C99 List of Undefined Behavior
From N1256: (See http://port70.net/~nsz/c/c99/n1256.html#J.2)
- A "shall" or "shall not" requirement that appears outside of a constraint is violated (clause 4).
- A nonempty source file does not end in a new-line character which is not immediately preceded by a backslash character or ends in a partial preprocessing token or comment (220.127.116.11).
- Token concatenation produces a character sequence matching the syntax of a universal character name (18.104.22.168).
- A program in a hosted environment does not define a function named
mainusing one of the specified forms (22.214.171.124.1).
- A character not in the basic source character set is encountered in a source file, except in an identifier, a character constant, a string literal, a header name, a comment, or a preprocessing token that is never converted to a token (5.2.1).
- An identifier, comment, string literal, character constant, or header name contains an invalid multibyte character or does not begin and end in the initial shift state (126.96.36.199).
- The same identifier has both internal and external linkage in the same translation unit (6.2.2).
- An object is referred to outside of its lifetime (6.2.4).
- The value of a pointer to an object whose lifetime has ended is used (6.2.4).
- The value of an object with automatic storage duration is used while it is indeterminate (6.2.4, 6.7.8, 6.8).
- A trap representation is read by an lvalue expression that does not have character type (188.8.131.52).
- A trap representation is produced by a side effect that modifies any part of the object using an lvalue expression that does not have character type (184.108.40.206).
- The arguments to certain operators are such that could produce a negative zero result, but the implementation does not support negative zeros (220.127.116.11).
- Two declarations of the same object or function specify types that are not compatible (6.2.7).
- Conversion to or from an integer type produces a value outside the range that can be represented (18.104.22.168).
- Demotion of one real floating type to another produces a value outside the range that can be represented (22.214.171.124).
- An lvalue does not designate an object when evaluated (126.96.36.199).
- A non-array lvalue with an incomplete type is used in a context that requires the value of the designated object (188.8.131.52).
- An lvalue having array type is converted to a pointer to the initial element of the array, and the array object has register storage class (184.108.40.206).
- An attempt is made to use the value of a void expression, or an implicit or explicit conversion (except to
void) is applied to a void expression (220.127.116.11).
- Conversion of a pointer to an integer type produces a value outside the range that can be represented (18.104.22.168).
- Conversion between two pointer types produces a result that is incorrectly aligned (22.214.171.124).
- A pointer is used to call a function whose type is not compatible with the pointed-to type (126.96.36.199).
- An unmatched
"character is encountered on a logical source line during tokenization (6.4).
- A reserved keyword token is used in translation phase 7 or 8 for some purpose other than as a keyword (6.4.1).
- A universal character name in an identifier does not designate a character whose encoding falls into one of the specified ranges (188.8.131.52).
- The initial character of an identifier is a universal character name designating a digit (184.108.40.206).
- Two identifiers differ only in nonsignificant characters (220.127.116.11).
- The identifier
__func__is explicitly declared (18.104.22.168).
- The program attempts to modify a string literal (6.4.5).
- The characters
/*occur in the sequence between the
>delimiters, or the characters
/*occur in the sequence between the
"delimiters, in a header name preprocessing token (6.4.7).
- Between two sequence points, an object is modified more than once, or is modified and the prior value is read other than to determine the value to be stored (6.5).
- An exceptional condition occurs during the evaluation of an expression (6.5).
- An object has its stored value accessed other than by an lvalue of an allowable type (6.5).
- An attempt is made to modify the result of a function call, a conditional operator, an assignment operator, or a comma operator, or to access it after the next sequence point (22.214.171.124, 6.5.15, 6.5.16, 6.5.17).
- For a call to a function without a function prototype in scope, the number of arguments does not equal the number of parameters (126.96.36.199).
- For call to a function without a function prototype in scope where the function is defined with a function prototype, either the prototype ends with an ellipsis or the types of the arguments after promotion are not compatible with the types of the parameters (188.8.131.52).
