memory safety checks and trust
Steven Schveighoffer
schveiguy at gmail.com
Tue Apr 14 12:32:18 UTC 2020
On 4/14/20 5:56 AM, Walter Bright wrote:
> On 4/13/2020 2:03 AM, Timon Gehr wrote:
>>> Consider:
>>>
>>> @system int* pumpkin(int i) { return &i; }
>>>
>>> Should that give an error or not?
>>> ...
>>
>> I don't see why not.
>
> I've written code like that to get the stack pointer value.
Can't you use inline assembly?
>
> As to the other case, to my mind putting the address of a stack local
> into a GC allocated object is highly suspicious:
>
> 1. it is very very easy to do it unintentionally
>
> 2. GC objects tend to be intended to outlast a function, yet the stack
> address will not, so why is this a GC allocated object, as opposed to,
> say, an RAII object or even a stack allocated object?
Because the stack doesn't provide a high limit of data space, and RAII
may not be what you want to use. In @system code, you should be free to
shoot yourself in the foot, and also to correctly write memory safe code
knowing where memory will stop being accessed.
-Steve
More information about the Digitalmars-d
mailing list