Date: Tue, 11 Nov 2025 20:10:09 -0800
On Tuesday, 11 November 2025 15:33:42 Pacific Standard Time Oliver Hunt via
Std-Proposals wrote:
> Trivial relocation/restart_lifetime copies the existing vtable (i.e. the
> dynamic type, which may not match the static type) so has to authenticate
> that pointer and then sign the new one.
This is what I originally thought, but Arthur corrected me in that the
restart_lifetime paper would require the dynamic type of the object to match
the static type provided in the function template.
That is, if you did:
Derived *d = new Derived;
d = static_cast<Derived *>(my_realloc(d));
Base *realloc_base(Base *b)
{
void *ptr = realloc(b, b->datasize());
return std::restart_lifetime(b);
}
That restart_lifetime call would be UB (and so would the static_cast, I
guess).
That would permit the implementation on ARM64e or similar to install the
authenticated vtable pointer known from a constant. If that messes up the
user's code, then that's UB for you. Likewise, in other systems were the
function is an effective no-op, leaving the dynamic type as Derived is also
allowed by UB. The latter is something UBSan could detect, but I doubt it
could in the authenticated pointer case.
Std-Proposals wrote:
> Trivial relocation/restart_lifetime copies the existing vtable (i.e. the
> dynamic type, which may not match the static type) so has to authenticate
> that pointer and then sign the new one.
This is what I originally thought, but Arthur corrected me in that the
restart_lifetime paper would require the dynamic type of the object to match
the static type provided in the function template.
That is, if you did:
Derived *d = new Derived;
d = static_cast<Derived *>(my_realloc(d));
Base *realloc_base(Base *b)
{
void *ptr = realloc(b, b->datasize());
return std::restart_lifetime(b);
}
That restart_lifetime call would be UB (and so would the static_cast, I
guess).
That would permit the implementation on ARM64e or similar to install the
authenticated vtable pointer known from a constant. If that messes up the
user's code, then that's UB for you. Likewise, in other systems were the
function is an effective no-op, leaving the dynamic type as Derived is also
allowed by UB. The latter is something UBSan could detect, but I doubt it
could in the authenticated pointer case.
-- Thiago Macieira - thiago (AT) macieira.info - thiago (AT) kde.org Principal Engineer - Intel Data Center - Platform & Sys. Eng.
Received on 2025-11-12 04:10:18