- For a call to a function without a function prototype in scope where the function is not defined with a function prototype, the types of the arguments after promotion are not compatible with those of the parameters after promotion (with certain exceptions) (184.108.40.206).
- A function is defined with a type that is not compatible with the type (of the expression) pointed to by the expression that denotes the called function (220.127.116.11).
- The operand of the unary
*operator has an invalid value (18.104.22.168).
- A pointer is converted to other than an integer or pointer type (6.5.4).
- The value of the second operand of the
%operator is zero (6.5.5).
- Addition or subtraction of a pointer into, or just beyond, an array object and an integer type produces a result that does not point into, or just beyond, the same array object (6.5.6).
- Addition or subtraction of a pointer into, or just beyond, an array object and an integer type produces a result that points just beyond the array object and is used as the operand of a unary
*operator that is evaluated (6.5.6).
- Pointers that do not point into, or just beyond, the same array object are subtracted (6.5.6).
- An array subscript is out of range, even if an object is apparently accessible with the given subscript (as in the lvalue expression
agiven the declaration
int a) (6.5.6).
- The result of subtracting two pointers is not representable in an object of type
- An expression is shifted by a negative number or by an amount greater than or equal to the width of the promoted expression (6.5.7).
- An expression having signed promoted type is left-shifted and either the value of the expression is negative or the result of shifting would be not be representable in the promoted type (6.5.7).
- Pointers that do not point to the same aggregate or union (nor just beyond the same array object) are compared using relational operators (6.5.8).
- An object is assigned to an inexactly overlapping object or to an exactly overlapping object with incompatible type (22.214.171.124).
- An expression that is required to be an integer constant expression does not have an integer type; has operands that are not integer constants, enumeration constants, character constants,
sizeofexpressions whose results are integer constants, or immediately-cast floating constants; or contains casts (outside operands to
sizeofoperators) other than conversions of arithmetic types to integer types (6.6).
- A constant expression in an initializer is not, or does not evaluate to, one of the following: an arithmetic constant expression, a null pointer constant, an address constant, or an address constant for an object type plus or minus an integer constant expression (6.6).
- An arithmetic constant expression does not have arithmetic type; has operands that are not integer constants, floating constants, enumeration constants, character constants, or
sizeofexpressions; or contains casts (outside operands to
sizeofoperators) other than conversions of arithmetic types to arithmetic types (6.6).
- The value of an object is accessed by an array-subscript
&, or indirection
*operator or a pointer cast in creating an address constant (6.6).
- An identifier for an object is declared with no linkage and the type of the object is incomplete after its declarator, or after its init-declarator if it has an initializer (6.7).
- A function is declared at block scope with an explicit storage-class specifier other than
- A structure or union is defined as containing no named members (126.96.36.199).
- An attempt is made to access, or generate a pointer to just past, a flexible array member of a structure when the referenced object provides no elements for that array (188.8.131.52).
- When the complete type is needed, an incomplete structure or union type is not completed in the same scope by another declaration of the tag that defines the content (184.108.40.206).
- An attempt is made to modify an object defined with a const-qualified type through use of an lvalue with non-const-qualified type (6.7.3).
- An attempt is made to refer to an object defined with a volatile-qualified type through use of an lvalue with non-volatile-qualified type (6.7.3).
- The specification of a function type includes any type qualifiers (6.7.3).
- Two qualified types that are required to be compatible do not have the identically qualified version of a compatible type (6.7.3).
- An object which has been modified is accessed through a restrict-qualified pointer to a const-qualified type, or through a restrict-qualified pointer and another pointer that are not both based on the same object (220.127.116.11).
- A restrict-qualified pointer is assigned a value based on another restricted pointer whose associated block neither began execution before the block associated with this pointer, nor ended before the assignment (18.104.22.168).
- A function with external linkage is declared with an
inlinefunction specifier, but is not also defined in the same translation unit (6.7.4).
- Two pointer types that are required to be compatible are not identically qualified, or are not pointers to compatible types (22.214.171.124).
