| Wiki Markup |
|---|
Modifying a variable through a pointer of an incompatible type can lead to unpredictable results. This is often caused by a violation of aliasing |
rules, which are part of the ISO C standard.| Wiki Markup |
|---|
rules. C99 Section 6.5 Para. 7 \[[ISO/IEC 9899:1999|AA. C References#ISO/IEC 9899-1999]\] specifies those circumstances in which an object may or may not be aliased. |
...
Noncompliant Code Example
The programmer in this noncompliant code example is attempting to read from a different union member than the one most recently written to (called "type-punning").
| Code Block |
|---|
|
union a_union {
int i;
double d;
};
int f() {
a_union t;
int *ip;
t.d = 3.0;
ip = &t.i;
return *ip;
}
|
However, instead of reading directly from union member, it assigns a pointer ip to reference the integer value and returns the value referenced by the pointer. Unfortunately, this is a violation of the strict aliasing rules and in this case the compiler may determine that ip refers to some other value than the value stored by t.i and return a value other than the expected value.
Noncompliant Code Example
In this noncompliant code example, access by taking the address, casting the resulting pointer and dereferencing the result has undefined behavior, even if the cast uses a union type.
| Code Block |
|---|
|
union a_union {
int i;
double d;
};
int f() {
double d = 3.0;
return ((union a_union *) &d)->i;
}
|
Because of optimization, the function f() may return something other than the expected value.
Compliant Solution
Type-punning is allowed provided the memory is accessed through the union type. This compliant solution returns the expected value.
| Code Block |
|---|
|
union a_union {
int i;
double d;
};
int f() {
a_union t;
t.d = 3.0;
return t.i;
}
|
Noncompliant Code Example
In this noncompliant code example, an array of two shorts is treated as an integer and assigned an integer value. The resulting value of the two shorts is undefined.
| Code Block |
|---|
|
short a[2];
a[0]=0x1111;
a[1]=0x1111;
*(int *)a = 0x22222222; /* violation of aliasing rules */
printf("%x %x\n", a[0], a[1]);
|
| Wiki Markup |
|---|
When translating this code, an implementation may assume that no access through an integer pointer can change the array {{a}}, consisting of shorts. Consequently, {{printf()}} may be called with the original values of {{a\[0\]}} and {{a\[1\]}}. The actual behavior is implementation-defined and may change with optimization level. |
...
When GCC 3.4.6 compiles this code with optimization, the assignment through the aliased pointer is effectively eliminated.
Compliant Solution
This compliant solution uses a union type that includes a type compatible with the effective type of the object.
...
GCC Known Bugs C bugs, Aliasing issues while casting to incompatible types
GCC Manual
| Wiki Markup |
|---|
\[Walfridsson \03] Krister Walfridsson. [Aliasing, pointer casts and gcc 3.3|http://mail-index.netbsd.org/tech-kern/2003/08/11/0001.html] Aliasing issue. August, 2003. |
| Wiki Markup |
|---|
\[[ISO/IEC 9899:1999|AA. C References#ISO/IEC 9899-1999]\] Section 6.5, "Expressions" |
| Wiki Markup |
|---|
\[Acton 06\] Mike Acton. [Understanding Strict Aliasing|http://www.cellperformance.com/mike_acton/2006/06/understanding_strict_aliasing.html]. June 01, 2006. |
