Opened 15 months ago

Last modified 14 months ago

#189 closed defect

Reference and pointer types allow unsound initialization — at Version 1

Reported by: mlbrooks Owned by:
Priority: major Component: cfa-cc
Version: 1.0 Keywords:
Cc:

Description (last modified by mlbrooks)

This code implies a reinterpret pointer cast. But the code does not do a cast.

int main() {
    float x = 3.14;
    float & xx = x;
    int & yy = xx;  // not sound
    int y = yy;
    printf("%d\n", y);
}

Expected: Compiler error at "not sound" line, saying cannot initialize int & from float &.

Actual: Compiler success; program prints 1078523331 which is the decimal value of 0x4048f5c3, which is the IEEE 754 representation of 3.14.

Note that this unsoundness also happens at function return.

This allows for:

forall (dtype T, dtype S)
T & anycvt( S & s ) {
    return s; // not sound
}
int main() {
    float x = 3.14;
    int y = anycvt(x);
    printf("%d\n", y);
}

Expected: Compiler error at "not sound" line, saying cannot initialize T & from S &.

Actual: Compiler success; program prints 1078523331.

This behaviour also occurs with pointers. Furthermore, this example is trimmed such that it can run with -n (no prelude).

struct A {};
struct B {};

void f() {
    A * ap;
    B * bp = ap; // not sound
}

Expected: Compiler error at "not sound" line, saying cannot initialize B* from A*.

Actual: cfa-cpp -n -P astexpr -P ascodegen produces output in which the "unsound" line is B *_X2bpPS1B_2 = ((B *)_X2apPS1A_2);.

Change History (1)

comment:1 Changed 15 months ago by mlbrooks

Description: modified (diff)
Summary: Reference types allow unsound assignmentReference and pointer types allow unsound initialization
Note: See TracTickets for help on using tickets.