Let's say I define a following C++ object:

class AClass
{
public:
    AClass() : foo(0) {}
    uint32_t getFoo() { return foo; }
    void changeFoo() { foo = 5; }
private:
    uint32_t foo;
} aObject;

The object is shared by two threads, T1 and T2. T1 is constantly calling getFoo() in a loop to obtain a number (which will be always 0 if changeFoo() was not called before). At some point, T2 calls changeFoo() to change it (without any thread synchronization).

Is there any practical chance that the values ever obtained by T1 will be different than 0 or 5 with modern computer architectures and compilers? All the assembler code I investigated so far was using 32-bit memory reads and writes, which seems to save the integrity of the operation.

What about other primitive types?

Practical means that you can give an example of an existing architecture or a standard-compliant compiler where this (or a similar situation with a different code) is theoretically possible. I leave the word modern a bit subjective.

Edit: I can see many people noticing that I should not expect 5 to be read ever. That is perfectly fine to me and I did not say I do (though thanks for pointing this aspect out). My question was more about what kind of data integrity violation can happen with the above code.

In practice, all mainstream 32-bit architectures perform 32-bit reads and writes atomically. You'll never see anything other than 0 or 5.

In practice, you will not see anything else than 0 or 5 as far as I know (maybe some weird 16 bits architecture with 32 bits int where this is not the case).

However whether you actually see 5 at all is not guaranteed.

Suppose I am the compiler.

I see:

while (aObject.getFoo() == 0) {
    printf("Sleeping");
    sleep(1);
}

I know that:

• aObject.foo is equal to 0 (from some prior code)
• printf cannot change aObject
• sleep cannot change aObject
• getFoo does not change aObject (thanks inline definition)

And therefore I can safely transform the code:

while (true) {
    printf("Sleeping");
    sleep(1);
}

Because there is no-one else accessing aObject during this loop, according to the C++ Standard.

That is what undefined behavior means: blown up expectations.

In practice, all mainstream 32-bit architectures perform 32-bit reads and writes atomically. You'll never see anything other than 0 or 5.

Not sure what you're looking for. On most modern architectures, there is a very distinct possibility that getFoo() always returns 0, even after changeFoo has been called. With just about any decent compiler, it's almost guaranteed that getFoo(), will always return the same value, regardless of any calls to changeFoo, if it is called in a tight loop.

Of course, in any real program, there will be other reads and writes, which will be totally unsynchronized with regards to the changes in foo.

And finally, there are 16 bit processors, and there may also be a possibility with some compilers that the uint32_t isn't aligned, so that the accesses won't be atomic. (Of course, you're only changing bits in one of the bytes, so this might not be an issue.)

Is there any practical chance that the values ever obtained by T1 will be different than 0 or 5 with modern computer architectures and compilers? What about other primitive types?

Sure - there is no guarantee that the entire data will be written and read in an atomic manner. In practice, you may end up with a read which occurred during a partial write. What may be interrupted, and when that happens depends on several variables. So in practice, the results could easily vary as size and alignment of types vary. Naturally, that variance may also be introduced as your program moves from platform to platform and as ABIs change. Furthermore, observable results may vary as optimizations are added and other types/abstractions are introduced. A compiler is free to optimize away much of your program; perhaps completely, depending of the scope of the instance (yet another variable which is not considered in the OP).

Beyond optimizers, compilers, and hardware specific pipelines: The kernel can even affect the manner in which this memory region is handled. Does your program Guarantee where the memory of each object resides? Probably not. Your object's memory may exist on separate virtual memory pages -- what steps does your program take to ensure the memory is read and written in a consistent manner for all platforms/kernels? (none, apparently)

In short: If you cannot play by the rules defined by the abstract machine, you should not use the interface of said abstract machine (e.g. you should just understand and use assembly if the specification of C++'s abstract machine is truly inadequate for your needs -- highly improbable).

All the assembler code I investigated so far was using 32-bit memory reads and writes, which seems to save the integrity of the operation.

That's a very shallow definition of "integrity". All you have is (pseudo-)sequential consistency. As well, the compiler needs only to behave as if in such a scenario -- which is far from strict consistency. The shallow expectation means that even if the compiler actually made no breaking optimization and performed reads and writes in accordance with some ideal or intention, that the result would be practically useless -- your program would observe changes typically 'long' after its occurrence.

