Does casting a pointer back and forth from size_t or uintptr_t break strict aliasing? - McMap

About

Does casting a pointer back and forth from size_t or uintptr_t break strict aliasing?

Asked 28/8, 2015 at 21:2 Answered 28/8, 2015 at 21:12

Solved c api-design strict-aliasing

S

1

6

I'm proposing a change to a library whose public API currently looks like this:

typedef size_t enh;  /* handle */

int en_open(enh *handle)
{
    struct internal *e = malloc(...);
    *handle = (enh)e;
    return 0;
}

int en_start(enh handle)
{
    struct internal *e = (struct internal*)handle;
    return do_something(e);
}

Does this usage, casting back and forth to size_t break strict aliasing?

For the record, I'm proposing a typical opaque forward declaration of struct internal in the public API, as shown on this Programmers.SE question about the same code.

Skean answered 28/8, 2015 at 21:2 Comment(13)

Is size_t guaranteed to be wide enough to hold a pointer? I don't think so.. – Chrysa 28/8, 2015 at 21:6

@EugeneSh. Nope. – Skean 28/8, 2015 at 21:8

Then it is not just about aliasing. Casting pointer to size_t may just truncate it. – Chrysa 28/8, 2015 at 21:10

Do not use size_t! The correct type would be uintptr_t (You should know that, why else would you mention it?) – Poultry 28/8, 2015 at 21:14

Wouldn't void * be better for a generic/opaque pointer anyway? Or am I missing something obvious here? – Boscage 28/8, 2015 at 21:23

@Boscage void* is not good, because it makes type checking impossible. Think of what happens when you have two different handle types in your interface. If either one is void*, the compiler won't catch the error if the user mixes them up. With proper opaque pointers, the compiler will catch these errors. – Corron 28/8, 2015 at 21:30

@cmaster, how does using uintptr_t help for type checking? I am lost. – Vice 28/8, 2015 at 21:31

@JensGustedt It doesn't. That's why I suggest the use of proper opaque pointers instead of disguised, type-deleted pointers. – Corron 28/8, 2015 at 21:33

@cmaster, but still void* is much better than uintptr_t or any other integer type. – Vice 28/8, 2015 at 21:40

@JensGustedt Yes. Opaque pointers is better than void*, which is better than uintptr_t, which is better than size_t. Precisely in that order :-) – Corron 28/8, 2015 at 21:53

See also question size_t vs intptr_t in C99 – Papillary 28/8, 2015 at 23:6

@JonathonReinhart It would help if you clarify that the code snippet above illustrate the original coding style in that library, not your proposed change. – Papillary 28/8, 2015 at 23:8

@rwong: the phrase whose public API currently looks like does state that the shown code is the 'original' style. – Vientiane 28/8, 2015 at 23:16

C

8

Aliasing is about two pointers of different type being used to access the same bytes. This is not the case in your code. When you access the data members behind the handle, you always do it via a pointer of type struct internal*. So no harm here.

The only questionable thing in your code is, that you are using size_t to pass the pointer. Afaik, the standard does not guarantee that you can safely cast a pointer to size_t and back, even though any sane implementation will allow it. The correct integer type choice would be uintptr_t, but you don't even need that:

I think, you should just use an opaque pointer in the interface. I. e., just put the declaration

typedef struct internal internal;

into your public header and keep the corresponding

struct internal {
    ...
}

private (replacing internal with a sensible public name, of course). The public functions can then simply be declared as:

int en_open(internal** outHandle);
int en_close(internal* handle);

That way, you get perfect type checking in the client code, and avoid the need for any casts.

Corron answered 28/8, 2015 at 21:12 Comment(4)

uintptr_t is guaranteed to cast forth and back from/to a pointer to an object. However, you are right to avoid casting where possible. – Poultry 28/8, 2015 at 21:15

@Olaf Yes, of course, I ignored that in my first draft because the cast to integer is not needed, so I didn't see a need to point out the correct integer type to cast to as well. I added a note about uintptr_t now, though. – Corron 28/8, 2015 at 21:26

@Olaf uintptr_t is guaranteed to cast forth and back from/to a void *. Sure that works with any "pointer to an object"? – Softspoken 28/8, 2015 at 21:48

@chux: I left out the intermediate step for brevity: 6.3.2.3p1. If you want to be safe, you can cast twice. It does work without for gcc-arm-none-eabi (with most warnings enabled), however. And if I look at paragraphs 5 and 6, the cast itself is also fine to me. (NOte that in C functions are no objects). – Poultry 28/8, 2015 at 21:53

Recommended topics

#Godot #Unity #Godot 4.X #Mongodb

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

© 2022 - 2024 — McMap. All rights reserved.