From d292196ff5ab9f103364e05c42a1edc03dc1b5ab Mon Sep 17 00:00:00 2001 From: Kartik Agaram Date: Mon, 15 Jun 2020 17:00:26 -0700 Subject: 6529 - don't let `addr`s escape functions I've gone back and forth on this. I initially disallowed this, then allowed it because I forgot why I disallowed it. The reason to disallow it: if you return an `addr` to a variable allocated on the stack, the space might be reused for a different type, which violates type-safety. And once you can reinterpret bits of one type as another you lose memory-safety as well. This has some interesting implications for Mu programs; certain kinds of helper functions become impossible to write. Now I find myself relying a lot more on scopes (and editor folding support) for abstracting details. And they won't help manage duplication. We'll see how this goes. While I'm being draconian about `addr`s on the stack, I'm still abusing `addr`s on the heap, with the expectation that future checks on reclamation will protect me. The boon and bane of stack space is that it's constantly reclaimed. --- apps/mu.subx | 3 +++ 1 file changed, 3 insertions(+) (limited to 'apps/mu.subx') diff --git a/apps/mu.subx b/apps/mu.subx index 70ad482d..cd08466e 100644 --- a/apps/mu.subx +++ b/apps/mu.subx @@ -4638,6 +4638,9 @@ $parse-mu:error2: # ✓ fn foo x: int { # ✓ fn foo x: int { # ✓ fn foo x: int -> y/eax: int { +# TODO: +# disallow outputs of type `(... addr ...)` +# disallow inputs of type `(... addr ... addr ...)` populate-mu-function-header: # first-line: (addr stream byte), out: (addr function), vars: (addr stack live-var), err: (addr buffered-file), ed: (addr exit-descriptor) # pseudocode: # var name: slice -- cgit 1.4.1-2-gfad0