←back to thread

The C23 edition of Modern C

(gustedt.wordpress.com)
397 points bwidlar | 3 comments | 15 Oct 24 16:06 UTC | HN request time: 0.001s | source
Show context
ralphc ◴[15 Oct 24 18:30 UTC] No.41851601[source]
How does "Modern" C compare safety-wise to Rust or Zig?
replies(4): >>41852048 #>>41852113 #>>41852498 #>>41856856 #
renox ◴[15 Oct 24 19:11 UTC] No.41852048[source]
You'd be surprised: Zig has one UB (Undefined Behaviour) that C doesn't have!

In release fast mode, unsigned overflow/underflow is undefined in Zig whereas in C it wraps.

:-)

Of course C has many UBs that Zig doesn't have, so C is far less safe than Zig, especially since you can use ReleaseSafe in Zig..

replies(2): >>41852363 #>>41852615 #
secondcoming ◴[15 Oct 24 20:11 UTC] No.41852615[source]
Does C automatically wrap? I thought you need to pass `-fwrapv` to the compiler to ensure that.
replies(3): >>41852833 #>>41852848 #>>41852877 #
1. greyw ◴[15 Oct 24 20:36 UTC] No.41852833[source]
Unsigned overflow wraps. Signed overflow is undefined behavior.
replies(1): >>41852909 #
2. kbolino ◴[15 Oct 24 20:45 UTC] No.41852909[source]
This distinction does not exist in K&R 2/e which documents ANSI C aka C89, but maybe it was added in a later version of the language (or didn't make it into the book)? According to K&R, all overflow is undefined.
replies(1): >>41853245 #
3. wahern ◴[15 Oct 24 21:21 UTC] No.41853245[source]
I don't have my copy of K&R handy, but this distinction has existed since the initial codification. From C89:

  3.1.2.5 Types

  [...] A computation involving unsigned operands can never overflow, because a result that cannot be represented by the resulting unsigned integer type is reduced modulo the number that is one greater than the largest value that can be represented by the resulting unsigned integer type.
Source: C89 (draft) at https://port70.net/~nsz/c/c89/c89-draft.txt