Modifying a variable through a pointer of an incompatible type (other than unsigned char) can lead to unpredictable results. This is often caused by a violation of aliasing rules. C11C, Section 6.5, para. 7 [ISO/IEC 9899:2011], specifies those circumstances in which an object may or may not be aliased.
...
Accessing an object by means of any other lvalue expression (other than unsigned char) results in undefined behavior . See undefined behavior 34 of Annex J.
Noncompliant Code Example
In this noncompliant example, a diagnostic is required because an object of type float is incremented through a pointer to int, ip.
| Code Block | ||||
|---|---|---|---|---|
| ||||
void f(void) {
if (sizeof(int) == sizeof(float)) {
float f = 0.0f;
int *ip = (int *)&f;
printf("float is %f\n", f);
(*ip)++; // diagnostic required
printf("float is %f\n", f);
}
}
|
Compliant Solution
In this compliant solution, the pointer to int, ip has been replaced by a pointer to float, fp.
| Code Block | ||||
|---|---|---|---|---|
| ||||
void f(void) {
if (sizeof(int) == sizeof(float)) {
float f = 0.0f;
float *fp = &f;
printf("float is %f\n", f);
(*fp)++;
printf("float is %f\n", f);
}
}
|
Noncompliant Code Example
The programmer in this noncompliant code example is attempting to read from a different union member than the one most recently written to; this is known as type-punning.
...
However, instead of reading directly from union member, it assigns a pointer ip to reference the integer value and returns the value referenced by the pointer. Unfortunately, this is a violation of the strict aliasing rules, and in this case the compiler may determine that ip refers to some other value than the value stored by t.i and return a value other than the expected value.
Noncompliant Code Example
In this noncompliant code example, access by taking the address, casting the resulting pointer and dereferencing the result has undefined behavior, even if the cast uses a union type.
...
Because of optimization, the function f() may return something other than the expected value.
Compliant Solution
Type-punning is allowed provided the memory is accessed through the union type. This compliant solution returns the expected value.
| Code Block | ||||
|---|---|---|---|---|
| ||||
union a_union {
int i;
double d;
};
int f() {
a_union t;
t.d = 3.0;
return t.i;
}
|
Noncompliant Code Example
In this noncompliant code example, an array of two shorts is treated as an integer and assigned an integer value. The resulting value of the two shorts is undefined.
...
When GCC 3.4.6 compiles this code with optimization, the assignment through the aliased pointer is effectively eliminated.
Compliant Solution
This compliant solution uses a union type that includes a type compatible with the effective type of the object.
...
Tool | Version | Checker | Description | ||||||
|---|---|---|---|---|---|---|---|---|---|
| PRQA QA-C |
| 0310 3305 | Partially implemented |
Related Guidelines
...
ISO/IEC TR 17961 (Draft) Accessing an object through a pointer to an incompatible type [ptrcomp]
...
GCC Known Bugs C bugs, Aliasing issues while casting to incompatible types
GCC Manual
ISO/IEC 9899:2011 Section 6.5, "Expressions"
[Walfridsson 2003] Krister Walfridsson. Aliasing, pointer casts and gcc 3.3 Aliasing issue. August, 2003.
[Acton 2006] Mike Acton. Understanding Strict Aliasing. June 01, 2006.
...