The production bug that made me care about undefined behavior

Summary

⏴ Back to all articles Published on 2025-12-27 The production bug that made me care about undefined behavior Table of contents Discussions: /r/programming, lobsters. Years ago, I maintained a big C++ codebase at my day job. This product was the bread winner for the company and offered a public HTTP API for online payments. We are talking billions of euros of processed payments a year. I was not a seasoned C++ developer yet. I knew about undefined behavior of course, but it was an abstract concept, something only beginners fall into. Oh boy was I wrong. Please note that I am not and never was a C++ expert, and it's been a few years since I have been writing C++ for a living, so hopefully I got the wording and details right, but please tell me if I did not. In this article I always say 'struct' when I mean 'struct or class'. So, one day I receive a bug report. There is this HTTP endpoint that returns a simple response to inform the client that the operation either succeeded or had an error: { "error": false, "succeeded": true, } or { "error": true, "succeeded": false, } The actual format was probably not JSON, it was probably form encoded, I cannot exactly remember, but that does not matter for this bug. This data model is not ideal but that's what the software did. Obviously, either error or succeeded is set but not both or neither (it's a XOR). Anyway, the bug report says that the client received this reply: { "error": true, "succeeded": true } Hmm ok. That should not be possible, it's a bug indeed. I now look at the code. It's all in one big function, and it's doing lots of database operations, but the shape of the code is very simple: struct Response { bool error; bool succeeded; std::string data; }; void handle() { Response response; try { // [..] Lots of database operations *not* touching `response`. response.succeeded = true; } catch(...) { response.error = true; } response.write(); } Here is a godbolt link with roughly this code. There's only one place that se...