This optional extension to the C language limits the potential results of executing some forms of undefined behavior, which improves the effectiveness of static analysis of such programs. Analyzability is only guaranteed to be enabled if the predefined macro constant
__STDC_ANALYZABLE__(C11) is defined by the compiler.
If the compiler supports analyzability, any language or library construct whose behavior is undefined is further classified between critical and bounded undefined behavior, and the behavior of all bounded UB cases is limited as specified below.
Critical UB is undefined behavior that might perform a memory write or a volatile memory read out of bounds of any object. A program that has critical undefined behavior may be susceptible to security exploits.
Only the following undefined behaviors are critical:
printfwith an argument of the type that doesn't match its conversion specifier)
longjmpwhere there is no
setjmpup the calling scope, across threads, or from within the scope of a VM type.
Bounded UB is undefined behavior that cannot perform an illegal memory write, although it may trap and may produce or store indeterminate values.
memcpyof inexactly-overlapped objects
Bounded undefined behavior disables certain optimizations: compilation with analyzability enabled preserves source-code causality, which may be violated by undefined behavior otherwise.
Analyzability extension permits, as a form of implementation-defined behavior, for the runtime constraint handler to be invoked when a trap occurs.
Licensed under the Creative Commons Attribution-ShareAlike Unported License v3.0.