On Wed, Apr 17, 2019 at 2:56 PM Uecker, Martin <martin.uec...@med.uni-goettingen.de> wrote: > > Am Mittwoch, den 17.04.2019, 14:41 +0200 schrieb Richard Biener: > > On Wed, Apr 17, 2019 at 1:53 PM Uecker, Martin > > <martin.uec...@med.uni-goettingen.de> wrote: > > > > > > > > Since > > > > your proposal is based on an abstract machine there isn't anything > > > > like a pointer with multiple provenances (which "anything" is), just > > > > pointers with no provenance (pointing outside of any object), right? > > > > > > This is correct. What the proposal does though is put a limit > > > on where pointers obtained from integers are allowed to point > > > to: They cannot point to non-exposed objects. I assume GCC > > > "anything" provenances also cannot point to all possible > > > objects. > > > > Yes. We exclude objects that do not have their address taken > > though (so somewhat similar to your "exposed"). > > Also if the address never escapes?
Yes. > Using address-taken as the criterion is one option we considered, > but we felt this exposes too many objects, like automatic > arrays or locally used malloced/alloced data etc. > > Using integer-casts as criterion means that all > objects whose address is taken but where (a) it is not > seen that the pointer is cast to an integer and > where (b) the pointer never escapes can be assumed safe. Yeah, since the abstract machine sees everything using whatever seems fit is possible. Richard. > Best, > Martin