- The size expression in an array declaration is not a constant expression and evaluates at program execution time to a nonpositive value (126.96.36.199).
- In a context requiring two array types to be compatible, they do not have compatible element types, or their size specifiers evaluate to unequal values (188.8.131.52).
- A declaration of an array parameter includes the keyword
]and the corresponding argument does not provide access to the first element of an array with at least the specified number of elements (184.108.40.206).
- A storage-class specifier or type qualifier modifies the keyword
voidas a function parameter type list (220.127.116.11).
- In a context requiring two function types to be compatible, they do not have compatible return types, or their parameters disagree in use of the ellipsis terminator or the number and type of parameters (after default argument promotion, when there is no parameter type list or when one type is specified by a function definition with an identifier list) (18.104.22.168).
- The value of an unnamed member of a structure or union is used (6.7.8).
- The initializer for a scalar is neither a single expression nor a single expression enclosed in braces (6.7.8).
- The initializer for a structure or union object that has automatic storage duration is neither an initializer list nor a single expression that has compatible structure or union type (6.7.8).
- The initializer for an aggregate or union, other than an array initialized by a string literal, is not a brace-enclosed list of initializers for its elements or members (6.7.8).
- An identifier with external linkage is used, but in the program there does not exist exactly one external definition for the identifier, or the identifier is not used and there exist multiple external definitions for the identifier (6.9).
- A function definition includes an identifier list, but the types of the parameters are not declared in a following declaration list (6.9.1).
- An adjusted parameter type in a function definition is not an object type (6.9.1).
- A function that accepts a variable number of arguments is defined without a parameter type list that ends with the ellipsis notation (6.9.1).
- The } that terminates a function is reached, and the value of the function call is used by the caller (6.9.1).
- An identifier for an object with internal linkage and an incomplete type is declared with a tentative definition (6.9.2).
- The token
definedis generated during the expansion of a
#elifpreprocessing directive, or the use of the
definedunary operator does not match one of the two specified forms prior to macro replacement (6.10.1).
#includepreprocessing directive that results after expansion does not match one of the two header name forms (6.10.2).
- The character sequence in an
#includepreprocessing directive does not start with a letter (6.10.2).
- There are sequences of preprocessing tokens within the list of macro arguments that would otherwise act as preprocessing directives (6.10.3).
- The result of the preprocessing operator
#is not a valid character string literal (22.214.171.124).
- The result of the preprocessing operator
##is not a valid preprocessing token (126.96.36.199).
#linepreprocessing directive that results after expansion does not match one of the two well-defined forms, or its digit sequence specifies zero or a number greater than 2147483647 (6.10.4).
- A non-
STDC #pragmapreprocessing directive that is documented as causing translation failure or some other form of undefined behavior is encountered (6.10.6).
#pragma STDCpreprocessing directive does not match one of the well-defined forms (6.10.6).
- The name of a predefined macro, or the identifier
defined, is the subject of a
#undefpreprocessing directive (6.10.8).
- An attempt is made to copy an object to an overlapping object by use of a library function, other than as explicitly allowed (e.g.,
memmove) (clause 7).
- A file with the same name as one of the standard headers, not provided as part of the implementation, is placed in any of the standard places that are searched for included source files (7.1.2).
- A header is included within an external declaration or definition (7.1.2).
- A function, object, type, or macro that is specified as being declared or defined by some standard header is used before any header that declares or defines it is included (7.1.2).
- A standard header is included while a macro is defined with the same name as a keyword (7.1.2).
- The program attempts to declare a library function itself, rather than via a standard header, but the declaration does not have external linkage (7.1.2).
- The program declares or defines a reserved identifier, other than as allowed by 7.1.4 (7.1.3).
- The program removes the definition of a macro whose name begins with an underscore and either an uppercase letter or another underscore (7.1.3).
- An argument to a library function has an invalid value or a type not expected by a function with variable number of arguments (7.1.4).
- The pointer passed to a library function array parameter does not have a value such that all address computations and object accesses are valid (7.1.4).
