memory safety checks and trust
Timon Gehr
timon.gehr at gmx.ch
Thu Apr 16 03:17:46 UTC 2020
On 14.04.20 22:14, Walter Bright wrote:
> On 4/14/2020 10:16 AM, Steven Schveighoffer wrote:
>> That being said, I agree with the simple case of returning a pointer
>> from a stack variable directly from a function being disallowed. That
>> also can be easily worked around, which should probably be required,
>> but is never correct anyway.
>
> Oh, it can be correct, when one wants to examine the stack pointer
> value. I've used it for that purpose myself. (Examining the stack
> pointer is valuable when determining whether other pointers are pointing
> into the stack or not.)
>
> As I replied to Timon, you're drawing a subjective (not objective) line
> at what is acceptable or not.
>
It depends on the language being consistent. If the language says what
you are doing is guaranteed to lead to UB, a diagnostic is fine.
If the spec says this is a supported use case that is guaranteed to work
across all D compilers, the story is a bit different.
The spec is not formal enough to figure out which of those is the case.
Does the spec really mandate an implementation to put the program stack
at a continuous range of addresses? Are dangling pointers guaranteed to
compare correctly to valid pointers? etc.
More information about the Digitalmars-d
mailing list