C++ Logo

std-proposals

Advanced search

Re: Poisoned initializers

From: Ville Voutilainen <ville.voutilainen_at_[hidden]>
Date: Sat, 12 Jun 2021 16:05:00 +0300
On Sat, 12 Jun 2021 at 15:45, Tom Honermann <tom_at_[hidden]> wrote:
> Ah, yes, I agree that an attribute is the right tool for this. However, the goal is to enable taint analysis by annotating a value, not a variable (a variable can be cured, a poisoned value is forever tainted). This may require a form of expression attributes.
>
> It may be useful to annotate a portion of an initializer:
>
> struct aggregate {
> const char *desc;
> int value;
> };
> aggregate a = { "the thing", POISON(-1) };
>
> Likewise, applying poison outside of initialization context could be useful:
>
> int *p = new int;
> ...
> delete p;
> p = POISON(nullptr);

Well, considering that, namely that there are plausible use cases for
post-initialization assignment,
and also that it can be applied to just parts of a whole-object initialization,
an attribute doesn't seem like a good tool, and you want a magic function.
I would otherwise call it "unlaunder" since it turns your laundry
dirty, but it's not a pointer operation like
launder is. Perhaps

template <class T> remove_cvref_t<T> unsanitize(T&& t);

Returns: Either t or an unspecified value. If an unspecified value is
returned, the value and copies of the
value may be treated as indeterminate values until a subsequent
assignment or bitwise copy of a non-indeterminate
value is performed to the storage location where such a result or copy
of the result of unsanitize() is stored.

I'm sure that will be wordsmitten further, but I trust you get the
drift of it. I'm riding on indeterminate values here,
and although that could theoretically cause any assignment from
unsanitize() to be deemed UB, I think we
can reasonably expect implementations to do reasonable things here. I
do not want to just strike the "the value and"
part of it, to try and allow implementations to diagnose the use of
references bound to the prvalue result of unsanitize.

Received on 2021-06-12 08:05:18