<HTML>
<HEAD>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<TITLE>
    CWG Issue 853</TITLE>
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<STYLE TYPE="text/css">
  INS { text-decoration:none; font-weight:bold; background-color:#A0FFA0 }
  .INS { text-decoration:none; background-color:#D0FFD0 }
  DEL { text-decoration:line-through; background-color:#FFA0A0 }
  .DEL { text-decoration:line-through; background-color: #FFD0D0 }
  @media (prefers-color-scheme: dark) {
    HTML { background-color:#202020; color:#f0f0f0; }
    A { color:#5bc0ff; }
    A:visited { color:#c6a8ff; }
    A:hover, a:focus { color:#afd7ff; }
    INS { background-color:#033a16; color:#aff5b4; }
    .INS { background-color: #033a16; }
    DEL { background-color:#67060c; color:#ffdcd7; }
    .DEL { background-color:#67060c; }
  }
  SPAN.cmnt { font-family:Times; font-style:italic }
</STYLE>
</HEAD>
<BODY>
<P><EM>This is an unofficial snapshot of the ISO/IEC JTC1 SC22 WG21
  Core Issues List revision 118b.
  See http://www.open-std.org/jtc1/sc22/wg21/ for the official
  list.</EM></P>
<P>2025-09-28</P>
<HR>
<A NAME="853"></A><H4>853.
  
Support for relaxed pointer safety
</H4>
<B>Section: </B>_N4885_6.7.5.5.4&#160; [<A href="https://wg21.link/basic.stc.dynamic.safety">basic.stc.dynamic.safety</A>]
 &#160;&#160;&#160;

 <B>Status: </B>CD2
 &#160;&#160;&#160;

 <B>Submitter: </B>Jens Maurer
 &#160;&#160;&#160;

 <B>Date: </B>3 April, 2009<BR>


<P>[Voted into WP at March, 2010 meeting.]</P>



<P>According to _N4885_.20.10.5 [<A href="https://wg21.link/util.dynamic.safety#16">util.dynamic.safety</A>] paragraph 16,
when <TT>std::get_pointer_safety()</TT> returns
<TT>std::pointer_safety::relaxed</TT>,</P>

<BLOCKQUOTE>

pointers that are not safely derived will be treated the same as
pointers that are safely derived for the duration of the program.

</BLOCKQUOTE>

<P>However, _N4885_6.7.5.5.4 [<A href="https://wg21.link/basic.stc.dynamic.safety#4">basic.stc.dynamic.safety</A>] paragraph 4 says
unconditionally that</P>

<BLOCKQUOTE>

If a pointer value that is not a safely-derived pointer value is
dereferenced or deallocated, and the referenced complete object is of
dynamic storage duration and has not previously been declared
reachable (_N4885_.20.10.5 [<A href="https://wg21.link/util.dynamic.safety">util.dynamic.safety</A>]), the behavior is undefined.

</BLOCKQUOTE>

<P>This is a contradiction: the library clause attempts to constrain
undefined behavior, which by definition is unconstrained.</P>

<P><B>Proposed resolution (July, 2009):</B></P>

<P>Change _N4885_6.7.5.5.4 [<A href="https://wg21.link/basic.stc.dynamic.safety#4">basic.stc.dynamic.safety</A>] paragraph 4 as follows to
define the terms &#8220;strict pointer safety&#8221; and
&#8220;relaxed pointer safety,&#8221; which could then be used by
the library clauses to achieve the desired effect:</P>

<BLOCKQUOTE>

<INS>An implementation may have <I>relaxed pointer safety</I>, in which
case the validity of a pointer value does not depend on whether it is
a safely-derived pointer value or not.  Alternatively, an
implementation may have <I>strict pointer safety</I>, in which case
if</INS> <DEL>If</DEL> a pointer value that is not a safely-derived pointer
value is dereferenced or deallocated, and the referenced complete
object is of dynamic storage duration and has not previously been
declared reachable (_N4885_.20.10.5 [<A href="https://wg21.link/util.dynamic.safety">util.dynamic.safety</A>]), the behavior is
undefined.  [<I>Note:</I> this is true even if the unsafely-derived
pointer value might compare equal to some safely-derived pointer
value. &#8212;<I>end note</I>] <INS>It is implementation-defined whether
an implementation has relaxed or strict pointer safety.</INS>

</BLOCKQUOTE>

<BR><BR>
</BODY>
</HTML>
