A major part of C++0x is the addition of an explicit memory model, which will allow for safe multithreaded programming (C's memory model, which C++98 inherits, is really only sensible in single-threaded code). At the most recent C++0x meetings in Sophia Antipolis, an important change was voted into the working paper that assists garbage collection, based on the wording in N2586.
In order to allow safe garbage collection, you have to prohibit "pointer hiding". This is where one plays tricks such as taking the integer value of a pointer, xor'ing it with a constant, and then later reversing the operation. In C99/C++98, this is a valid technique and works (though IMO, anyone using it should be beaten with a stick). But doing this makes garbage collection very difficult: if the pointer is hidden in this way when the GC pass runs, it cannot 'see' that the pointer is still there, and might prematurely deallocate the pointed-to object. So in C++0x, while code hiding pointers will remain valid, actually dereferencing the pointer becomes an undefined operation. The expectation is that, in non-GC'ed C++ programs, it will continue to work as it has in the past, while explicitly allowing a GC to reclaim memory without having to worry that a valid pointer to the object might suddenly pop back into existence.
It seems like the committee is mostly considering this as useful in the context of GC'ed programs, or perhaps in conjunction with leak detectors, but there is actually another reason that this is very very useful: it allows a C++ VM to prohibit reference forging. That restriction could potentially be of great value in preventing the sort of pointer forging attacks which C and C++ code is so vulnerable to.
posted 2008/06/23 13:18 [category: bitbashing / programming]
< A WTF Moment: Magical Mutexes | Iowa Loses Years Of Topsoil in Days >