Potentially related 30970251, 7687082.
I am considering writing a memory allocator and trying to work out how to navigate the restrictions modern C puts on type punning and aliasing. I think I'm in the clear as long as the buffer underlying the allocator was originally retrieved from malloc as pointers from malloc have no declared type.
An over aligned char buffer does have a declared type. I don't think I can cast a pointer into it to an arbitrary type and must instead carefully writing to it via a char pointer, e.g. using memcpy. This is painful because I can't see a way to hide the write via memcpy hack from the caller.
Consider the following:
#include <assert.h>
#include <stdalign.h>
#include <stdint.h>
#include <string.h>
static_assert(sizeof(double) == sizeof(uint64_t), "");
static_assert(alignof(double) == alignof(uint64_t), "");
int main(void)
{
alignas(alignof(double)) char buffer[sizeof(double)];
// effective type of buffer is char [8]
{
double x = 3.14;
memcpy(&buffer, &x, sizeof(x));
// effective type of buffer is now double
}
{
uint64_t* ptr = (uint64_t*)&buffer;
// effective type of buffer is still double
// reading from *ptr would be undefined behaviour
uint64_t y = 42;
memcpy(ptr, &y, sizeof(y));
// effective type of buffer is now uint64_t
}
{
double* ptr = (double*)&buffer;
// effective type of buffer is still uint64_t
uint64_t retrieve = *(uint64_t*)ptr; // OK
assert(retrieve == 42);
double one = 1.0;
*ptr = one; // Unsure if OK to dereference pointer of wrong type
// What is the effective type of buffer now?
assert(*ptr == one);
}
}
This is workable in that I can diligently ensure that every time a custom allocator returns a void pointer it is written to with memcpy, instead of cast to the desired type. That is, replace
double * x = my_malloc(sizeof(double));
*x = 3.14;
with:
double tmp = 3.14;
void * y = my_malloc(sizeof(double));
memcpy(y, &tmp, sizeof(double));
double * x = (double*)y;
All this line noise gets killed off by the optimisation passes in the compiler, but does look silly. Is it necessary to be standards compliant?
This can definitely be solved by writing the allocator in asm instead of in C but I'm not especially keen to do so. Please let me know if the question is underspecified.
No, not generally. It only changes the effective type of objects that don't have a type when they are allocated, that is that are allocated through
mallocand friends.So if you do such stuff as the user of a compiler and library implementation the behavior of your program is undefined. An array that is allocated as
char[]always has the effective type of that.If you are a compiler or library writer, you are not bound to these restrictions. You just have to convince your tool chain not to optimize things too much. Typically you could do that by ensuring that your allocator function lives in a TU of its own that only exports a
void*, and make sure that you don't have link time optimization or stuff like that switched on.If you provide such a function as part of the C library (replacement) it is then you as the implementor that must give the guarantees to your users.