[bitc-dev] ref to union contents
Jonathan S. Shapiro
shap at eros-os.org
Mon Mar 7 23:02:26 EST 2005
Just to clarify:
Eric has identified a real problem. In the current BitC spec, you cannot
take a ref in the way he describes, because ref's can only be taken if
it is possible to force the object to the heap.
However, you *can*, as of the 0.6 spec, take a **stack-ref** to the
union member. This is a specialized, non-escaping ref, and is therefore
safe when taken on most types of members. However, it is *not* safe at
all in the case that Eric identifies.
It's not immediately clear what to do about this. The problem is that we
really do need to be able to do exactly the sort of thing (without the
overwrite) that Eric is discussing. For example, we would like to be
able to take a mutable doubly linked list field of a mutable union and
pass a stack ref to the doubly linked list field down to an unlink
In the general case, it is probably NOT possible to do enough alias
analysis to prohibit this error from occurring.
In ML this case cannot arise, because a mutable cell cannot be unboxed
into a union.
On Mon, 2005-03-07 at 16:26 -0500, Eric Northup wrote:
> It has occurred to me that the ability to take references to objects combined with the BitC's tagged unions might be dangerous. Can we take references to the contents of a union? It would be nice if we could, safely. On the other hand, if the union is mutable, it is important that programs not be able to keep references to the contents of the union past the assignment. Because the assignment might change which leg of the union is being used.
> The following program probably isn't correct BitC 0.6, but I hope it conveys the hypothetical problem scenario.
> (defunion foo
> (a int32)
> (b . . .))
> (define x:(mutable foo)
> (a 10))
> (define myfunc
> (case x
> ((a int_from_a)
> (let (r (ref int_from_a))
> (set! x (b (. . .)))
> (do_something r))))
> ((b ...)
> do_something gets a reference to int_from_a, even though x is no longer in the 'a' branch of the union.
> Reading the 0.6 BitC spec, I don't anything making this illegal. And it doesn't seem that the (let (r (ref int_from_a))) does a copy of int_from_a. So the above code should be illegal. Have I missed something?
> bitc-dev mailing list
> bitc-dev at coyotos.org
More information about the bitc-dev