The classic apocryphal example of "undefined behavior" is, of course, "nasal demons" — a physical impossibility, regardless of what the C and C++ standards permit.

Because the C and C++ communities tend to put such an emphasis on the unpredictability of undefined behavior and the idea that the compiler is allowed to cause the program to do literally anything when undefined behavior is encountered, I had assumed that the standard puts no restrictions whatsoever on the behavior of, well, undefined behavior.

But the relevant quote in the C++ standard seems to be:

[C++14: defns.undefined]: [..] Permissible undefined behavior ranges from ignoring the situation completely with unpredictable results, to behaving during translation or program execution in a documented manner characteristic of the environment (with or without the issuance of a diagnostic message), to terminating a translation or execution (with the issuance of a diagnostic message). [..]

This actually specifies a small set of possible options:

  • Ignoring the situation -- Yes, the standard goes on to say that this will have "unpredictable results", but that's not the same as the compiler inserting code (which I assume would be a prerequisite for, you know, nasal demons).
  • Behaving in a documented manner characteristic of the environment -- this actually sounds relatively benign. (I certainly haven't heard of any documented cases of nasal demons.)
  • Terminating translation or execution -- with a diagnostic, no less. Would that all UB would behave so nicely.

I assume that in most cases, compilers choose to ignore the undefined behavior; for example, when reading uninitialized memory, it would presumably be an anti-optimization to insert any code to ensure consistent behavior. I suppose that the stranger types of undefined behavior (such as "time travel") would fall under the second category--but this requires that such behaviors be documented and "characteristic of the environment" (so I guess nasal demons are only produced by infernal computers?).

Am I misunderstanding the definition? Are these intended as mere examples of what could constitute undefined behavior, rather than a comprehensive list of options? Is the claim that "anything can happen" meant merely as an unexpected side-effect of ignoring the situation?

Two minor points of clarification:

  • I thought it was clear from the original question, and I think to most people it was, but I'll spell it out anyway: I do realize that "nasal demons" is tongue-in-cheek.
  • Please do not write an(other) answer explaining that UB allows for platform-specific compiler optimizations, unless you also explain how it allows for optimizations that implementation-defined behavior wouldn't allow.

This question was not intended as a forum for discussion about the (de)merits of undefined behavior, but that's sort of what it became. In any case, this thread about a hypothetical C-compiler with no undefined behavior may be of additional interest to those who think this is an important topic.

    It really has to do with operating system differences. For example, is memory initialized to zero? Is there a stack guard active? Does it use addreess randomization? The spec is silent because different behaviors are possible. Including a grue. Commented Aug 21, 2015 at 4:57
    Undefined behavior is always a joke until someone gets incinerated
    – Paul
    Commented Aug 21, 2015 at 5:11
    Instead of "nasal demons", I like to say that undefined behaviour can call your ex.
    – Brian Bi
    Commented Aug 21, 2015 at 5:16
    "Permissible undefined behavior ranges from ignoring the situation completely with unpredictable results" I think that pretty much covers everything under the sun. Commented Aug 21, 2015 at 5:36
    Just as a point of general English usage, if someone says "Our travel agency offers holidays from Australia to Turkey to Canada" - it doesn't mean those are the only countries available; there's no implication that the list is exhaustive. Commented Aug 21, 2015 at 5:53

Yes, it permits anything to happen. The note is just giving examples. The definition is pretty clear:

Undefined behavior: behavior for which this International Standard imposes no requirements.

Frequent point of confusion:

You should understand that "no requirement" also means means the implementation is NOT required to leave the behavior undefined or do something bizarre/nondeterministic!

The implementation is perfectly allowed by the C++ standard to document some sane behavior and behave accordingly.1 So, if your compiler claims to wrap around on signed overflow, logic (sanity?) would dictate that you're welcome to rely on that behavior on that compiler. Just don't expect another compiler to behave the same way if it doesn't claim to.

1Heck, it's even allowed to document one thing and do another. That'd be stupid, and it'd probably make you toss it into the trash—why would you trust a compiler whose documentation lies to you?—but it's not against the C++ standard.

