From: Jeff Law <law@redhat.com>
To: "Uecker, Martin" <Martin.Uecker@med.uni-goettingen.de>,
"Peter.Sewell@cl.cam.ac.uk" <Peter.Sewell@cl.cam.ac.uk>,
"richard.guenther@gmail.com" <richard.guenther@gmail.com>
Cc: "gcc@gcc.gnu.org" <gcc@gcc.gnu.org>,
"cl-c-memory-object-model@lists.cam.ac.uk"
<cl-c-memory-object-model@lists.cam.ac.uk>
Subject: Re: C provenance semantics proposal
Date: Thu, 18 Apr 2019 13:42:00 -0000 [thread overview]
Message-ID: <30c3be07-433d-b945-40de-7b9a02f78789@redhat.com> (raw)
In-Reply-To: <1555590011.12545.3.camel@med.uni-goettingen.de>
On 4/18/19 6:20 AM, Uecker, Martin wrote:
> Am Donnerstag, den 18.04.2019, 11:45 +0100 schrieb Peter Sewell:
>> On Thu, 18 Apr 2019 at 10:32, Richard Biener <richard.guenther@gmail.com> wrote:
>
>
>> An equality test of two pointers, on the other hand, doesn't necessarily
>> mean that they are interchangeable.  I don't see any good way to
>> avoid that in a provenance semantics, where a one-past
>> pointer might sometimes compare equal to a pointer to an
>> adjacent object but be illegal for accessing it.
>
> As I see it, there are essentially four options:
>
> 1.) Compilers do not use conditional equivalences for
> optimizations of pointers (or only when additional
> conditions apply which make it safe)
I know this will hit DOM and CSE. I wouldn't be surprised if it touches
VRP as well, maybe PTA. It seems simple enough though :-)
>
> 2.) We make pointer comparison between a pointer
> and a one-after pointer of a different object
> undefined behaviour.
I generally like this as well, though I suspect it probably makes a lot
of currently well defined code undefined.
>
> 3.) We make comparison have the side effect that
> afterwards any of the two pointers could have any
> of the two provenances. (with disambiguitation
> similar to what we have for casts).
This could have some interesting effects on PTA. Richi?
>
> 4.) Compilers make sure that exposed objects never
> are allocated next to each other (as Jens proposed).
Ugh. Not sure how you enforce that. Consider that the compiler may
ultimately have no control over layout of data in static storage.
jeff
next prev parent reply other threads:[~2019-04-18 13:42 UTC|newest]
Thread overview: 56+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-04-02 8:11 Peter Sewell
2019-04-12 14:51 ` Jeff Law
2019-04-12 15:31 ` Peter Sewell
2019-04-17 9:06 ` Richard Biener
2019-04-17 9:15 ` Peter Sewell
2019-04-17 9:41 ` Richard Biener
2019-04-17 11:53 ` Uecker, Martin
2019-04-17 12:41 ` Richard Biener
2019-04-17 12:56 ` Uecker, Martin
2019-04-17 13:35 ` Richard Biener
2019-04-17 14:12 ` Uecker, Martin
2019-04-17 17:31 ` Peter Sewell
2019-04-18 9:32 ` Richard Biener
2019-04-18 9:56 ` Richard Biener
2019-04-18 10:48 ` Peter Sewell
2019-04-18 11:57 ` Uecker, Martin
2019-04-18 12:31 ` Richard Biener
2019-04-18 13:25 ` Uecker, Martin
2019-04-18 10:45 ` Peter Sewell
2019-04-18 12:20 ` Uecker, Martin
2019-04-18 12:42 ` Richard Biener
2019-04-18 12:47 ` Jakub Jelinek
2019-04-18 12:51 ` Jakub Jelinek
2019-04-18 13:29 ` Jeff Law
2019-04-24 10:12 ` Richard Biener
2019-04-18 13:49 ` Uecker, Martin
2019-04-19 8:19 ` Jens Gustedt
2019-04-19 8:49 ` Jakub Jelinek
2019-04-19 9:09 ` Jens Gustedt
2019-04-19 9:34 ` Jakub Jelinek
2019-04-21 8:15 ` Jens Gustedt
2019-04-24 10:24 ` Richard Biener
2019-04-24 18:43 ` Jeff Law
2019-04-24 19:21 ` Jens Gustedt
2019-04-19 9:11 ` Peter Sewell
2019-04-19 9:15 ` Jens Gustedt
2019-04-19 9:35 ` Peter Sewell
2019-04-19 10:35 ` Uecker, Martin
2019-04-19 10:01 ` Uecker, Martin
2019-04-18 13:42 ` Jeff Law [this message]
2019-04-18 13:54 ` Uecker, Martin
2019-04-18 14:49 ` Peter Sewell
2019-04-18 15:09 ` Uecker, Martin
2019-04-24 10:19 ` Richard Biener
2019-04-24 18:41 ` Jeff Law
2019-04-24 19:30 ` Philipp Klaus Krause
2019-04-24 19:55 ` Uecker, Martin
2019-04-24 19:33 ` Jakub Jelinek
2019-04-24 21:19 ` Peter Sewell
2019-04-25 12:42 ` Richard Biener
2019-04-25 13:03 ` Peter Sewell
2019-04-25 13:13 ` Richard Biener
2019-04-25 13:20 ` Peter Sewell
2019-04-29 14:31 ` Joseph Myers
2019-04-25 12:39 ` Richard Biener
2019-05-09 11:26 ` Ralf Jung
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=30c3be07-433d-b945-40de-7b9a02f78789@redhat.com \
--to=law@redhat.com \
--cc=Martin.Uecker@med.uni-goettingen.de \
--cc=Peter.Sewell@cl.cam.ac.uk \
--cc=cl-c-memory-object-model@lists.cam.ac.uk \
--cc=gcc@gcc.gnu.org \
--cc=richard.guenther@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).