- The macro definition of
assertis suppressed in order to access an actual function (7.2).
- The argument to the assert macro does not have a scalar type (7.2).
FP_CONTRACTpragma is used in any context other than outside all external declarations or preceding all explicit declarations and statements inside a compound statement (7.3.4, 7.6.1, 7.12.2).
- The value of an argument to a character handling function is neither equal to the value of
EOFnor representable as an
- A macro definition of
errnois suppressed in order to access an actual object, or the program defines an identifier with the name
- Part of the program tests floating-point status flags, sets floating-point control modes, or runs under non-default mode settings, but was translated with the state for the
FENV_ACCESSpragma "off" (7.6.1).
- The exception-mask argument for one of the functions that provide access to the floating-point status flags has a nonzero value not obtained by bitwise OR of the floating-point exception macros (7.6.2).
fesetexceptflagfunction is used to set floating-point status flags that were not specified in the call to the
fegetexceptflagfunction that provided the value of the corresponding
- The argument to
feupdateenvis neither an object set by a call to
feholdexcept, nor is it an environment macro (188.8.131.52, 184.108.40.206).
- The value of the result of an integer arithmetic or conversion function cannot be represented (220.127.116.11, 18.104.22.168, 22.214.171.124, 126.96.36.199, 188.8.131.52, 184.108.40.206, 7.20.1).
- The program modifies the string pointed to by the value returned by the
- The program modifies the structure pointed to by the value returned by the
- A macro definition of
math_errhandlingis suppressed or the program defines an identifier with the name
- An argument to a floating-point classification or comparison macro is not of real floating type (7.12.3, 7.12.14).
- A macro definition of
setjmpis suppressed in order to access an actual function, or the program defines an external identifier with the name
- An invocation of the
setjmpmacro occurs other than in an allowed context (220.127.116.11).
longjmpfunction is invoked to restore a nonexistent environment (18.104.22.168).
- After a
longjmp, there is an attempt to access the value of an object of automatic storage class with non-volatile-qualified type, local to the function containing the invocation of the corresponding
setjmpmacro, that was changed between the
- The program specifies an invalid pointer to a signal handler function (22.214.171.124).
- A signal handler returns when the signal corresponded to a computational exception (126.96.36.199).
- A signal occurs as the result of calling the
raisefunction, and the signal handler calls the
- A signal occurs other than as the result of calling the
raisefunction, and the signal handler refers to an object with static storage duration other than by assigning a value to an object declared as
sig_atomic_t, or calls any function in the standard library other than the
_Exitfunction, or the
signalfunction (for the same signal number) (188.8.131.52).
- The value of
errnois referred to after a signal occurred other than as the result of calling the
raisefunction and the corresponding signal handler obtained a
SIG_ERRreturn from a call to the
- A signal is generated by an asynchronous signal handler (184.108.40.206).
- A function with a variable number of arguments attempts to access its varying arguments other than through a properly declared and initialized
va_listobject, or before the
va_startmacro is invoked (7.15, 220.127.116.11, 18.104.22.168).
- The macro
va_argis invoked using the parameter
apthat was passed to a function that invoked the macro
va_argwith the same parameter (7.15).
- A macro definition of
va_endis suppressed in order to access an actual function, or the program defines an external identifier with the name
va_copymacro is invoked without a corresponding invocation of the
va_endmacro in the same function, or vice versa (7.15.1, 22.214.171.124, 126.96.36.199, 188.8.131.52).
- The type parameter to the
va_argmacro is not such that a pointer to an object of that type can be obtained simply by postfixing a
va_argmacro is invoked when there is no actual next argument, or with a specified type that is not compatible with the promoted type of the actual next argument, with certain exceptions (184.108.40.206).
va_startmacro is called to initialize a
va_listthat was previously initialized by either macro without an intervening invocation of the
va_endmacro for the same
- The parameter parmN of a
va_startmacro is declared with the
registerstorage class, with a function or array type, or with a type that is not compatible with the type that results after application of the default argument promotions (220.127.116.11).