    It's interesting, however, to compare the normative examples which presumably reflected the intended meaning of the phrase, with the behaviors of modern compilers. I've seen no evidence whatsoever that the authors of the Standard intended that compilers would use Undefined Behavior to determine what inputs a program would or would not receive.
– supercat
Commented Aug 21, 2015 at 6:31
    – supercat
    Commented Aug 21, 2015 at 6:31
    @supercat Examples and notes are not normative.
    – T.C.
    Commented Aug 21, 2015 at 6:41
    @supercat: It was quite obvious that the intent was essentially to "determine what inputs a program would not receive" - it's just that compilers were not so advanced at the time. For example, the whole point of x<<n being UB when n is equal to or exceeds to width of x's type is that the compiler can simply assume n doesn't and not have to implement complex and costly logic for what to do in that case. Conceptually there is no difference in making this optimization and performing other more advanced DCE based on UB. Commented Aug 21, 2015 at 14:51
    @supercat No, I'm saying that your use of "practical" is impractically vague. Sure, you'll know it when you see it. And compilers today are free to state that their pointers exist in a flat memory space. Some compilers choose not to make (many) guarantees beyond the standard, and exploit that freedom. Others compilers don't. Practical programmers either have to restrict their code to one version of one compiler using one standard, or code against the standard. Try to only dip into undefined behavior with lots of warnings and if the payoff is great, ideally asserting compiler versions. Commented Aug 21, 2015 at 19:38
    @supercat: You're neglecting the biggest benefit of making the effects of UB undesirable: breaking non-portable code and forcing people to write portable code. The value of this cannot be understated. Commented Aug 21, 2015 at 21:49

One of the historical purposes of Undefined Behavior was to allow for the possibility that certain actions may have different potentially-useful effects on different platforms. For example, in the early days of C, given

int i=INT_MAX;

some compilers could guarantee that the code would print some particular value (for a two's-complement machine it would typically be INT_MIN), while others would guarantee that the program would terminate without reaching the printf. Depending upon the application requirements, either behavior could be useful. Leaving the behavior undefined meant that an application where abnormal program termination was an acceptable consequence of overflow but producing seemingly-valid-but-wrong output would not be, could forgo overflow checking if run on a platform which would reliably trap it, and an application where abnormal termination in case of overflow would not be acceptable, but producing arithmetically-incorrect output would be, could forgo overflow checking if run on a platform where overflows weren't trapped.

Recently, however, some compiler authors seem to have gotten into a contest to see who can most efficiently eliminate any code whose existence would not be mandated by the standard. Given, for example...

#include <stdio.h>

int main(void)
  int ch = getchar();
  if (ch < 74)
    printf("Hey there!");

a hyper-modern compiler may conclude that if ch is 74 or greater, the computation of ch*ch*ch*ch*ch would yield Undefined Behavior, and as a consequence the program should print "Hey there!" unconditionally regardless of what character was typed.

    Wow. Any idea how we got from "potentially useful" to the current situation, in which much of the C++ community seems adamantly opposed to any attempt to determine the exact behavior of certain compilers upon encountering a situation allowing UB, with the explanation "it doesn't matter, your program has UB"? Commented Aug 21, 2015 at 15:00
  • 12
    No, it's about portability. We live in an interconnected age now with software distributed faster than you can think. We're no longer writing programs for that one dusty supercomputer in the basement. At least, most of us aren't. It's effectively down to a decades-old paradigm shift in programming; there are now tangible practical benefits to coding rigorously to standards (which ideally we'd always have done), and the toolchain writers can take advantage of that to produce really fast and efficient compilers. Why not?! Commented Aug 21, 2015 at 17:05
  • 5
    @LightnessRacesinOrbit: If the goal were to have a usable portable language, the Committee should recognize the existence of some distinct variations (e.g. dialects where p >= object.base && p<object.base+object.size) can be used to test whether p is part of an object, but which can't be implemented on all platforms, versus those which do not allow such comparisons but which can be implemented on more platforms). It should also define some data types which, if supported, would be required to behave consistently on all platforms. As it is, C has two distinct 32-bit signed integer types...
– supercat
Commented Aug 21, 2015 at 18:07
    – supercat
    Commented Aug 21, 2015 at 18:07
  • 4
    ...and two distinct unsigned 32-bit integer types. On platforms where all values of uint32_t are representable as int, subtraction of two uint32_t values will yield a signed result. On platforms where some values of uint32_t are not representable as int, subtraction yields a uint32_t result. Both types are called uint32_t, but their semantics are extremely different. Likewise, on platforms where int is larger than 32 bits, incrementing an int32_t will always have defined behavior. On platforms where int is exactly 32 bits, incrementing int32_t can cause UB.
– supercat
Commented Aug 21, 2015 at 18:10
    – supercat
    Commented Aug 21, 2015 at 18:10
  • 2
    @LightnessRacesinOrbit: Further, a portable language should define an efficient portable means of packing and unpacking a larger integer type into/from a sequence of smaller ones. Writing *dat++= value & 255; *dat++=(value >> 8) & 255; *dat++ = (value >> 16) & 255; *dat++ = (value >> 24) & 255; may be 100% portable (even for machines where CHAR_BITS > 8, but even on platforms where a single 32-bit store would have yielded correct behavior it would be hard for a compiler to determine that. Given __pack_i32_cle(&dat, value); any compiler could easily produce optimal code.
– supercat
Commented Aug 21, 2015 at 18:17
    – supercat
    Commented Aug 21, 2015 at 18:17

