> From: Shiro Kawai <xxxxxx@lava.net>

    > >     > As Per noted, Boehm GC avoids this if configured with "interior
    > >     > pointer" flag.

    > > Ok, but that doesn't help if the data is separately allocated.

    > If you're accessing the data chunk and no reference except
    > from the scheme_value local variable points to the string header,
    > then the string header can be collected, but that doesn't matter
    > (since you don't need it anyway).

In the system where I saw these kinds of bugs, freeing the header
triggered freeing the string data.  If the Boehm collector supports
finalizers of some sort then it would admit similar bugs.

    > > Or, for that matter, if my pointer is pointed past the end of the
    > > string but I'm indexing at a negative offset from it.

    > You can point the next address past the end of chunk and still the
    > chunk is retained, since in C it is a valid pointer usage.
    > (you can change this behavior by configuration option, though).

That's good.   Yes, I believe that Boehm's collector can address many
of the bugs -- just not enough to excuse it for critical systems.

    > > The whole thing just plays way too fast and loose with C semantics to
    > > be acceptable for critical systems.

    > Yup.   I don't object to this feeling.   I just wanted to be precise
    > about the facts.

And it's much appreciated.   I've learned from you.

-t