(gustedt.wordpress.com)

225 points HexDecOctBin | 1 comments | 30 Jun 25 09:25 UTC | HN request time: 0.229s | source

Show context

b0a04gl ◴[30 Jun 25 15:02 UTC] No.44424206[source]▶

provenance model basically turns memory back into a typed value. finally malloc wont just be a dumb number generator, it'll act more like a capability issuer. and access is not 'is this address in range' anymore, but “does this pointer have valid provenance”. way more deterministic, decouples gcc -wall

replies(1): >>44424492 #

HexDecOctBin ◴[30 Jun 25 15:28 UTC] No.44424492[source]▶

>>44424206 #

Will this create more nasal demons? I always disable strict aliasing, and it's not clear to me after reading the whole article whether provenance is about making sane code illegal, or making previously illegal sane code legal.

replies(3): >>44424935 #>>44425068 #>>44425399 #

1. layer8 ◴[30 Jun 25 16:21 UTC] No.44425068[source]▶

>>44424492 #

This is basically a formalization of the general understanding one already had when reading the C standard thoroughly 25 years ago. At least I was nodding along throughout the article. It cleans up the parts where the standard was too imprecise and handwavy.

↑

The provenance memory model for C