Nitpicking: You have not quoted a standard.

These are the sources used to generate drafts of the C++ standard. These sources should not be considered an ISO publication, nor should documents generated from them unless officially adopted by the C++ working group (ISO/IEC JTC1/SC22/WG21).

Interpretation: Notes are not normative according to the ISO/IEC Directives Part 2.

Notes and examples integrated in the text of a document shall only be used for giving additional information intended to assist the understanding or use of the document. They shall not contain requirements ("shall"; see 3.3.1 and Table H.1) or any information considered indispensable for the use of the document e.g. instructions (imperative; see Table H.1), recommendations ("should"; see 3.3.2 and Table H.2) or permission ("may"; see Table H.3). Notes may be written as a statement of fact.

Emphasis mine. This alone rules out "comprehensive list of options". Giving examples however does count as "additional information intended to assist the understanding .. of the document".

Do keep in mind that the "nasal demon" meme is not meant to be taken literally, just as using a balloon to explain how universe expansion works holds no truth in physical reality. It's to illustrate that it's foolhardy to discuss what "undefined behavior" should do when it's permissible to do anything. Yes, this means that there isn't an actual rubber band in outer space.

    Re: nitpick: I was inspired to go find that quote in the draft-standard by seeing it quoted from the 2003 standard in another answer. The wording looked very similar, so I don't think the wording has changed much for at least a decade, which is why I felt comfortable quoting from the draft (plus, it's free and online). Commented Aug 21, 2015 at 5:27
  • 4
    The final versions of those standard are not freely available, but behind quite a high paywall, thus cannot be linked. However, the final drafts are identical with the final version in all relevant technical and linguistic aspects. Without those drafts, citations from and references to the standard are actually impossible. So what do you prefer: 1) citation from the final (and in that aspect identical) draft or 2) no citation at all, thus just stating with no foundation at all? (and how do you know there is no rubber band in space?) Commented Feb 5, 2016 at 1:12
  Note that the C Standard uses the term "shall" in a way which differs from the usage of the term in almost any other standard. In most standards, violation of a constraint would render an implementation non-conforming, but that's not true of the C Standard. A program that violates a constraint cannot be strictly conforming, but the Standard recognizes as "conforming", and is expressly intended not to demean, non-portable programs upon which it imposes no requirements, but whose behavior is usefully defined by some implementations.
– supercat
Commented Mar 19, 2021 at 21:16
    – supercat
    Commented Mar 19, 2021 at 21:16

The definition of undefined behaviour, in every C and C++ standard, is essentially that the standard imposes no requirements on what happens.

Yes, that means any outcome is permitted. But there are no particular outcomes that are required to happen, nor any outcomes that are required to NOT happen. It does not matter if you have a compiler and library that consistently yields a particular behaviour in response to a particular instance of undefined behaviour - such a behaviour is not required, and may change even in a future bugfix release of your compiler - and the compiler will still be perfectly correct according to each version of the C and C++ standards.

If your host system has hardware support in the form of connection to probes that are inserted in your nostrils, it is within the realms of possibility that an occurrence of undefined behaviour will cause undesired nasal effects.