The subject remains irrelevant, given what specifically you can Guarantee.

In practice (for those who did not read the question), any potential problem boils down to whether or not a store operation for an unsigned int is an atomic operation which, on most (if not all) machines you will likely write code for, it will be.

Note that this is not stated by the standard; it is specific to the architecture you are targeting. I cannot envision a scenario in which a calling thread will red anything other than 0 or 5.

As to the title... I am unaware of varying degrees of "undefined behavior". UB is UB, it is a binary state.

A function such as:

unsigned short test(unsigned short *p)
{
  unsigned short temp = *p;
  return temp - (temp >> 15);
}

would always return a value from 0-65534 when passed a pointer to any valid storage, regardless of how outside code might be accessing it at the time, on an implementation which, as a form of "conforming language extension", specified that every read of an 8, 16, or 32-bit value from a valid address will always yield a value of its type (though not necessarily a meaningful one), even in the presence of race conditions. Compilers that don't offer such guarantees, however, may generate code that could sometimes yield an "impossible" value like 65535 in the presence of a race condition. Indeed, gcc-ARM will do precisely that when given the above function and targeting the Cortex-M0. When targeting that platform, its optimizer will generate code equivalent to:

unsigned short test(unsigned short *p)
{
  unsigned temp1 = *p;
  unsigned temp2 = *(signed short*)p;
  return (temp1 + (temp2 >> 15)) & 0xFFFFu;
}

The Cortex-M0 is a modern platform, and the above is a concrete example of a compiler for such a platform generating "optimized" code which would malfunction in a manner that straightforwardly-processed code for that same platform never would.

There are lots of ways for a DeathStation 9000 C++ implementation to break your program, e.g. by compiling foo = 5 into a store of 4 and then a memory increment, so a value is visible that never existed in the abstract machine. But that doesn't seem plausible on any real compiler anyone would want to use, except maybe if compiling shared = tmp ? 1234 : 5678; it could unconditionally store a 1234 then conditionally store a 5678 instead of doing an ALU select. Probably still unlikely.

One major real-world effect that can't go without mentioning is hoisting a non-atomic load (or sinking a store) out of a loop. MCU programming - C++ O2 optimization breaks while loop explains the details. But that would just stop you from ever seeing the store, not give you a value other than 0 or 5.

Other practical effects include int tmp = shared; compiling later uses of tmp into re-reads of shared, so effectively your local variable can have multiple inconsistent values. See the "Invented loads" section in Who's afraid of a big bad optimizing compiler? on LWN. (The context of that article is Linux kernel programming, where they use GCC/Clang's semantics for volatile (via WRITE_ONCE or READ_ONCE macros) as basically equivalent to std::atomic<> with memory_order_relaxed, for types of register-width or narrower.)

Definitely read that whole article; it's written from exactly the perspective you're looking for, describing real-world badness that can plausibly happen on real CPUs with real compilers. It also has a section about invented stores with a more plausible example than my Deathstation 9000 first paragraph, involving multiple small members of a struct.

But you asked about practical cases that could cause tearing or bad effects other than lack of visibility across one single change, with CPUs and compilers that are used in practice. Tearing between 0 and 5 is implausible¹, but let's talk about 0 and 0x12345678.

Which types on a 64-bit computer are naturally atomic in gnu C and gnu C++? -- meaning they have atomic reads, and atomic writes - none are guaranteed; Nate's answer shows possible tearing for assigning certain constants to uint64_t on AArch64 before ARMv8.4, and that you can coax a compiler into doing an unaligned 16-bit load from the middle of a 32-bit unsigned integer just by reading the whole variable and doing some innocent-looking computations on the temporary result:

unsigned x;

unsigned foo(void) {
    return (x >> 8) & 0xffff;
}

For x86-64, compilers use movzx eax, WORD PTR x[rip+1], which is safe: both AMD and Intel separately guarantee that 1, 2, or 4-byte unaligned loads / stores on cacheable memory contained within an aligned 8-byte chunk are guaranteed atomic. (See Why is integer assignment on a naturally aligned variable atomic on x86?). And both mainstream x86-64 ABIs have alignof(unsigned) == 4.

