<div dir="ltr"><div>andrew! this is a really good point. would the with# or touch# combinators be needed to fix it (to force gc liveness?)? OR would we need to have the foreign c call defined to have an -> IO result, then use unsafePerformIO to "purefy it correctly"?<br></div><div><br></div><div>i think the best way to explain *why* the proposed definition runs into trouble is to look at how we annotate delicate/complicated prims in primops are annotated</div><div><a href="https://gitlab.haskell.org/ghc/ghc/-/blob/4bb9a349b5d002463b9fc4e9a3b6dbf77ea7c085/compiler/GHC/Builtin/primops.txt.pp#L139-178">https://gitlab.haskell.org/ghc/ghc/-/blob/4bb9a349b5d002463b9fc4e9a3b6dbf77ea7c085/compiler/GHC/Builtin/primops.txt.pp#L139-178</a></div><div><br></div><div>otoh, the last time i was playing with an ostensibly pure primop that had really delicate effect ordering, the prefetch stuff in the NCG, <br></div><div>my conclusion was that it *needed* explicit state tokens to make sure it didn't get reordered, and for this primop that pure version would need to be via unsafeperformio i think <br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Fri, Jan 22, 2021 at 8:46 AM Andrew Martin <<a href="mailto:andrew.thaddeus@gmail.com">andrew.thaddeus@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="auto">This is unsound:<div><br></div><div>x <- malloc ...</div><div>memcpy ... copy a nul-terminated string into x</div><div>let len = cstringLength x</div><div>free x</div><div><br></div><div>Because GHC can float the let binding down to where it is used after free.<br><br><div dir="ltr">Sent from my iPhone</div><div dir="ltr"><br><blockquote type="cite">On Jan 21, 2021, at 7:45 PM, Zemyla <<a href="mailto:zemyla@gmail.com" target="_blank">zemyla@gmail.com</a>> wrote:<br><br></blockquote></div><blockquote type="cite"><div dir="ltr"><div dir="auto">That doesn't sound right. I don't think it allocates any data on the heap which could cause reallocation and move an unpinned ByteArray#, which is the only way I can think it would be unsafe.</div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Thu, Jan 21, 2021, 17:50 Andrew Martin <<a href="mailto:andrew.thaddeus@gmail.com" target="_blank">andrew.thaddeus@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Both the unboxed variant and the wrapper are only sound on primitive string literals. You cannot use them on anything that was allocated at runtime, only on stuff baked into the rodata section. This is a pretty onerous restriction. What use case did you have in mind?<br>
<br>
Sent from my iPhone<br>
<br>
> On Jan 20, 2021, at 11:02 PM, Viktor Dukhovni <<a href="mailto:ietf-dane@dukhovni.org" rel="noreferrer" target="_blank">ietf-dane@dukhovni.org</a>> wrote:<br>
> <br>
> <br>
>> <br>
>>> On Jan 21, 2021, at 1:39 AM, chessai <<a href="mailto:chessai1996@gmail.com" rel="noreferrer" target="_blank">chessai1996@gmail.com</a>> wrote:<br>
>>> On Wed, Jan 20, 2021, 17:01 Viktor Dukhovni <<a href="mailto:ietf-dane@dukhovni.org" rel="noreferrer" target="_blank">ietf-dane@dukhovni.org</a>> wrote:<br>
>>>> On Wed, Jan 20, 2021 at 09:54:30AM -0800, chessai wrote:<br>
>>>> <br>
>>>> I've wanted the following before:<br>
>>>> <br>
>>>> foreign import ccall unsafe "strlen"<br>
>>>> cstringLength# :: Addr# -> Int#<br>
>>>> <br>
>>>> cstringLength :: CString -> Int<br>
>>>> cstringLength (Ptr s) = I# (cstringLength# s)<br>
>>>> <br>
>>>> A natural place for this seems to be Foreign.C.String.<br>
>>> <br>
>>> Why a new FFI call, rather than `cstringLength#` from ghc-prim: GHC.CString<br>
>>> (as of GHC 9.0.1):<br>
>> <br>
>> I forgot about that addition. In that case we would just need the lifted wrapper<br>
> <br>
> No worries, sure the lifted wrapper makes sense, and Foreign.C.String does<br>
> look like a reasonable place in which to define, and from which to export it.<br>
> <br>
> -- <br>
> Viktor.<br>
> <br>
> _______________________________________________<br>
> Libraries mailing list<br>
> <a href="mailto:Libraries@haskell.org" rel="noreferrer" target="_blank">Libraries@haskell.org</a><br>
> <a href="http://mail.haskell.org/cgi-bin/mailman/listinfo/libraries" rel="noreferrer noreferrer" target="_blank">http://mail.haskell.org/cgi-bin/mailman/listinfo/libraries</a><br>
_______________________________________________<br>
Libraries mailing list<br>
<a href="mailto:Libraries@haskell.org" rel="noreferrer" target="_blank">Libraries@haskell.org</a><br>
<a href="http://mail.haskell.org/cgi-bin/mailman/listinfo/libraries" rel="noreferrer noreferrer" target="_blank">http://mail.haskell.org/cgi-bin/mailman/listinfo/libraries</a><br>
</blockquote></div>
</div></blockquote></div></div>_______________________________________________<br>
Libraries mailing list<br>
<a href="mailto:Libraries@haskell.org" target="_blank">Libraries@haskell.org</a><br>
<a href="http://mail.haskell.org/cgi-bin/mailman/listinfo/libraries" rel="noreferrer" target="_blank">http://mail.haskell.org/cgi-bin/mailman/listinfo/libraries</a><br>
</blockquote></div>