Most non-trivial c programs are undefined

Modern C compilers treat undefined behavior not as a bug to flag, but as a license to optimize aggressively — often eliminating code paths that should run, based on programmer intent [hn-front]. The habets.se post demonstrates how even basic loops and pointer arithmetic, when they edge into undefined territory, can be optimized into infinite loops or removed entirely by GCC and Clang.

One example shows a loop incrementing an int beyond INT_MAX: the compiler assumes this never happens (since signed overflow is undefined), and strips out termination checks, leaving an infinite loop. Another case involves pointer arithmetic outside array bounds — even if no dereference occurs — which the compiler treats as unreachable, deleting entire branches.

This isn’t theoretical. These optimizations create exploitable gaps: code meant to validate inputs or enforce bounds can be compiled away, opening doors to memory corruption and privilege escalation. The C standard defines 191 forms of undefined behavior, but offers no enforcement or diagnostics, leaving developers blind [hn-front].

Compiler vendors argue this ambiguity enables performance. But the result is a language where correct-looking code fails unpredictably across toolchains. Projects like Linux kernel code already use -fno-strict-overflow and similar flags to block dangerous assumptions, but such workarounds are ad hoc and incomplete.

The burden falls on systems programmers to write not just correct C, but C that avoids even the edge of undefined behavior — a near-impossible standard in practice. The language’s design, not compiler bugs, enables this outcome: C promises low-level control but delivers it through a spec that empowers compilers to ignore reality.