Type-punning and aliasing

bearophile bearophileHUGS at lycos.com
Fri Jun 10 16:50:22 PDT 2011


A short but nice article I've found through Reddit:
http://labs.qt.nokia.com/2011/06/10/type-punning-and-strict-aliasing/

http://www.reddit.com/r/programming/comments/hwdyk/real_examples_in_qt_where_bugs_where_caused_by/

Quotations from the article:

>        int i = 42;
>        short s = *(short*)&i;
>
> The above will probably work (emphasis on probably), but the results are undefined.
> That means the compiler is free to do anything, like emailing your boss about this
> transgression. But even without the strict-aliasing rule, the code above still has no
> defined behaviour, as it has two possible results: 0 or 42, depending on the endianness.

I guess this code is equally undefined in D.


> This also applies to the code:
>         union {
>                 int i;
>                 short s;
>         } u;
>         u.i = 42;
>         u.s = 1;
>         printf("%d\n", u.i);
> 
> The behaviour above is undefined according to the C standard. It is, however,
> accepted by GCC (it prints 1 on x86) -- but not by other compilers.

Maybe this code too is undefined in D. But I have seen similar D code in the wild.

In several situations I think @safe is not enough, in a system language you want to do certain unsafe things, so allowing them just in some parts of your programs doesn't save you from bugs. I'd like to be a bit safer in @system modules too :-)

There is a possible solution for the endianess. I have faced this problem a bit in the last suggestion for the bitfields:
http://d.puremagic.com/issues/show_bug.cgi?id=4425

I think endianess problems go away if your type system forces you to put endian-sensible lines of code inside the then or else branches of a static if (std.system.endian==std.system.Endian.BigEndian) statement :-) This makes the @system code too safer.

Bye,
bearophile


More information about the Digitalmars-d mailing list