memory safety checks and trust

Steven Schveighoffer schveiguy at gmail.com
Tue Apr 14 12:32:18 UTC 2020


On 4/14/20 5:56 AM, Walter Bright wrote:
> On 4/13/2020 2:03 AM, Timon Gehr wrote:
>>> Consider:
>>>
>>>    @system int* pumpkin(int i) { return &i; }
>>>
>>> Should that give an error or not?
>>> ...
>>
>> I don't see why not.
> 
> I've written code like that to get the stack pointer value.

Can't you use inline assembly?

> 
> As to the other case, to my mind putting the address of a stack local 
> into a GC allocated object is highly suspicious:
> 
> 1. it is very very easy to do it unintentionally
> 
> 2. GC objects tend to be intended to outlast a function, yet the stack 
> address will not, so why is this a GC allocated object, as opposed to, 
> say, an RAII object or even a stack allocated object?

Because the stack doesn't provide a high limit of data space, and RAII 
may not be what you want to use. In @system code, you should be free to 
shoot yourself in the foot, and also to correctly write memory safe code 
knowing where memory will stop being accessed.

-Steve


More information about the Digitalmars-d mailing list