DIP1000: Memory Safety in a Modern System Programming Language Pt.1
Steven Schveighoffer
schveiguy at gmail.com
Wed Jun 22 21:20:33 UTC 2022
On 6/22/22 5:07 PM, Ola Fosheim Grøstad wrote:
> On Wednesday, 22 June 2022 at 20:48:13 UTC, Steven Schveighoffer wrote:
>> The part about `scope` being shallow. This is a problem.
>
> One thing that will be confusing to most users is that it appears to be
> using "taint" rather than proper flow analysis on the pointed-to-object?
>
> ```d
> int* test(int arg1, int arg2) {
> int* p = null;
> p = &arg1;
> p = new int(5);
> return p; // complains about p being scope
> }
> ```
The other option is to complain about the assignment of &arg to p. That
might be a better answer. At least it's *understandable*, and not sneaky.
Full flow analysis will be defeatable by more complex situations:
```d
int *p = null;
if(alwaysEvaluateToFalse()) p = &arg;
else p = new int(5);
return p;
```
That would take a lot of effort just to prove it shouldn't be scope.
-Steve
More information about the Digitalmars-d-announce
mailing list