This optional extension to the C language limits the potential results of executing some forms of undefined behavior, which improves the effectiveness of static analysis of such programs. Analyzability is only guaranteed to be enabled if the predefined macro constant __STDC_ANALYZABLE__
(C11) is defined by the compiler.
If the compiler supports analyzability, any language or library construct whose behavior is undefined is further classified between critical and bounded undefined behavior, and the behavior of all bounded UB cases is limited as specified below.
Critical UB is undefined behavior that might perform a memory write or a volatile memory read out of bounds of any object. A program that has critical undefined behavior may be susceptible to security exploits.
Only the following undefined behaviors are critical:
printf
with an argument of the type that doesn't match its conversion specifier) longjmp
where there is no setjmp
up the calling scope, across threads, or from within the scope of a VM type. free
or realloc
Bounded UB is undefined behavior that cannot perform an illegal memory write, although it may trap and may produce or store indeterminate values.
memcpy
of inexactly-overlapped objects Bounded undefined behavior disables certain optimizations: compilation with analyzability enabled preserves source-code causality, which may be violated by undefined behavior otherwise.
Analyzability extension permits, as a form of implementation-defined behavior, for the runtime constraint handler to be invoked when a trap occurs.
© cppreference.com
Licensed under the Creative Commons Attribution-ShareAlike Unported License v3.0.
http://en.cppreference.com/w/c/language/analyzability