Hi Francois,
There is no question that unsigned overflow can already be very dangerous, leading to crashes etc.
"Undefined behavior" is its own class of danger, though. When the compiler sees undefined behavior, it can do absolutely anything... an old version of GCC was emitting code to run some some video game, to illustrate that point.
That was actually a study of the effect of using __builtin_unreachable. But any kind of undefined behavior is in principle equivalent to that.
As you can see there, it's pretty crazy the optimizations that GCC does when it takes undefined behavior seriously, e.g.
- removing 'ret' instructions at the end of functions, allowing code to continue running past the end of a function's code!
- removing bounds checks on switch statements implemented as jump-tables, thus allowing to jump to unintended addresses!
Benoit