The memory model of C is intentionally designed to allow safe implementations (still from the time of hardware-segmented methods).

▲

CoastalCoder 4 days ago | parent [-]

Could you expand on that?

▲

aw1621107 4 days ago | parent [-]

I believe the claim is that there's nothing in the C standard that requires implementations to be unsafe. If they wanted to, they could bounds check pointers, check allocations are still alive when pointers are dereferenced, etc. and still be conformant to the standard.

	▲	pornel 4 days ago \| parent \| next [-]
		Nothing in the C standard requires bytes to have 8 bits either. There's a massive gap between what C allows, and what real C codebases can tolerate. In practice, you don't have room to store lengths along pointers without disturbing sizeof and pointer<>integer casts. Fil-C and ASAN need to smuggle that information out of band.
	▲	uecker 4 days ago \| parent \| prev [-]
		Even more, certain rules are specifically designed to make such checks possible while being conformant to the standard.