
Concepts of Programming Languages

C: Undefined Behavior

Instructor: James Riely

Undefined behavior: under/overflow

#include <stdio.h>

int isMinValue (int x) {
  return (x-1) > x;
int main () {
  int i = -2000000000;  
  while (!isMinValue(i))
  printf ("Min value is %d\n", i);

$ gcc -O1 undefined.c && ./a.out 
Min value is -2147483648

$ gcc -O2 undefined.c && ./a.out 
^C #infinite loop


Undefined Behavior: Order of operations

#include <stdio.h>
int count = 0;
int f () {
  count += 1;
  return count;
int main () {
  int z = f() + f();
  printf ("%d\n", z);
  z = (z += 1) + (z = z*z);
  printf ("%d\n", z);

$ clang -Wall undefined3.c 
undefined3.c:11:21: warning: unsequenced modification and access to 'z'
  z = (z += 1) + (z = z*z);
         ~~         ^
1 warning generated.
$ ./a.out 

Undefined Behavior: Order of operations

#include <stdio.h>
int count = 0;
int f () {
  count += 1;
  return count;
int main () {
  int z = f() + f();
  printf ("%d\n", z);
  z = (z += 1) + (z = z*z);
  printf ("%d\n", z);

$ gcc -Wall -O3 undefined3.c 
undefined3.c: In function ‘main’:
undefined3.c:11:5: warning: operation on ‘z’ may be undefined
   z = (z += 1) + (z = z*z);
$ ./a.out 
                             3 32                           3 20
                             z = z + 1;                     z = z + 1;    
                             z = z * z;                     z = z + (z * z);
                             z = z + z;              

Returning a value

int foo (int n) {
  int result = 2 * n;
  return result;

int main () {
  int x = foo (5);
  int y = foo (7);
  printf ("%d\n", x);
  printf ("%d\n", y);

Returning a stack-allocated address

int* foo (int n) {
  int result = 2 * n;
  return &result;

int main () {
  int* p = foo (5);
  int* q = foo (7);
  printf ("%p %d\n", p, *p);
  printf ("%p %d\n", q, *q);  

Returning a heap-allocated address

int* foo (int n) {
  int* p = (int*)malloc(sizeof(int));
  *p = 2 * n;
  return p;
int main () {
  int* p = foo (5);
  int* q = foo (7);
  printf ("%x %d\n", p, *p);
  printf ("%x %d\n", q, *q);  

Returning a heap-allocated address

int* foo (int n) {
  int* p = (int*)malloc(sizeof(int));
  *p = 2 * n;
  return p;
int main () {
  int* p = foo (5); free(p);
  int* q = foo (7);
  printf ("%x %d\n", p, *p);
  printf ("%x %d\n", q, *q);  

Undefined behavior and compiler optimizations

For undefined executions, the compiler can do what it likes.

This can lead to some surprising compiler optimizations.

C null pointer optimization 1 (Discussion) (Discussion)

C null pointer optimization 2

Undefined behavior: dangling pointers

See the optional exercises on the worksheet from week 1.

More examples of undefined behavior

More about undefined behavior


Safe languages

Safe languages do not have undefined behaviors

Lisp is probably the first safe language

Java is the first widely used safe language