Hi, On Thu, 30 Jan 2020, Uecker, Martin wrote:
> > guarantees face serious implementation difficulties I think > > so the only alternative to PVNI (which I think is implementable > > but at a optimization opportunity cost) is one that makes > > two pointers with the same value always have the same > > provenance (and otherwise make the behavior undefined). > > This would need to come with precise rules about > when the occurance of two such pointers is UB, > e.g. comparisons of such pointers, or that > two such pointers are cast to int in the same > execution. > > The mere existance of such pointers should be > quite common and should not already be UB. > > But I am uncomfortable with the idea that > comparison of pointers is always allowed except > for some special case which then is UB. This > might cause are and very difficult to find bugs. As Richi said, the comparison itself wouldn't be UB, all comparisons would be allowed. But _if_ the pointers compare equal, they must have same (or overlapping) provenance (i.e. when they have not, then _that_ is UB). > > > Others proposed to make the result of the comparison unspecified, > > > but I think this does not help. > > > > Indeed. It's not unspecified, it's known to evaluate to false. I > > think there's existing wording in the standard that allows it to > > evaluate to true for pointers one-after-the-object, that would need to > > be changed of course. > > The problem is that if the comparison if not optimized > and the pointers have the same address, then it would > evaluate to true at run-time. If I understand correctly, > you somehow want to make this case be UB, but I haven't > quite understood how (if it is not the comparison of such > pointers that invokes UB). By saying something like "if two pointers compare equal they must have the same provenance, otherwise the behaviour is undefined". (I don't know if this definition would or would not help with the problems PVNI poses to compilers). Ciao, Michael.
