CppCon 2016: Michael Spencer “My Little Optimizer: Undefined Behavior is Magic" Note
https://www.youtube.com/watch?v=g7entxbQOCc compiler assume UB can't happen, and optimizing accordingly //kernel bug void foo(bool *ok){ bool k = *ok; <== dereference NULL pointer is UB , so ok will not be NULL if (!ok) return; blah(k) } into void foo(bool *ok){ bool k = *ok; blah(k) } how is UB represented? Explicitly: unreachable undef implicitly: the optimizer knows some things just can't happen int unreachable(int *out) { *out = 42; return *((int*)0); } ==> load from null is UB, so replace it with unreachable undef: a value which can have any bit pattern at any point in the program int undef(int *p){ int a; return *p + a; } signed math can't overflow or underflow bool signed_underflow(int a, int b){ return a - b > -1; } since a-b can't underflow, a-...