0

Is there any C compiler able to detect* the violation of a "strictly conforming program"?

* under some option, for example, --accept-only-strictly-conforming-program

If no, then which tools to use to detect the violation of a "strictly conforming program"?

Informative (C11, 4. Conformance, p5):

A strictly conforming program shall use only those features of the language and library specified in this International Standard.3) It shall not produce output dependent on any unspecified, undefined, or implementation-defined behavior, and shall not exceed any minimum implementation limit.

Jens
  • 69,818
  • 15
  • 125
  • 179
pmor
  • 5,392
  • 4
  • 17
  • 36
  • 1
    I think you'd have to use a static analyser for that. Coding standards like for example MISRA-C has some ambition to cover most cases of poorly-specified behavior with their rule set, so using a MISRA-C checker is probably the closest thing. But even then some implementation-defined aspects are beyond the scope still, such as memory mapping, calling convention etc. – Lundin Jun 03 '21 at 11:19
  • 3
    This is impossible for the same reason as the halting problem. If strict conformance could be detected, a program could ask whether it itself is strictly conforming given its present inputs and, if so, print the result of a multiplication that overflows and, if not, terminate normally. – Eric Postpischil Jun 03 '21 at 11:22
  • 1
    Here is a program fragment: `void test(unsigned n) {unsigned s = n; do { if (n%2) then n=n*3+1; else n/=2; } while (n != 1 && n != s); if (n > 1) { printf(NULL); }}` A full program just reads a number from the standard input and calls `test` with it. Is it a strictly conforming program? Assume that numbers are at least 128 bits wide (replace `unsigned` and standard arithmetic with a bignum implementation if desired). – n. m. could be an AI Jun 03 '21 at 12:34
  • A much simpler example: `int shift; uint32_t x = 1; scanf("%d", &shift); x <<= shift;` - is fully conforming, but will invoke UB if the input is greater than 31. – Eugene Sh. Jun 03 '21 at 13:17
  • Hypothesis: At least since C compilers implement implementation-defined features, then such C compilers are "not interested" to optionally reject code using these implementation-defined features. I.e. "not interested to do of what is beyond their primary scope". – pmor Jun 03 '21 at 13:17
  • Dynamic analysers exist. Before you all argue that this is impossible, that's like saying that it is impossible to create a program that detects memory leaks in a C program. But evidently Valgrind exists and works. As for if it is possible to detect all forms of poorly defined behavior with a mix of static and dynamic analysis, well... probably not. There will always be corner cases. – Lundin Jun 03 '21 at 13:36
  • 1
    @Lundin Valgrind works only for specific run - that's it for specific inputs only. It is far from what the OP is asking about. – Eugene Sh. Jun 03 '21 at 14:11

1 Answers1

2
  • Buffer overflow is undefined behavior.
  • Therefore, this compiler must detect every possible buffer overflow in every possible program.
  • Sounds too hard or impossible
  • Sounds that such compiler does not exist :'(
CPPCPPCPPCPPCPPCPPCPPCPPCPPCPP
  • 977
  • 2
  • 17