Software Engineering Institute

In this article, Robert Seacord shows how compiler optimizations can eliminate causality in software and increase software faults, defects, and vulnerabilities. 

Increasingly, compiler writers are taking advantage of undefined behaviors in the C and C++ programming languages to improve optimizations. Frequently, these optimizations are interfering with the ability of developers to perform cause-effect analysis on their source code—that is, analyzing the dependence of downstream results on prior results. Expert programmer Robert C. Seacord, author of Secure Coding in C and C++, Second Edition, shows how these optimizations are eliminating causality in software and are increasing the probability of software faults, defects, and vulnerabilities.