Date: Sat, 18 Jan 2014 04:29:00 +0000
I'm starting a new subthread here since the topic can be decoupled.
[...]
| Moving to a question you didn’t ask: What if my_malloc/my_free
| returned/took not void*, but my_class* (so a class-specific allocator,
| implemented using malloc/free)? That is:
|
|
|
| std::map<size_t, std::stack<my_class*>> size_classes = {{16, {}}, {32, {}},
| ...};
|
| my_class* my_malloc(size_t size) {
| auto size_class = size_classes.lower_bound(size);
| assert(size_class != size_classes.end());
| if (size_class->second.empty())
| return (my_class*)malloc(size_class->first);
| void* result = size_class->second.top();
| size_class->second.pop();
| return result;
| }
|
| void my_free(size_t size, my_class* block) {
| size_classes.lower_bound(size)->second.push(block);
| }
|
|
|
| Then this would require some decoration around the (single) cast to
| my_class*, perhaps:
|
|
|
| ...
|
| if (size_class->second.empty()) {
| my_class* ret = nullptr;
|
| extern “c-style” {
|
| ret = (my_class*)malloc(size_class->first);
|
| }
|
| return ret;
|
| }
Purely syntactic commentary: I would like to suggest that we avoid 'extern' and anything that mention C that might give the impression that we are writing a C-block.
This is still C++. The language linkage declaration syntax has and continues to cause confusion.
The delimitated code is still standard C++. We would also want that if it passes the more stringent (or lenient) checks, then it must also pass standard C++ checks with the same semantics when the annotation/delimiter is removed. We have a framework and a notation for that kind of things when it comes to declarations: Attributes. I would support extending the notation to group of declarations or statements, e.g.
[[instrument_casts_from_generic_data_pointer]] {
// ...
void* p = acquire_some_void_star();
auto q = reinterpret_cast<Foo*>(p);
do_something_with_foo(q);
// ...
}
or
[[ translator::policy = check_casts ]] {
// ...
}
I expect this scheme to support the notion of Semantically Enhanced Language Libraries (SELL)
http://www.stroustrup.com/SELLrationale.pdf
of which Safe C++ is an instance.
-- Gaby
[...]
| Moving to a question you didn’t ask: What if my_malloc/my_free
| returned/took not void*, but my_class* (so a class-specific allocator,
| implemented using malloc/free)? That is:
|
|
|
| std::map<size_t, std::stack<my_class*>> size_classes = {{16, {}}, {32, {}},
| ...};
|
| my_class* my_malloc(size_t size) {
| auto size_class = size_classes.lower_bound(size);
| assert(size_class != size_classes.end());
| if (size_class->second.empty())
| return (my_class*)malloc(size_class->first);
| void* result = size_class->second.top();
| size_class->second.pop();
| return result;
| }
|
| void my_free(size_t size, my_class* block) {
| size_classes.lower_bound(size)->second.push(block);
| }
|
|
|
| Then this would require some decoration around the (single) cast to
| my_class*, perhaps:
|
|
|
| ...
|
| if (size_class->second.empty()) {
| my_class* ret = nullptr;
|
| extern “c-style” {
|
| ret = (my_class*)malloc(size_class->first);
|
| }
|
| return ret;
|
| }
Purely syntactic commentary: I would like to suggest that we avoid 'extern' and anything that mention C that might give the impression that we are writing a C-block.
This is still C++. The language linkage declaration syntax has and continues to cause confusion.
The delimitated code is still standard C++. We would also want that if it passes the more stringent (or lenient) checks, then it must also pass standard C++ checks with the same semantics when the annotation/delimiter is removed. We have a framework and a notation for that kind of things when it comes to declarations: Attributes. I would support extending the notation to group of declarations or statements, e.g.
[[instrument_casts_from_generic_data_pointer]] {
// ...
void* p = acquire_some_void_star();
auto q = reinterpret_cast<Foo*>(p);
do_something_with_foo(q);
// ...
}
or
[[ translator::policy = check_casts ]] {
// ...
}
I expect this scheme to support the notion of Semantically Enhanced Language Libraries (SELL)
http://www.stroustrup.com/SELLrationale.pdf
of which Safe C++ is an instance.
-- Gaby
Received on 2014-01-18 05:29:05