←back to thread

The provenance memory model for C

(gustedt.wordpress.com)
224 points HexDecOctBin | 4 comments | 30 Jun 25 09:25 UTC | HN request time: 0.575s | source
1. Measter ◴[01 Jul 25 12:45 UTC] No.44433373[source]
In the section about the ambiguous provenance from synthesising pointers, it's explained that the compiler will infer the correct provenance from usage. Would it not be worth having some way for the programmer to inform the compiler directly, with something analogous to Rust's Strict Provenance ptr::with_addr?

To convert it to C syntax, it's a function with roughly this signature:

    void* with_addr(void* ptr, uintptr_t addr)
Where the returned pointer has the address of `addr` and the provenance of `ptr`.
replies(3): >>44434377 #>>44435332 #>>44438710 #
2. charleslmunger ◴[01 Jul 25 14:43 UTC] No.44434377[source]
This is doable via this trick:

https://github.com/protocolbuffers/protobuf/blob/ae0129fcd01...

3. cryptonector ◴[01 Jul 25 16:08 UTC] No.44435332[source]
I'd also like to have builtin functions and/or function attributes for designating allocation and deallocation. malloc() and free() (and realloc()) should not be special because of their names -- they should be special because of their declared attributes or their derived attributes given their internals.
4. uecker ◴[01 Jul 25 22:56 UTC] No.44438710[source]
The proposal is mostly designed this way to make sure existing code is valid. One could add something "with_addr", but I am not convinced that it is really worth it.