But that's not guaranteed on all other ISAs, such as ARMv7-M or ARMv8-A. Unaligned loads are supported, and clang will use them (Godbolt), but the architecture only guarantees atomicity for aligned loads, e.g. "All halfword accesses to halfword-aligned locations.". Instead of putting significant shift hardware into their load execution units like x86 CPUs are required to do, ARM chips are allowed if they want to do separate byte loads and combine the bytes. From the ARMv8-A architecture reference manual, All other memory accesses are regarded as streams of accesses to bytes, and no atomicity between accesses to different bytes is ensured by the architecture.

According to a blog post, fallback to separate byte loads is in practice what happened on real ARMv6 hardware. I'm not sure if later low-power ARMs still do that. Maybe not, since compiler tuning heuristics are willing to use unaligned loads for them. (Even -march=armv6t2 -mtune=cortex-a53 gets clang to avoid unaligned loads, Godbolt, but that might be due to ARMv6 allowing a config choice so unaligned loads use the offset-within-word bits as a byte rotate count like ARMv5(!) or undefined for halfword, not as a normal byte-offset like ARMv7.)

But we can get a compiler to emit code that's not guaranteed on paper to be atomic on the multi-core -mcpu we asked it to compile for, such as Cortex-M55 which is ARMv8.1-M and has dual-core versions available, or Cortex-A53 which is ARMv8-A and is often found in multi-core CPUs. (Godbolt)

# ARM clang 11  -O2  -Wall -mcpu=cortex-a53 or -mcpu=cortex-m55
foo():
        movw    r0, :lower16:x
        movt    r0, :upper16:x
        ldrh.w  r0, [r0, #1]     @@@ unaligned load from x+1
        bx      lr

Similar with AArch64 Clang. I don't have the hardware to test if tearing is actually visible in practice. I suspect it might not be on Cortex-A53, otherwise it might have been better for Clang to compile like GCC to a word load and ubfx unsigned bitfield-extract. If tearing is possible, that means it took extra cycles to do multiple accesses to L1d cache even within an aligned word.

The architecture manual says tearing is possible for any misaligned halfword load/store, but on some cores it probably only happens when crossing a cache-line boundary for cacheable load/store, or maybe a 4 or 8-byte boundary depending on the CPU internals.

Related Q&As:

• Atomicity of loads and stores on x86 (cpu-architecture details of what makes a load or store atomic.)

• Is incrementing an int effectively atomic in specific cases? - atomic RMWs are another whole kettle of fish

• Why is integer assignment on a naturally aligned variable atomic on x86?

• When to use volatile with multi threading? (basically never, use relaxed with atomic<T>, but it works because cache is coherent across cores that run threads of the same program, on all real systems.)

Footnote 1: 0 and 5 differ only in the low byte.

Tearing between 0 and 5 in a uint32_t is pretty much impossible even on an 8-bit machine: the only HW guarantee required is that byte stores are atomic.

• 0u and 5u differ only in the low 3 bits; their top 3 octets are the same.
  (This would also be the case for signed 0 or 5 in any of the three signed-integer representations allowed by the standard, two's complement, one's complement, and sign/magnitude.)

• uint32_t is required to be exactly 32 bits, zero padding, so low padding can't split the low 3 value bits across a byte boundary. Any endianness is possible, but within each unsigned char chunk (of at least 8 bits, the minimum CHAR_BIT) the bits have to be in base-2 place-value order for any unsigned type. (It is well-defined to use memcpy or unsigned char* to examine the object-representation of other types.)

• So tearing at byte boundaries couldn't create values other than 0u or 5u. Obviously with values like 0 and 0x12345678u such tearing would be visible.

All CPU architectures I'm aware of have atomic byte load / byte store, if they have byte accesses at all (not DEC Alpha). See Can modern x86 hardware not store a single byte to memory? (which covers more than just x86). Commit to L1d cache might involve an extra cycle on non-x86 CPUs to update a larger ECC granule, but it's like an atomic RMW.

Undefined behavior is guaranteed to be as undefined as the word undefined.
Technically, the observable behavior is pointless because it is simply undefined behavior, the compiler is not needed to show you any particular behavior. It may work as you think it should or not or may burn your computer, anything and everything is possible.