source: doc/proposals/void_ptr.md@ 2c6c893

ADT aaron-thesis arm-eh ast-experimental cleanup-dtors deferred_resn demangler enum forall-pointer-decay jacob/cs343-translation jenkins-sandbox new-ast new-ast-unique-expr new-env no_list persistent-indexer pthread-emulation qualifiedEnum resolv-new with_gc
Last change on this file since 2c6c893 was d2ac7d5, checked in by Aaron Moss <a3moss@…>, 9 years ago

Add void* handling proposal

  • Property mode set to 100644
File size: 2.1 KB
RevLine 
[d2ac7d5]1## Options for safer void* handling #
2C allows implicit conversions between `void*` and other pointer types, as per
3section 6.3.2.3.1 of the standard.
4Making these implicit conversions explicit in Cforall would provide
5significant type-safety benefits, and is precedented in C++.
6A weaker version of this proposal would be to allow implicit conversions to
7`void*` (as a sort of "top type" for all pointer types), but to make the
8unsafe conversion from `void*` back to a concrete pointer type an explicit
9conversion.
10However, `int *p = malloc( sizeof(int) );` and friends are hugely common
11in C code, and rely on the unsafe implicit conversion from the `void*` return
12type of `malloc` to the `int*` type of the variable - obviously it would be
13too much of a source-compatibility break to disallow this for C code.
14We do already need to wrap C code in an `extern "C"` block, though, so it is
15technically feasible to make the `void*` conversions implicit in C but
16explicit in Cforall.
17
18As a possible mitigation for calling C code with `void*`-based APIs, pointers-to-dtype are
19calling-convention compatible with `void*`; we could read `void*` in function
20signatures as essentially a fresh dtype type variable, e.g:
21
22 void* malloc( size_t )
23 => forall(dtype T0) T0* malloc( size_t )
24 void qsort( void*, size_t, size_t, int (*)( const void*, const void* ) )
25 => forall(dtype T0, dtype T1, dtype T2)
26 void qsort( T0*, size_t, size_t, int (*)( const T1*, const T2* ) )
27
28In this case, there would be no conversion needed to call `malloc`, just the
29polymorphic type binding.
30This should handle many of the uses of `void*` in C.
31
32This feature would even allow us to leverage some of Cforall's type safety to write
33better declarations for legacy C API functions, like the following wrapper for
34`qsort`:
35
36 extern "C" { // turns off name-mangling so that this calls the C library
37 // call-compatible type-safe qsort signature
38 forall(dtype T)
39 void qsort( T*, size_t, size_t, int (*)( const T*, const T* ) );
40
41 // forbid type-unsafe C signature from resolving
42 void qsort( void*, size_t, size_t, int (*)( const void*, const void* ) )
43 = delete;
44 }
Note: See TracBrowser for help on using the repository browser.