- The member designator parameter of an
offsetofmacro is an invalid right operand of the
.operator for the type parameter, or designates a bit-field (7.17).
- The argument in an instance of one of the integer-constant macros is not a decimal, octal, or hexadecimal constant, or it has a value that exceeds the limits for the corresponding type (7.18.4).
- A byte input/output function is applied to a wide-oriented stream, or a wide character input/output function is applied to a byte-oriented stream (7.19.2).
- Use is made of any portion of a file beyond the most recent wide character written to a wide-oriented stream (7.19.2).
- The value of a pointer to a
FILEobject is used after the associated file is closed (7.19.3).
- The stream for the
fflushfunction points to an input stream or to an update stream in which the most recent operation was input (18.104.22.168).
- The string pointed to by the
modeargument in a call to the
fopenfunction does not exactly match one of the specified character sequences (22.214.171.124).
- An output operation on an update stream is followed by an input operation without an intervening call to the
fflushfunction or a file positioning function, or an input operation on an update stream is followed by an output operation with an intervening call to a file positioning function (126.96.36.199).
- An attempt is made to use the contents of the array that was supplied in a call to the
- There are insufficient arguments for the format in a call to one of the formatted input/output functions, or an argument does not have an appropriate type (188.8.131.52, 184.108.40.206, 220.127.116.11, 18.104.22.168).
- The format in a call to one of the formatted input/output functions or to the
wcsftimefunction is not a valid multibyte character sequence that begins and ends in its initial shift state (22.214.171.124, 126.96.36.199, 188.8.131.52, 184.108.40.206, 220.127.116.11, 18.104.22.168).
- In a call to one of the formatted output functions, a precision appears with a conversion specifier other than those described (22.214.171.124, 126.96.36.199).
- A conversion specification for a formatted output function uses an asterisk to denote an argument-supplied field width or precision, but the corresponding argument is not provided (188.8.131.52, 184.108.40.206).
- A conversion specification for a formatted output function uses a
0flag with a conversion specifier other than those described (220.127.116.11, 18.104.22.168).
- A conversion specification for one of the formatted input/output functions uses a length modifier with a conversion specifier other than those described (22.214.171.124, 126.96.36.199, 188.8.131.52, 184.108.40.206).
sconversion specifier is encountered by one of the formatted output functions, and the argument is missing the null terminator (unless a precision is specified that does not require null termination) (220.127.116.11, 18.104.22.168).
nconversion specification for one of the formatted input/output functions includes any flags, an assignment-suppressing character, a field width, or a precision (22.214.171.124, 126.96.36.199, 188.8.131.52, 184.108.40.206).
%conversion specifier is encountered by one of the formatted input/output functions, but the complete conversion specification is not exactly %% (220.127.116.11, 18.104.22.168, 22.214.171.124, 126.96.36.199).
- An invalid conversion specification is found in the format for one of the formatted input/output functions, or the
wcsftimefunction (188.8.131.52, 184.108.40.206, 220.127.116.11, 18.104.22.168, 22.214.171.124, 126.96.36.199).
- The number of characters transmitted by a formatted output function is greater than
INT_MAX(188.8.131.52, 184.108.40.206, 220.127.116.11, 18.104.22.168).
- The result of a conversion by one of the formatted input functions cannot be represented in the corresponding object, or the receiving object does not have an appropriate type (22.214.171.124, 126.96.36.199).
[conversion specifier is encountered by one of the formatted input functions, and the array pointed to by the corresponding argument is not large enough to accept the input sequence (and a null terminator if the conversion specifier is
[) (188.8.131.52, 184.108.40.206).
[conversion specifier with an
lqualifier is encountered by one of the formatted input functions, but the input is not a valid multibyte character sequence that begins in the initial shift state (220.127.116.11, 18.104.22.168).
