[M3devel] ADR is *too* unsafe..

Jay K jay.krell at cornell.edu
Wed Jun 2 17:18:22 CEST 2010


Cool.

 > but also modified the front-end of the compiler to generate C
header files for Modula-3 interface files.
 > This way, procedures exported via a
Modula-3 interface can be called directly from C using "module dot method"
syntax


I've been wanting that. :)

 > "CVAR"

Sounds like a good small change?

 - Jay


----------------------------------------
> From: hosking at cs.purdue.edu
> Date: Wed, 2 Jun 2010 11:08:55 -0400
> To: hosking at cs.purdue.edu
> CC: m3devel at elegosoft.com; jay.krell at cornell.edu
> Subject: Re: [M3devel] ADR is *too* unsafe..
>
> Also, I meant to point to:
>
> http://www.modula3.org/threads/3/#advancedTopic
>
> On 2 Jun 2010, at 11:02, Tony Hosking wrote:
>
>> Actually, the compiler already has support to do exactly what you want. Take a look at the flag Host.new_adr. This implements:
>>
>> ADR (t: T): UNTRACED REF T
>>
>>
>>
>> On 2 Jun 2010, at 10:07, Jay K wrote:
>>
>>>
>>> The compiler doesn't break. Mentor does, networking stuff. I fixed it. But I would have
>>> expected the compiler to have told me about it.
>>> It is unfortunate. ADR should be *slightly* safer.
>>> Maybe we can get a warning for this? passing ADR(foo) to untraced ref bar?
>>> It seems...quite unfortunate that the language is defined this way..
>>>
>>> - Jay
>>>
>>>
>>> ----------------------------------------
>>>> From: hosking at cs.purdue.edu
>>>> Date: Wed, 2 Jun 2010 10:01:09 -0400
>>>> To: jay.krell at cornell.edu
>>>> CC: m3devel at elegosoft.com
>>>> Subject: Re: [M3devel] ADR is *too* unsafe..
>>>>
>>>> Why does the compiler break?
>>>> Yes, VAR is *much* safer.
>>>>
>>>> On 2 Jun 2010, at 03:41, Jay K wrote:
>>>>
>>>>>
>>>>> (*
>>>>> Wow, ADR generates a plain ADDRESS, not an untraced ref to a specific type?
>>>>> Doesn't this seem wrong? Doesn't unsafe code deserve a little better, say,
>>>>> to be at least as typesafe as C?
>>>>> http://www.cs.purdue.edu/homes/hosking/m3/reference/unsafe.html
>>>>>
>>>>> This is why 64bit m3-comm/tcp/src/TCP.m3 breaks randomly
>>>>> on some platforms on an assertion failure in C. And the
>>>>> compiler isn't going to help me find these type mismatches? Ugh.
>>>>>
>>>>> This seems wrong. :(
>>>>>
>>>>> I guess I should really really use VAR then.
>>>>> *)
>>>>>
>>>>>
>>>>> UNSAFE MODULE Main;
>>>>> IMPORT Ctypes, Cstddef;
>>>>>
>>>>>
>>>>> PROCEDURE F1(a:UNTRACED REF Ctypes.int) =
>>>>> BEGIN
>>>>> F2(a); (* error, expected *)
>>>>> END F1;
>>>>>
>>>>>
>>>>> PROCEDURE F2(a:UNTRACED REF Cstddef.size_t) =
>>>>> BEGIN
>>>>> F1(a); (* error, expected *)
>>>>> END F2;
>>>>>
>>>>>
>>>>> VAR c:Ctypes.int;
>>>>> d:Cstddef.size_t;
>>>>>
>>>>>
>>>>> BEGIN
>>>>> F1(ADR(c)); (* ok *)
>>>>> F1(ADR(d)); (* error expected but no *)
>>>>> F2(ADR(c)); (* error expected but no *)
>>>>> F2(ADR(d)); (* ok *)
>>>>> END Main.
>>>>>
>>>>>
>>>>>
>>>>> - Jay
>>>>>
>>>>
>>>
>>
>
 		 	   		  


More information about the M3devel mailing list