Date: Tue, 14 Feb 2023 20:07:29 +0100
Hi Sebastian
According to my proposal a variable get “unsafe” if from any of the execution flow the variable cloud become invalid, therefore ptr_i is unsafe at the end of the switch.
Then the compiler should be able to realized that it could be reused inside the loop. I am not saying that this check is easy to implement in the compilers, but Rust compiler is able to check it (example of rust code with this rust - Value moved here, in previous iteration of loop - Stack Overflow <https://stackoverflow.com/questions/58730100/value-moved-here-in-previous-iteration-of-loop> )
Best Regards
Roberto
From: Std-Proposals <std-proposals-bounces_at_[hidden]> On Behalf Of Sebastian Wittmeier via Std-Proposals
Sent: Tuesday 14 February 2023 18:33
To: std-proposals_at_[hidden]
Cc: Sebastian Wittmeier <wittmeier_at_[hidden]>
Subject: Re: [std-proposals] Safety checks at compile time
Hi Roberto,
the difficulty is that with realistic programs it is not easily determined, in which order operations are carried out.
Consider as an slightly exaggerated example
while(true) {
cin >> nextcmd;
switch (nextcmd) {
case 0:
std::move(ptr_i);
break;
case 1:
use(ptr_i);
break;
}
}
Otherwise look - as alternative to move semantics - at the reloc discussion on this list for a way to also (in some fashion, at least in serial code) 'not being able to' use variables 'after' their content has been relocated from and watch some of the Cppcon videos about memory safety and approaches to improve it in C++:
https://www.youtube.com/watch?v=ml4t-6bg9-M - Jim Radigan - -memory-safe C++
https://www.youtube.com/watch?v=l3rvjWfBzZI - Bjarne Stroustrup - Type-and-resource Safety in Modern C++
https://www.youtube.com/watch?v=ELeZAKCN4tY - Herb Sutter - Can C++ be 10x Simpler & Safer?
https://www.youtube.com/watch?v=_pQGRr4P16w - Sunny Chatterjee - Closing the Gap between Rust and C++ Using Principles of Static Analysis
Best,
Sebastian
-----Ursprüngliche Nachricht-----
Von: Roberto R via Std-Proposals <std-proposals_at_[hidden] <mailto:std-proposals_at_[hidden]> >
Gesendet: Di 14.02.2023 18:02
Betreff: [std-proposals] Safety checks at compile time
An: std-proposals_at_[hidden] <mailto:std-proposals_at_[hidden]> ;
CC: roberto.romani_at_[hidden] <mailto:roberto.romani_at_[hidden]> ;
After an object is move from cannot be used!!! Or more generic after an object get unsafe cannot be used.
According to my proposal a variable get “unsafe” if from any of the execution flow the variable cloud become invalid, therefore ptr_i is unsafe at the end of the switch.
Then the compiler should be able to realized that it could be reused inside the loop. I am not saying that this check is easy to implement in the compilers, but Rust compiler is able to check it (example of rust code with this rust - Value moved here, in previous iteration of loop - Stack Overflow <https://stackoverflow.com/questions/58730100/value-moved-here-in-previous-iteration-of-loop> )
Best Regards
Roberto
From: Std-Proposals <std-proposals-bounces_at_[hidden]> On Behalf Of Sebastian Wittmeier via Std-Proposals
Sent: Tuesday 14 February 2023 18:33
To: std-proposals_at_[hidden]
Cc: Sebastian Wittmeier <wittmeier_at_[hidden]>
Subject: Re: [std-proposals] Safety checks at compile time
Hi Roberto,
the difficulty is that with realistic programs it is not easily determined, in which order operations are carried out.
Consider as an slightly exaggerated example
while(true) {
cin >> nextcmd;
switch (nextcmd) {
case 0:
std::move(ptr_i);
break;
case 1:
use(ptr_i);
break;
}
}
Otherwise look - as alternative to move semantics - at the reloc discussion on this list for a way to also (in some fashion, at least in serial code) 'not being able to' use variables 'after' their content has been relocated from and watch some of the Cppcon videos about memory safety and approaches to improve it in C++:
https://www.youtube.com/watch?v=ml4t-6bg9-M - Jim Radigan - -memory-safe C++
https://www.youtube.com/watch?v=l3rvjWfBzZI - Bjarne Stroustrup - Type-and-resource Safety in Modern C++
https://www.youtube.com/watch?v=ELeZAKCN4tY - Herb Sutter - Can C++ be 10x Simpler & Safer?
https://www.youtube.com/watch?v=_pQGRr4P16w - Sunny Chatterjee - Closing the Gap between Rust and C++ Using Principles of Static Analysis
Best,
Sebastian
-----Ursprüngliche Nachricht-----
Von: Roberto R via Std-Proposals <std-proposals_at_[hidden] <mailto:std-proposals_at_[hidden]> >
Gesendet: Di 14.02.2023 18:02
Betreff: [std-proposals] Safety checks at compile time
An: std-proposals_at_[hidden] <mailto:std-proposals_at_[hidden]> ;
CC: roberto.romani_at_[hidden] <mailto:roberto.romani_at_[hidden]> ;
After an object is move from cannot be used!!! Or more generic after an object get unsafe cannot be used.
Received on 2023-02-14 19:07:32