lwip-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [lwip-devel] Concern over strict aliasing and undefined behavior?

From: Mike Pontillo
Subject: Re: [lwip-devel] Concern over strict aliasing and undefined behavior?
Date: Tue, 8 Oct 2013 11:38:56 -0700
Hi Sam,

   Since I'm more or less a lurker, I can't really answer this question on behalf of the LWIP team. But I thought I'd bring up a couple of points.

   If you clone the lwip git repository, you'll notice the first commit was in 2002. In that time period, if I remember correctly, strict aliasing compiler optimizations were bleeding edge. People were still figuring out what this new "restrict" keyword was and how to use it. Compilers weren't heavily optimized around strict aliasing at that time.

   Also, formal definitions of strict aliasing aside, 'void' is not a type. Therefore one would not intuitively expect that casting a 'void*' to a particular type would be an aliasing violation, since you really only have one type.

   IMO, this has always been a somewhat gray area in the C standard (or at least not well understood and agreed upon), and that's why compilers have options to disable strict aliasing, so you can choose the option that eliminates the ambiguity.

   Finally, I would argue that issues like these illustrate the need for good QA and unit tests. (No one is going to deploy a networking stack without a fair amount of testing and integration work, so this almost goes without saying.)

Regards,
Mike


On Mon, Oct 7, 2013 at 8:40 AM, Sam Caldwell <address@hidden> wrote:
Greetings,

I am currently doing some network programming and ran into the problem of strict-aliasing when I wanted to cast a portion of an incoming buffer to a struct modeling a network header. Unfortunately, this violates strict-aliasing, and therefore has undefined behavior. I'm looking for the most efficient way to do this that is correct, portable, and well-defined.

It seems like common advice to use packed structs and unions for this kind of thing, but none of the resources I've found offer a definitive opinion on the safety or portability of doing so. Looking for real-world examples, I've found lwip and a case that matches what I described above. Concretely, in the udp_input function in udp.c a void * is cast to a udp_hdr *.

My questions are:
1. Am I correct in diagnosing this as a violation of strict aliasing and therefore undefined behavior?
2. If so, are the developers aware?
3. If so, what are the reasons for using this implementation?

There is an old thread in the archives relating to the subject, which seems to suggest that it is an issue:
http://lists.nongnu.org/archive/html/lwip-devel/2008-10/msg00012.html

Additionally, here is a more thorough write-up of my understanding of the issue as a stack-overflow question:
http://stackoverflow.com/questions/19165134/correct-portable-way-to-interpret-buffer-as-a-struct

Thanks,
Sam Caldwell

_______________________________________________
lwip-devel mailing list
address@hidden
https://lists.nongnu.org/mailman/listinfo/lwip-devel


reply via email to
[Prev in Thread] Current Thread [Next in Thread]