On 3 August 2013 05:47, Jonathan S. Shapiro <[email protected]> wrote: > Some time back, Vikram Adve was looking at ways to do safe deallocation in > C. One of his ideas was to impose a constraint on the allocator subsystem: > any memory chunk having an outstanding live pointer is not permitted to > change type. The result is type safe and memory safe, but not alias safe. > The behavior of free() changes as follows: > > The target of free(T*) causes the target object to be placed in the pool of > available objects of type T, from which it can be reallocated. > The runtime makes no attempt to ensure that the target memory is > unreferenced. > > This preserves memory safety, but it has unfortunate implications for > aliases. Still, for certain kinds of programs this might be a reasonable > model. We can imagine (for debugging purposes) embedding a small version > number in the pointers and the target object header, and using a continuous > incremental background mark pass that would nullify invalid pointers of this > kind. Alternatively, we could imagine using fat pointers for such objects, > and always checking the version number on dereference.
Runtimes for dynamic languages spend a lot of time working with *void. The nice thing about it is that you can cast it to some other pointer type and dereference it, the compiler knows the size of it (so you can put it into an array or pass it around), and you're left on your own to determine that it's safe to use. It's useful to determine your own rules for how values of your particular type can be used and de-allocated. I like to have a system with dependant and linear (that is, destructive) types, in that you need to have (and maintain) the proofs that the target is alive in order to dereference it, and obviously to free it too. I would especially like to have a language that allows me to define new types of reference that work with the language - perhaps, implementing SwitchableRef allows the language to `case` on the target including inferring the correct regions. Particularly for people implementing runtimes that use nun-boxing or encode the tag or oo-class into the reference. Or, all of the above. If you're doing that you really have to be sure about what (reference) type you're dealing with. -- William Leslie Notice: Likely much of this email is, by the nature of copyright, covered under copyright law. You absolutely may reproduce any part of it in accordance with the copyright law of the nation you are reading this in. Any attempt to deny you those rights would be illegal without prior contractual agreement. _______________________________________________ bitc-dev mailing list [email protected] http://www.coyotos.org/mailman/listinfo/bitc-dev