    Historically, the fact that the Standard didn't define a behavior in no way implied that implementations shouldn't do so. Indeed, a number of things which trigger Undefined Behavior do so do so because prior to the ratification of the C Standard, different implementations made two (or more) contradictory guarantees, both of which were relied upon by programs written for those implementations.
– supercat
Commented Aug 21, 2015 at 6:17
    – supercat
    Commented Aug 21, 2015 at 6:17
  • 1
    @Peter: The issue isn't just one of getting people to agree to a Standard. One of the reasons C has thrived is that compilers for various platforms could offer different trade-offs between performance, usability, and robustness, which were tailored to the needs of those platforms' users.
– supercat
Commented Aug 21, 2015 at 7:18
    – supercat
    Commented Aug 21, 2015 at 7:18
  • 2
    A good example was dereferencing the null pointer. On SPARC reading that gave you the value 0, and writing silently discarded the result. On MS-DOS, that location held the interrupt table. Try reconciling that.
– MSalters
Commented Aug 21, 2015 at 8:14
    – MSalters
    Commented Aug 21, 2015 at 8:14
  • 3
    @supercat But I believe the standard separately defines "implementation defined" behaviour, which DOES match with what you said. For example, what >> does on signed values is implementation defined (which means something consistent and defined in compiler documentation must happen), whereas what << does on signed values is undefined (which means anything can happen and nobody has to define it). Don't blame compiler writers; it's clear that modern writers of the standard are perfectly fine with what is going on, else they'd just make all the currently undefined behaviour implementation defined!
– Muzer
Commented Aug 21, 2015 at 13:47
    – Muzer
    Commented Aug 21, 2015 at 13:47
  • 1
    ...instruction (which would likely be impractical, given that such issues may be affected by register allocation, which may be in turn affected by many other factors). I would suggest that there are places where the Standard expressly forbids programs from doing certain things (generally at the syntactic or structural level), and that if the Standard intended to forbid certain things it could have done so.
– supercat
Commented Aug 21, 2015 at 18:58
    – supercat
    Commented Aug 21, 2015 at 18:58

I thought I'd answer just one of your points, since the other answers answer the general question quite well, but have left this unaddressed.

"Ignoring the situation -- Yes, the standard goes on to say that this will have "unpredictable results", but that's not the same as the compiler inserting code (which I assume would be a prerequisite for, you know, nasal demons)."

A situation in which nasal demons could very reasonably be expected to occur with a sensible compiler, without the compiler inserting ANY code, would be the following:

    printf("Random debug value: %i\n", *x); // oops, null pointer deference

A compiler, if it can prove that that *x is a null pointer dereference, is perfectly entitled, as part of some optimisation, to say "OK, so I see that they've dereferenced a null pointer in this branch of the if. Therefore, as part of that branch I'm allowed to do anything. So I can therefore optimise to this:"


"And from there, I can optimise to this:"


You can see how this sort of thing can in the right circumstances prove very useful for an optimising compiler, and yet cause disaster. I did see some examples a while back of cases where actually it IS important for optimisation to be able to optimise this sort of case. I might try to dig them out later when I have more time.

EDIT: One example that just came from the depths of my memory of such a case where it's useful for optimisation is where you very frequently check a pointer for being NULL (perhaps in inlined helper functions), even after having already dereferenced it and without having changed it. The optimising compiler can see that you've dereferenced it and so optimise out all the "is NULL" checks, since if you've dereferenced it and it IS null, anything is allowed to happen, including just not running the "is NULL" checks. I believe that similar arguments apply to other undefined behaviour.

