From: Ralf Jung Date: Tue, 28 Jul 2020 21:08:25 +0000 (+0200) Subject: explain why invalid bool is truly arbitrary UB X-Git-Url: https://git.ralfj.de/web.git/commitdiff_plain/ca23bda8cbce9c014fe61bb1ffbcf1dcff9abbf7?hp=a2b4d5631c785cbeb25e5ccbd0bddfc63106e7de explain why invalid bool is truly arbitrary UB --- diff --git a/personal/_posts/2020-07-15-unused-data.md b/personal/_posts/2020-07-15-unused-data.md index 500ecef..dcd6b78 100644 --- a/personal/_posts/2020-07-15-unused-data.md +++ b/personal/_posts/2020-07-15-unused-data.md @@ -30,6 +30,7 @@ fn example(b: bool) -> i32 { I hope it is not very surprising that calling `example` on, e.g., `3` transmuted to `bool` is Undefined Behavior (UB). When compiling `if`, the compiler assumes that `0` and `1` are the only possible values; there is no saying what could go wrong when that assumption is violated. +For example, the compiler might use a [jump table](https://en.wikipedia.org/wiki/Branch_table); an out-of-bounds index in that table could literally execute any code, so there is no way to bound the behavior in that case. (This is a compiler-understood *validity invariant* that is fixed in the language specification, which is very different from a user-defined *safety invariant*. See [this earlier post]({% post_url 2018-08-22-two-kinds-of-invariants %}) for more details on that distinction.)