On Mon, Oct 21, 2013 at 11:48 AM, Patrick Walton <pwal...@mozilla.com> wrote: > This seems generally on the right track. A couple of thoughts: > > * I can pretty much guarantee you that that simple of a static analysis to > determine stack size is going to fail on any reasonable program. I would > just leave it out. If you're feeling ambitious, you could implement it as an > LLVM pass to eliminate stack bounds checks on recursion-free leaves of the > call graph. (LLVM is the right place to do it, as it can make these > decisions post-inlining, and also knows the exact amount of stack space each > function takes up.) >
Yep. It's mostly for the case where recursion and dynamic dispatch is going to be denied, which seems to be the case for some embedded/realtime contexts, afaict from the available research. > * Why not have the crate-level stack checking attribute be a function-level > attribute instead? That way you could implement "tainting" easily: just > require that any function tagged with "no stack check" be marked unsafe. > It's not obvious to me that one could have multiple functions in a crate, each having a different stack safety strategy, working at once. No stack check on a function level would be easy to implement though, yes. _______________________________________________ Rust-dev mailing list Rust-dev@mozilla.org https://mail.mozilla.org/listinfo/rust-dev
