In order for a pointer converted from an integer to be valid, there has to be a 'valid' path leading to it from where it was originally converted from a pointer to an integer. It's worth looking at DR 260 and also the standard's wording.
open-std.org/jtc1/sc22/wg14
Conversation
> are permitted to track the origins of a bit-pattern and treat those representing an indeterminate value as distinct from those representing a determined value. They may also treat pointers based on different origins as distinct even though they are bitwise identical.
1
No conversions from integer take place here. Rather it's a matter of effective type rules for allocated storage with memcpy-like char copying.
1
I'm not talking about the specific example that was presented but rather the response to it. They are likely to more formally define these things in C2X and some early drafts like cl.cam.ac.uk/~pes20/cerberu show what that could end up looking like.
3
1
Thanks for the link. That proposal is still a pile of overcomplicated nonsense. The problems are all trivially solved *without breaking anything* by giving all the hard cases "wildcard provenance".
1
Note that the proposed text breaks lots of important valuable use cases like xor lists.
2
Clang and GCC already consider that broken per the standard. It was also very explicitly made to be broken in C++ already, which tends to trickle back to the C standard since it's a lot of the same people making the decisions and they reference each other as justifications.
2
open-std.org/jtc1/sc22/wg14 appears to be a more recent draft of what I linked earlier by the way. We'll see how they end up deciding to clarify it for C2X. My feeling is they will bend over backwards to permit / attempt to formalize existing real world compiler interpretations.
1
I'm not arguing that what Clang and GCC currently do is correct, but I am saying that they currently do it, and that it's likely to become officially correct *because* they want to it. Type-based alias analysis is similar. They tried to allow it, and will readjust it as needed.
1
1
Type-based alias analysis is possible to specify consistently, and has clear reasons you want to do it. This provenance stuff has absolutely no motivation, because deriving pointers from ints/reprs is rare, and when you do it, you actually mean it.
2
1
The motivation for it isn't to optimize cases where the conversions are used but rather cases where they're not by being able to assume that the information isn't subtly leaked out and then used to construct an aliasing pointer somewhere else that the compiler doesn't know about.
Assuming any pointer whose representation was read or which was cast to an integer type has leaked unboundedly has essentially no cost; you don't do these things unless you mean to.
1
It's not just an explicit conversion that the compiler needs to be concerned about, but also implicit ways of the value being leaked out such as via comparisons with other pointers or calculation of differences which the compiler can't determine aren't letting the value escape.
2
Show replies