  Err, sorry @supercat, I somehow missed the second half of your answer, which also explains this!
– Muzer
Commented Aug 21, 2015 at 9:58
    – Muzer
    Commented Aug 21, 2015 at 9:58
  • 1
    ...yes, I realize that if the user asks for nasal demons in certain cases, then they might get summoned in unexpected cases if the program has UB. When I say that certain UB behaviors would require inserting code, I'm talking about completely unexpected behaviors that are not already explicitly written into your code. Commented Aug 21, 2015 at 14:48
  • There must be some corner case where it's weirdly more efficient to generate completely new code that takes advantage of UB. I'll dig out some of the articles I read later.
    – Muzer
    Commented Aug 21, 2015 at 15:05
  • I'd be interested to see that, but keep in mind the original question could be rephrased as "does the standard really allow arbitrary code insertion for UB", which has already been answered. Commented Aug 21, 2015 at 15:11
  • 1
    @Muzer: The simple fact of the matter is that the set of behaviors defined by the C Standard is insufficient to perform many actions efficiently, but the vast majority of compilers have historically offered some extensions which allowed programs to meet their requirements much more efficiently than would otherwise be possible. For example, on some platforms, given int a,b,c,d; the implementation of a*b>c*d which would be most efficient when values are within range would compute (int)((unsigned)a*b)>(int)((unsigned)c*d), while on other platforms the most efficient function would...
– supercat
Commented Aug 21, 2015 at 19:22
    – supercat
    Commented Aug 21, 2015 at 19:22

First, it is important to note that it is not only the behaviour of the user program that is undefined, it is the behaviour of the compiler that is undefined. Similarly, UB is not encountered at runtime, it is a property of the source code.

To a compiler writer, "the behaviour is undefined" means, "you do not have to take this situation into account", or even "you can assume no source code will ever produce this situation". A compiler can do anything, intentionally or unintentionally, when presented with UB, and still be standard compliant, so yes, if you granted access to your nose...

Then, it is not always possible to know if a program has UB or not. Example:

int * ptr = calculateAddress();
int i = *ptr;

Knowing if this can ever be UB or not would require knowing all possible values returned by calculateAddress(), which is impossible in the general case (See "Halting Problem"). A compiler has two choices:

  • assume ptr will always have a valid address
  • insert runtime checks to guarantee a certain behaviour

The first option produces fast programs, and puts the burden of avoiding undesired effects on the programmer, while the second option produces safer but slower code.

The C and C++ standards leave this choice open, and most compilers choose the first, while Java for example mandates the second.

Why is the behaviour not implementation-defined, but undefined?

Implementation-defined means (N4296, 1.9§2):

Certain aspects and operations of the abstract machine are described in this International Standard as implementation-defined (for example, sizeof(int) ). These constitute the parameters of the abstract machine. Each implementation shall include documentation describing its characteristics and behavior in these respects. Such documentation shall define the instance of the abstract machine that corresponds to that implementation (referred to as the “corresponding instance” below).

Emphasis mine. In other words: A compiler-writer has to document exactly how the machine-code behaves, when the source code uses implementation-defined features.

Writing to a random non-null invalid pointer is one of the most unpredictable things you can do in a program, so this would require performance-reducing runtime-checks too.
Before we had MMUs, you could destroy hardware by writing to the wrong address, which comes very close to nasal demons ;-)

  Skipping the checks is the same as "ignoring the situation." This could still be a valid optimization with "implementation-defined" behavior, not UB. Also, I understand the halting problem, but see Rust for an example of a low-level language that solved the problem by disallowing null pointers. Commented Aug 21, 2015 at 14:53
  • It's not only null-pointers, signed overflow or division by zero are other examples of things that are generally impossible to forsee at compile-time. Sorry, I didn't understand what you mean with the first two sentences?
    – alain
    Commented Aug 21, 2015 at 15:04
  • 1
    Yes, IIRC Stroustrup regrets having introduced null pointers. This is a great article that explains the advantages of UB: blog.regehr.org/archives/213
– alain
Commented Aug 21, 2015 at 15:14
    – alain
    Commented Aug 21, 2015 at 15:14
  • 2
    The behaviour of the compiler isn't undefined. The compiler is not supposed to format your harddrive, or launch missiles, or crash . What's undefined is the behaviour of an executable (if any) which the compiler produces.
– M.M
Commented Aug 22, 2015 at 1:45
    – M.M
    Commented Aug 22, 2015 at 1:45
  • 2
    "UB is not encountered at runtime, it is a property of the source code." - it comes in both varieties. UB may be encountered at run-time, for example dividing by an integer input by the user without checking that they didn't input 0
– M.M
Commented Aug 22, 2015 at 1:46
    – M.M
    Commented Aug 22, 2015 at 1:46

Undefined behavior is simply the result of a situation coming up that the writers of the specification did not foresee.

