Just to clarify: Eric has identified a real problem. In the current BitC spec, you cannot take a ref in the way he describes, because ref's can only be taken if it is possible to force the object to the heap.
However, you *can*, as of the 0.6 spec, take a **stack-ref** to the union member. This is a specialized, non-escaping ref, and is therefore safe when taken on most types of members. However, it is *not* safe at all in the case that Eric identifies. It's not immediately clear what to do about this. The problem is that we really do need to be able to do exactly the sort of thing (without the overwrite) that Eric is discussing. For example, we would like to be able to take a mutable doubly linked list field of a mutable union and pass a stack ref to the doubly linked list field down to an unlink routine. In the general case, it is probably NOT possible to do enough alias analysis to prohibit this error from occurring. In ML this case cannot arise, because a mutable cell cannot be unboxed into a union. shap On Mon, 2005-03-07 at 16:26 -0500, Eric Northup wrote: > Hi, > > It has occurred to me that the ability to take references to objects combined > with the BitC's tagged unions might be dangerous. Can we take references to > the contents of a union? It would be nice if we could, safely. On the other > hand, if the union is mutable, it is important that programs not be able to > keep references to the contents of the union past the assignment. Because > the assignment might change which leg of the union is being used. > > The following program probably isn't correct BitC 0.6, but I hope it conveys > the hypothetical problem scenario. > > (defunion foo > (a int32) > (b . . .)) > > (define x:(mutable foo) > (a 10)) > > (define myfunc > (case x > ((a int_from_a) > (let (r (ref int_from_a)) > (begin > (set! x (b (. . .))) > (do_something r)))) > ((b ...) > (...)) > ) > )) > > do_something gets a reference to int_from_a, even though x is no longer in > the 'a' branch of the union. > > Reading the 0.6 BitC spec, I don't anything making this illegal. And it > doesn't seem that the (let (r (ref int_from_a))) does a copy of int_from_a. > So the above code should be illegal. Have I missed something? > > --Eric > > _______________________________________________ > bitc-dev mailing list > [email protected] > http://www.coyotos.org/mailman/listinfo/bitc-dev _______________________________________________ bitc-dev mailing list [email protected] http://www.coyotos.org/mailman/listinfo/bitc-dev
