermat()?std::cout<<"has been disproved!\n":std::cout<<"has not been disproved.\n";}

Fermat's Last Theorem has been disproved!

[edit]Ill-formed with diagnostic message

Note that compilers are permitted to extend the language in ways that give meaning to ill-formed programs. The only thing C++ standard requires in such cases is a diagnostic message (compiler warning), unless the program was "ill-formed no diagnostic required".

For example, unless language extensions are disabled via--pedantic-errors, GCC will compile the following examplewith only a warning even though itappears in the C++ standard as an example of an "error" (see alsoGCC Bugzilla #55783)

#include <iostream> // Example tweak, do not use constantdouble a{1.0}; // C++23 standard, §9.4.5 List-initialization [dcl.init.list], Example #6:struct S{// no initializer-list constructors    S(int,double,double);// #1    S();// #2// ...}; S s1={1,2,3.0};// OK, invoke #1S s2{a,2,3};// error: narrowingS s3{};// OK, invoke #2// — end example] S::S(int,double,double){}S::S(){} int main(){std::cout<<"All checks have passed.\n";}

main.cpp:17:6: error: type 'double' cannot be narrowed to 'int' in initializer ⮠list [-Wc++11-narrowing]S s2{a, 2, 3}; // error: narrowing     ^main.cpp:17:6: note: insert an explicit cast to silence this issueS s2{a, 2, 3}; // error: narrowing     ^     static_cast<int>( )1 error generated.

[edit]References

[edit]See also

[edit]External links

• In other languages

• Español
• 日本語
• Русский
• 中文