Take the idea of a traffic light. Red means stop, yellow means prepare for red, and green means go. In this example people driving cars are the implementation of the spec.

What happens if both green and red are on? Do you stop, then go? Do you wait until red turns off and it's just green? This is a case that the spec did not describe, and as a result, anything the drivers do is undefined behavior. Some people will do one thing, some another. Since there is no guarantee about what will happen you want to avoid this situation. The same applies to code.

  • 4
    That's not necessarily the case in C/C++. In many cases, undefined behaviour was deliberately foreseen, and deliberately left undefined. In C/C++, undefined behaviour is something defined in the spec and explicitly given for a few examples. I have no reason to believe that everyone working on the first standard just didn't think about what should happen when a NULL pointer is dereferenced. Instead, they probably deliberately left it undefined so that the compiler didn't have to special-case it, slowing down code.
– Muzer
Commented Aug 21, 2015 at 13:42
    – Muzer
    Commented Aug 21, 2015 at 13:42
  • 2
    If a traffic light appears malfunctioning, treat like a stop sign. If code is malfunctioning, treat it cautiously, but continue on as able. Commented Aug 21, 2015 at 17:46
  • 1
    @Muzer: I think a bigger reason for UB is to allow for the possibility of code taking advantage of platform features which would be useful in some situations but bothersome in others. On some machines, overflow-trapped integer arithmetic is the normal behavior and non-trapped arithmetic is expensive. On other machines, integer arithmetic that overflows generally wraps, and overflow trapping would be very expensive. For the Standard to mandate either trapping or non-trapping behavior would not only increase the cost of all arithmetic on one platform or the other, but to add insult...
– supercat
Commented Aug 21, 2015 at 19:49
    – supercat
    Commented Aug 21, 2015 at 19:49
  • 1
    ...to injury, code which wanted to compute x+y using the the disfavored behavior and was written for hardware implementing that behavior would have to add additional logic to achieve the required behavior, and all of the added logic would run extra-slowly because of the logic included in the compiler. Thus, something that should have translated as add r1,r2,r3 would instead end up as some huge monstrosity which could quite plausibly be less than 10% fast as the optimal code that could have met requirements if overflow had been UB.
– supercat
Commented Aug 21,
    – supercat
    Commented Aug 21, 2015 at 19:54
  • 1
    @supercat but the point of C has always been portability. If you have code that does different things on different platforms, therefore, except where that's really necessary and what you want (eg things like inline assembly), your code is broken. You should therefore be coding to AVOID these situations. So compilers being able to turn this behaviour into anything at all, and mercilessly taking advantage of such a situation, is, in my mind, perfectly valid. People should NEVER have EVER relied on ANY behaviour that's potentially different between compilers/architectures.
    – Muzer
    Commented Aug 23, 2015 at 19:00

One of the reasons for leaving behavior undefined is to allow the compiler to make whatever assumptions it wants when optimizing.

If there exists some condition that must hold if an optimization is to be applied, and that condition is dependent on undefined behavior in the code, then the compiler may assume that it's met, since a conforming program can't depend on undefined behavior in any way. Importantly, the compiler does not need to be consistent in these assumptions. (which is not the case for implementation-defined behavior)

So suppose your code contains an admittedly contrived example like the one below:

int bar = 0;
int foo = (undefined behavior of some kind);
if (foo) {
   bar = 1;
if (!foo) {
   bar = 1;
assert(1 == bar);

The compiler is free to assume that !foo is true in the first block and foo is true in the second, and thus optimize the entire chunk of code away. Now, logically either foo or !foo must be true, and so looking at the code, you would reasonably be able to assume that bar must equal 1 once you've run the code. But because the compiler optimized in that manner, bar never gets set to 1. And now that assertion becomes false and the program terminates, which is behavior that would not have happened if foo hadn't relied on undefined behavior.

Now, is it possible for the compiler to actually insert completely new code if it sees undefined behavior? If doing so will allow it to optimize more, absolutely. Is it likely to happen often? Probably not, but you can never guarantee it, so operating on the assumption that nasal demons are possible is the only safe approach.

