memory safety checks and trust

Timon Gehr timon.gehr at gmx.ch
Thu Apr 16 03:17:46 UTC 2020


On 14.04.20 22:14, Walter Bright wrote:
> On 4/14/2020 10:16 AM, Steven Schveighoffer wrote:
>> That being said, I agree with the simple case of returning a pointer 
>> from a stack variable directly from a function being disallowed. That 
>> also can be easily worked around, which should probably be required, 
>> but is never correct anyway.
> 
> Oh, it can be correct, when one wants to examine the stack pointer 
> value. I've used it for that purpose myself. (Examining the stack 
> pointer is valuable when determining whether other pointers are pointing 
> into the stack or not.)
> 
> As I replied to Timon, you're drawing a subjective (not objective) line 
> at what is acceptable or not.
> 

It depends on the language being consistent. If the language says what 
you are doing is guaranteed to lead to UB, a diagnostic is fine.

If the spec says this is a supported use case that is guaranteed to work 
across all D compilers, the story is a bit different.

The spec is not formal enough to figure out which of those is the case. 
Does the spec really mandate an implementation to put the program stack 
at a continuous range of addresses? Are dangling pointers guaranteed to 
compare correctly to valid pointers? etc.


More information about the Digitalmars-d mailing list