Am Mittwoch, den 17.04.2019, 14:41 +0200 schrieb Richard Biener: > On Wed, Apr 17, 2019 at 1:53 PM Uecker, Martin > <martin.uec...@med.uni-goettingen.de> wrote:
> > > > > Since > > > your proposal is based on an abstract machine there isn't anything > > > like a pointer with multiple provenances (which "anything" is), just > > > pointers with no provenance (pointing outside of any object), right? > > > > This is correct. What the proposal does though is put a limit > > on where pointers obtained from integers are allowed to point > > to: They cannot point to non-exposed objects. I assume GCC > > "anything" provenances also cannot point to all possible > > objects. > > Yes. We exclude objects that do not have their address taken > though (so somewhat similar to your "exposed"). Also if the address never escapes? Using address-taken as the criterion is one option we considered, but we felt this exposes too many objects, like automatic arrays or locally used malloced/alloced data etc. Using integer-casts as criterion means that all objects whose address is taken but where (a) it is not seen that the pointer is cast to an integer and where (b) the pointer never escapes can be assumed safe. Best, Martin