  • Sigh. Did you read my edit, asking people not to post answers about optimization unless these answers clearly distinguish what makes UB better for optimization than "implementation-defined" behavior? Also, I was asking what the standard permits, not why it permits it, so this technically doesn't answer the question--although I do appreciate the defense of UB, since I am increasingly opposed to the idea of UB in general. Commented Aug 21, 2015 at 20:43
  • 3
    The ability to be inconsistent one of the big differences. sizeof(int) is implementation-defined, but it's not going to change from 4 to 8 halfway through the program. If it was undefined, it could. Implementation-defined things also tend to have additional restrictions: e.g. sizeof(int) * CHAR_BIT must be at least 16, whereas if it was undefined, it could be or do anything at all.
    – Ray
    Commented Aug 21, 2015 at 21:09
  • That sounds like a useful distinction to include in your answer. Commented Aug 21, 2015 at 21:12
  • ...ah, I see that you've done so. Commented Aug 21, 2015 at 21:12
  • You might also want to look at stackoverflow.com/a/2397995/5196093. That answer includes the standard's definitions of undefined/implementation defined/unspecified. It doesn't say whether it's quoting the C or C++ standard, but I don't believe they differ on this.
    – Ray
    Commented Aug 21, 2015 at 21:19

Undefined behaviors allow compilers to generate faster code in some cases. Consider two different processor architectures that ADD differently: Processor A inherently discards the carry bit upon overflow, while processor B generates an error. (Of course, Processor C inherently generates Nasal Demons - its just the easiest way to discharge that extra bit of energy in a snot-powered nanobot...)

If the standard required that an error be generated, then all code compiled for processor A would basically be forced to include additional instructions, to perform some sort of check for overflow, and if so, generate an error. This would result in slower code, even if the developer know that they were only going to end up adding small numbers.

Undefined behavior sacrifices portability for speed. By allowing 'anything' to happen, the compiler can avoid writing safety-checks for situations that will never occur. (Or, you know... they might.)

Additionally, when a programmer knows exactly what an undefined behavior will actually cause in their given environment, they are free to exploit that knowledge to gain additional performance.

If you want to ensure that your code behaves exactly the same on all platforms, you need to ensure that no 'undefined behavior' ever occurs - however, this may not be your goal.

Edit: (In respons to OPs edit) Implementation Defined behavior would require the consistent generation of nasal demons. Undefined behavior allows the sporadic generation of nasal demons.

That's where the advantage that undefined behavior has over implementation specific behavior appears. Consider that extra code may be needed to avoid inconsistent behavior on a particular system. In these cases, undefined behavior allows greater speed.

  • 1
    It was probably just easier to say "you can do whatever you want" as opposed to trying to list off all of the things that you can and can't do. Sure, on the PC platform you typically generate nasal demons from an external USB device... that probably won't happen by accident with an electronic computer... but it might accidentally happen on a Turing complete Ouija board. Not all computers will necessarily be electronic, so not all nasal demons must be from intentionally malicious code. Some could just be from unsafe code.
    – Allen
    Commented Aug 21, 2015 at 20:32
  • 1
    @KyleStrand: Write correct C code and nothing will go wrong. The standard shouldn't change. If you do want particular behavior, compilers have been growing options and intrinsics to do what you want explicitly. C is about fast code. I recommend Java, C#, Go, etc. for hand holding.
    – Zan Lynx
    Commented Aug 21, 2015 at 22:05
  • 1
    @ZanLynx: Assembly language is less error-prone than modern C. In assembly language, if memory location which held a no-longer valid pointer should hold null, one can safely test for that with something like ldr r1,[r0] / cmp r1,#0 / bne oops and know the assembler won't do anything weird. In a sensible C compiler for most platforms, assert(*q==null); should be safe. If q isn't null, either the assertion will fail, terminating the program, or the system will detect that q is an invalid pointer and terminate the program. Hyper-modern C, however, believes that if the compiler...
    – supercat
    Commented Aug 22, 2015 at 14:50
  • 1
    ...determines that q can't be non-null without the comparison invoking UB, it should not only remove the comparison, but it should also remove other code which it recognizes as having no usefulness outside such cases, possibly causing behaviors even worse than those the assertion was designed to protect against.
    – supercat
    Commented Aug 22, 2015 at 14:53
  • 1
    @supercat I'm glad I asked this question if for no other reason than to indirectly inspire all your comments. Commented Aug 22, 2015 at 22:36

