Is there a safe version of C++ without undefined behaviour?

c++ undefined-behavior

Undefined behaviour in C++ can be really hard to debug. Is there a version of C++ and standard library which does not contain any undefined behaviour but rather throws exceptions? I understand that this will be a performance killer, but I only intend to use this version when I am programming, debugging and compiling in debug mode and don't really care about performance. Ideally this version would be portable and you would be able to easily switch on/off the undefined behaviour checks.

For example, you could implement a safe pointer class like so (only check for null pointer, not actually if it points to a valid block of memory):

template <typename T>
class MySafePointer {
     T* value;
public:
      auto operator-> () {
          #ifndef DEBUG_MODE
          assert(value && "Trying to dereference a null pointer");          
          #endif
          return value;
      }
      /* Other Stuff*/

};

Here the user only needs to #undef DEBUG_MODE if you want to get your performance back.

Is there a library / safe version of C++ which does this?

EDIT: Changed the code above so that it actually makes more sense and doesn't throw an exception but asserts value is non-null. The question is simply a matter of having a descriptive error message vs a crash...


Is there a version of c++ and standard library which does not contain any undefined behaviour but rather throws exceptions?

No, there is not. As mentioned in a comment, there are Address Sanitizer and Undefined Behavior Sanitizer and many other tools you can use to hunt for bugs, but there is no "C++ without undefined behavior" implementation.

If you want an inherently safe language, choose one. C++ isn't it.


Undefined behavior

Undefined behavior means that your program has ended up in a state the behavior of which is not defined by the standard.

So what you're really asking is if there's a language the standard of which defines every possible scenario.

And I can't think of one language like this, for the simple reason that programs are run by machines, but programes and standards and written by humans.

The impact of preventing it in some trivial case

One trivial case of undefined behavior is when you access an out-of-bound element of a std::vector via operator[]. Exactly like for C-style arrays, v[i] basically gives you back *(v_ + i), where v_ is the pointer wrapped into v. This is fast and not safe.

What if you want to access the ith element safely? You would have to change the implementation of std::vector<>::operator[].

So what would the impact be of supporting the DEBUG_MODE flag? Essentially you would have to write two implementations separated by a #ifdef/(#else/)#endif. Obviously the two implementation can have a lot in common, so you could #-branch several times in the code. But... yeah, my bottom line is the your request can be fulfilled by changing the standard in such a way that it forces the implementers to support a two different implementations (safe and fast/unsafe and slow) for everything.

By the way, for this specific case, the standar does define another function, at, which is required to handle the out-of-bound case. But that's the point: it's another function.

Doubts

I've recently found this question about UB as related to constexpr. Here's a little quote from the answer by Nicol Bolas,

Hypothetically, we could rip all undefined behavior out of C++ or even C. We could have everything be a priori well-defined and remove anything from the language whose evaluation could not be definitely determinable from first principles.

which makes me feel nervous about the answer I've given here.


Is there a safe version of c++ without undefined behaviour?

No.

For example, you could implement a safe pointer class like so

How is throwing an exception safer than just crashing? You're still trying to find the bug so you can fix it statically, right?

What you wrote allows your buggy program to keep running (unless it just calls terminate, in which case you did some work for no result at all), but that doesn't make it correct, and it hides the error rather than helping you fix it.

Is there a library / safe version of C++ which does this?

Undefined behaviour is only one type of error, and it isn't always wrong. Deliberate use of non-portable platform features may also be undefined by the standard.

Anyway, let's say you catch every uninitialized value and null pointer and signed integer overflow - your program can still produce the wrong result.

If you write code that can't produce the wrong result, it won't have UB either.

Related

I made a Git repo locally then added remote URL and pushed it to GitHub. If I delete the local Git repo, will the remote repo still be ok?
Is there any way to get round figure value in flutter [duplicate]
Getting data from two table with one query
Configuration Interface inside an Inteface in appsettings.json
Proving monotonicity of this ratio of Hypergeometric functions
Are there any calculus textbooks that mention Lebesgue or measure theory?
Relation between steps and turns in a simple symmetric random walk
Constructing an outer measure on a set whose measurable sets are exactly a given sigma algebra on the set.
Semidirect product action and its geometry
Properties of space $X = T \cup \bigcup_{n=1}^{\infty} S_n \cup \{ (0,q) : q \in \mathbb Q \wedge q \in [0,1] \} $
Poincaré duality for de Rham cohomology on non-compact manifolds
What is the functional derivative?