-
-
Notifications
You must be signed in to change notification settings - Fork 1.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Added memSafe & memUnsafe #16371
Added memSafe & memUnsafe #16371
Conversation
|
Good point ! |
Rename |
… in separate commit
…e redundancy left
I used Not sure which is best, I might switch later (i'll try to have the expected results first) |
Cool! Sorry I'm just noticing this. @Clonkk, could you describe briefly what this PR does? It sounds like it adds a |
I basically copied how gcSave worked by marking "dangerous" operation as This is done at in the proc scope and so far I managed to track as unsafe :
Example of thing that do not compile : proc xx(x: int) : float =
result = cast[float](x)
# Does not compile : xx is unsafe (cast) and yy is marked as safe
proc yy() {.memSafe.} =
var x = 123456789
echo xx(x) But if you know what you're doing then you can do this : proc xx(x: var string) =
echo repr(addr(x))
# OK
proc yy() {.memSafe.}=
var y = "yy"
echo y
# Force xx to be considered memory safe
{.cast(memSafe).}:
xx(y) Since it's an effect it also propagate through API and proc call (like a tag would): proc xx() {.memUnsafe.} =
echo "xx"
# yy will be marked as unsafe because it call xx
proc yy() =
echo "yy"
xx()
# Will not compile
# zz is unsafe because it calls yy which is unsafe
proc zz() {.memSafe.} =
echo "zz"
yy() The benefit of a side effect over a tag is that you can add it to keyword ( I wasn't able to find how to track hidden deref of pointers through dot operator for now though. |
The implementation is definitely on the right track, the design is not backed up by an accepted RFC, but you know this. |
I created the corresponding RFC nim-lang/RFCs#314 |
Closing afer RFC discussion which points to other solutions being better |
This is a draft implementation very loosely related to nim-lang/RFCs#302 and issues talked about in https://forum.nim-lang.org/t/7179 (as in it's about memory safety flag).
This only reflects my vision of what a good "unsafe" solution could be in Nim.
I'm not familiar with Nim's compiler, so maybe the way I did it is wrong. Maybe it will have unintended consequences.
I have some elementary tests in
LOCAL_TEST_TO_REMOVE
(not all are ok), haven't taken the time to refactor it properly into Nim's tests suite, for now it's just something to run locally for me.MemUnsafe ideally should track :
Tracking pointer dereference could be nice as well.
It is by no means an exhaustive list of "unsafe" memory operation; just the most common one.
I haven't found where derefenrecing happens in pointer. I noticed nkDeref, nkHiddenDeref, but I need to undertand it more
Error message needs to be improved.
I'm not sure if it will go anywhere but it is a fun experiment.