[M3devel] ADR is *too* unsafe..

Jay K jay.krell at cornell.edu
Wed Jun 2 09:41:33 CEST 2010


(*
Wow, ADR generates a plain ADDRESS, not an untraced ref to a specific type?
Doesn't this seem wrong? Doesn't unsafe code deserve a little better, say,
  to be at least as typesafe as C?
http://www.cs.purdue.edu/homes/hosking/m3/reference/unsafe.html

This is why 64bit m3-comm/tcp/src/TCP.m3 breaks randomly
on some platforms on an assertion failure in C. And the
compiler isn't going to help me find these type mismatches? Ugh.

This seems wrong. :(

I guess I should really really use VAR then.
*)


UNSAFE MODULE Main;
IMPORT Ctypes, Cstddef;


PROCEDURE F1(a:UNTRACED REF Ctypes.int) =
BEGIN
  F2(a); (* error, expected *)
END F1;


PROCEDURE F2(a:UNTRACED REF Cstddef.size_t) =
BEGIN
  F1(a); (* error, expected *)
END F2;


VAR c:Ctypes.int;
    d:Cstddef.size_t;

    
BEGIN
  F1(ADR(c)); (* ok *)
  F1(ADR(d)); (* error expected but no *)
  F2(ADR(c)); (* error expected but no *)
  F2(ADR(d)); (* ok *)
END Main.



 - Jay
 		 	   		  


More information about the M3devel mailing list