http://d.puremagic.com/issues/show_bug.cgi?id=10750
--- Comment #3 from Johannes Pfau <johannesp...@gmail.com> 2013-11-03 02:13:39 PST --- @bearophile: To further expand on this: http://gcc.gnu.org/onlinedocs/gcc-4.8.2/gcc/Optimize-Options.html says: "type-punning is allowed, provided the memory is accessed through the union type. [...] access by taking the address, casting the resulting pointer and dereferencing the result has undefined behavior, even if the cast uses a union type, e.g.: " @David What would a safe cast with strict pointer aliasing look like? First some background information on how aliasing is implemented in gcc (alias.c): Every type is assigned an alias set. The alias set is only a unique id + a flattened list of the uids of all 'member types'. For example, this struct: ---------------------- struct B { char member; } struct A { int member1, float member2; B member3; } ---------------------- will generate this alias set: uid=1, children={2(int),3(float),4(char)} Then for code like this: ---------------------- A instance; instance.member1 = 0; A copy = a; ---------------------- The compiler now inspects the line instance.member1 = 0; and assigns alias set 2(int) to it. Line 3 has alias set 1(B). When gcc now schedules instructions it checks if set 2 conflicts with set 1 by checking: (set1 == set2 || set1 in set2.children || set2 in set1.children). If they don't conflict gcc reorders instructions. This explains the problems with type punning: ---------------------- int a = 3; //alias set 0(int), children = {} int b = a; //alias set 0(int), children = {} *(cast(float*)&a) = 3.0f; //alias set 1(float), children = {} ---------------------- as you can see these types don't conflict and gcc may reorder line 2 and 3. Access through unions now solves this problem as the alias set for a union would include both {float, int} as children. But as for as I understand these strict alising rules make it impossible to safely cast from one pointer type to another. Only _access_ through unions will work. As an example: ---------------------- T* safeCast(T, U)(U* input) { union wrap { U inp; T outp; } return &(cast(wrap*)input).outp; } void withFloat(float* f) { *f = 0.1f; } int b; void withInt(int* i) { b = *i; } void main() { int x = 0; auto asFloat = (safeCast!float(&x)); withFloat(asFloat) withInt(&i); } ---------------------- now with optimizations (inlining) ------------------------------------ union wrap { int inp; float outp; } int b; void main() { int x = 0; //alias set: int auto asFloat = (&(cast(wrap*)x).outp) //alias set: wrap (but noop) *asFloat = 0.1f; //alias set: float b = x; //alias set: int } ------------------------------------ I know from unfortunate experienc, that gcc may even completely discard the "auto asFloat" line. But even if it didn't, "*asFloat = 0.1f;" and "b = x;" can be reordered according to strict aliasing rules. If "auto asFloat" is discarded, even "int x = 0;" and "*asFloat = 0.1f;" may be reordered. So to summarize this: I don't know how you could make a safe cast from T* to U* assuming strict aliasing rules. Unions are only safe if all access goes through unions, but that is not possible when dealing with 3rd party functions. (Assume you can't change withFloat, withInt). We had problems with this in GDC right now on ARM (std.algorithm.find uses cast(ubyte[])string which internally translates to invalid pointer aliasing) and as a result we'll now have to disable strict aliasing in the GCC backend. I think type based aliasing, even if it may provide some optimization benefits, is in general a horrible idea. -- Configure issuemail: http://d.puremagic.com/issues/userprefs.cgi?tab=email ------- You are receiving this mail because: -------