- The input item for a
%pconversion by one of the formatted input functions is not a value converted earlier during the same program execution (22.214.171.124, 126.96.36.199).
vwscanffunction is called with an improperly initialized
va_listargument, or the argument is used (other than in an invocation of
va_end) after the function returns (188.8.131.52, 184.108.40.206, 220.127.116.11, 18.104.22.168, 22.214.171.124, 126.96.36.199, 188.8.131.52, 184.108.40.206, 220.127.116.11, 18.104.22.168, 22.214.171.124, 126.96.36.199, 188.8.131.52).
- The contents of the array supplied in a call to the
fgetwsfunction are used after a read error occurred (184.108.40.206, 220.127.116.11, 18.104.22.168).
- The file position indicator for a binary stream is used after a call to the
ungetcfunction where its value was zero before the call (22.214.171.124).
- The file position indicator for a stream is used after an error occurred during a call to the
fwritefunction (126.96.36.199, 188.8.131.52).
- A partial element read by a call to the
freadfunction is used (184.108.40.206).
fseekfunction is called for a text stream with a nonzero offset and either the offset was not returned by a previous successful call to the
ftellfunction on a stream associated with the same file or
fsetposfunction is called to set a position that was not returned by a previous successful call to the
fgetposfunction on a stream associated with the same file (220.127.116.11).
- A non-null pointer returned by a call to the
reallocfunction with a zero requested size is used to access an object (7.20.3).
- The value of a pointer that refers to space deallocated by a call to the
reallocfunction is used (7.20.3).
- The pointer argument to the
reallocfunction does not match a pointer earlier returned by
realloc, or the space has been deallocated by a call to
- The value of the object allocated by the
mallocfunction is used (18.104.22.168).
- The value of any bytes in a new object allocated by the
reallocfunction beyond the size of the old object are used (22.214.171.124).
- The program executes more than one call to the
- During the call to a function registered with the
atexitfunction, a call is made to the
longjmpfunction that would terminate the call to the registered function (126.96.36.199).
- The string set up by the
strerrorfunction is modified by the program (188.8.131.52, 184.108.40.206).
- A command is executed through the
systemfunction in a way that is documented as causing termination or some other form of undefined behavior (220.127.116.11).
- A searching or sorting utility function is called with an invalid pointer argument, even if the number of elements is zero (7.20.5).
- The comparison function called by a searching or sorting utility function alters the contents of the array being searched or sorted, or returns ordering values inconsistently (7.20.5).
- The array being searched by the
bsearchfunction does not have its elements in proper order (18.104.22.168).
- The current conversion state is used by a multibyte/wide character conversion function after changing the
- A string or wide string utility function is instructed to access an array beyond the end of an object (7.21.1, 7.24.4).
- A string or wide string utility function is called with an invalid pointer argument, even if the length is zero (7.21.1, 7.24.4).
- The contents of the destination array are used after a call to the
wcsftimefunction in which the specified length was too small to hold the entire null-terminated result (22.214.171.124, 126.96.36.199, 188.8.131.52.4, 184.108.40.206).
- The first argument in the very first call to the
wcstokis a null pointer (220.127.116.11, 18.104.22.168.7).
- The type of an argument to a type-generic macro is not compatible with the type of the corresponding parameter of the selected function (7.22).
- A complex argument is supplied for a generic parameter of a type-generic macro that has no corresponding complex function (7.22).
- The argument corresponding to an
sspecifier without an
lqualifier in a call to the
fwprintffunction does not point to a valid multibyte character sequence that begins in the initial shift state (22.214.171.124).
- In a call to the
wcstokfunction, the object pointed to by
ptrdoes not have the value stored by the previous call for the same wide string (126.96.36.199.7).
mbstate_tobject is used inappropriately (7.24.6).
- The value of an argument of type
wint_tto a wide character classification or case mapping function is neither equal to the value of
WEOFnor representable as a
iswctypefunction is called using a different
LC_CTYPEcategory from the one in effect for the call to the
wctypefunction that returned the description (188.8.131.52.1).
- The towctrans function is called using a different LC_CTYPE category from the one in effect for the call to the wctrans function that returned the description (184.108.40.206.1).