Undefined Behaviors in C


This contains a nice (partial) list of Undefined Behaviors in C:


It should be useful to have a similar list for Rust, and to try to minimize it.

Edit: there is a discussion here:

They also show a short list from the Rustonomicron.


The following behaviours from this list exist in Rust:

  • Spatial Memory Safety Violations
  • Temporal Memory Safety Violations
  • Alignment Violations
  • Loops that Neither Perform I/O nor Terminate (even in safe Rust, this one is a bug that should be fixed someday)
  • Data Races
  • Conversion to or from an integer type produces a value outside the range that can be represented (even in safe Rust, also a bug)
  • A trap representation is read by an lvalue expression that does not have character type. Trap representations in Rust are:
    • 0 value in NonZero type
    • enum with undefined discriminant
    • bool which represents value other than false or true
    • char that doesn’t represent Unicode character
    • non-UTF-8 str
  • Incompatible extern function declaration

Additionally these undefined behaviours exist:

  • Reading uninitialized memory (this one actually isn’t undefined behaviour in C outside of auto variables, surprisingly enough)
  • Breaking the pointer aliasing rules
  • Unwinding into another language
  • Calling another language function which causes undefined behaviour
  • Violating unsafe function requirements
  • Creating non-repr(C) structure without using Rust constructor syntax (for instance you can create a Vec this way where capacity is larger than allocated space).
  • Modifying non-repr(C) structure by directly modifying memory outside of member accessor or pointer to it.
  • longjmp crossing Rust language boundary.

And probably more, that’s all I was able to think of.




More on the same topic: