Re: [PATCH 4/5] sim/erc32: avoid dereferencing type-punned pointer warnings

[Andrew Burgess <aburgess@redhat.com>]

Lancelot SIX <lsix@lancelotsix.com> writes:

> On Wed, Oct 12, 2022 at 03:11:27PM +0100, Pedro Alves wrote:
>> On 2022-10-12 1:38 p.m., Andrew Burgess via Gdb-patches wrote:
>> > When building the erc32 simulator I get a few warnings like this:
>> > 
>> >   /tmp/build/sim/../../src/sim/erc32/exec.c:1377:21: warning: dereferencing type-punned pointer will break strict-aliasing rules [-Wstrict-aliasing]
>> >    1377 |   sregs->fs[rd] = *((float32 *) & ddata[0]);
>> >         |                    ~^~~~~~~~~~~~~~~~~~~~~~~
>> > 
>> > The type of '& ddata[0]' will be 'uint32_t *', which is what triggers
>> > the warning.
>> > 
>> > This commit uses an intermediate pointer of type 'char *' when
>> > performing the type-punning, which is well-defined behaviour, and will
>> > silence the above warning.
>> 
>> I'm afraid that's not correct.  That's still undefined behavior, it's just silencing
>> the warning.  The end result is still aliasing float32 and uint32_t objects, and risks
>> generating bogus code.  The char escape hatch only works if you access the object
>> representation via a character type.  Here, the patch is still accessing the object
>> representation of a uint32_t object via a floa32 type.
>> 
>> Here's an old article explaining strict aliasing (just one that I found via a quick google):
>> 
>>   https://cellperformance.beyond3d.com/articles/2006/06/understanding-strict-aliasing.html
>> 
>> This scenario is the "CASTING TO CHAR*" one in that article.
>> 
>> > @@ -1345,7 +1345,8 @@ dispatch_instruction(struct pstate *sregs)
>> >  	    if (mexc) {
>> >  		sregs->trap = TRAP_DEXC;
>> >  	    } else {
>> > -		sregs->fs[rd] = *((float32 *) & data);
>> > +		char *ptr = (char *) &data;
>> > +		sregs->fs[rd] = *((float32 *) ptr);
>> 
>> The best IMHO is to do the type punning via a union, like e.g.:
>> 
>>   union { float32 f; uint32_t i; } u;
>>   u.i = data;
>>   sregs->fs[rd] = u.f;
>> 
>> See here in the C11 standard:
>> 
>>  https://port70.net/~nsz/c/c11/n1570.html#note95
>> 
>> and also the documentation of -fstrict-aliasing at:
>> 
>>   https://gcc.gnu.org/onlinedocs/gcc/Optimize-Options.html
>> 
>
> Hi,
>
> Another well defined (at least to my knowledge) solution to this problem
> is memcpy.  You could do something like:
>
>   memcpy (&sregt->fs[rd], ddata, sizeof (float32));
>
> I tend to find this more straightforward than the type punning version,
> but I would be happy with either.
>

Pedro, Lancelot, thanks for taking the time to give really useful
feedback.

In the end I went with the memcpy approach.  I ran a few tests with GCC,
Clang, and ICC, and in each case the code generated at -O0 was either
identical, or pretty much identical when using memcpy vs using a union.
When switching to -O2 the code was identical in all cases I checked.

Thoughts?

Thanks,
Andrew

---

commit d04acbda1f2a191193772fc9416cf5b29f0702ce
Author: Andrew Burgess <aburgess@redhat.com>
Date:   Wed Oct 12 11:45:53 2022 +0100

    sim/erc32: avoid dereferencing type-punned pointer warnings
    
    When building the erc32 simulator I get a few warnings like this:
    
      /tmp/build/sim/../../src/sim/erc32/exec.c:1377:21: warning: dereferencing type-punned pointer will break strict-aliasing rules [-Wstrict-aliasing]
       1377 |   sregs->fs[rd] = *((float32 *) & ddata[0]);
            |                    ~^~~~~~~~~~~~~~~~~~~~~~~
    
    The type of '& ddata[0]' will be 'uint32_t *', which is what triggers
    the warning.
    
    This commit makes use of memcpy when performing the type-punning,
    which resolves the above warnings.
    
    With this change, I now see no warnings when compiling exec.c, which
    means that the line in Makefile.in that disables -Werror can be
    removed.
    
    There should be no change in behaviour after this commit.

diff --git a/sim/erc32/Makefile.in b/sim/erc32/Makefile.in
index 786ae1dcc7b..41830aab726 100644
--- a/sim/erc32/Makefile.in
+++ b/sim/erc32/Makefile.in
@@ -32,9 +32,6 @@ SIM_EXTRA_CLEAN = clean-sis
 # behaviour of UART interrupt routines ...
 SIM_EXTRA_CFLAGS += -DFAST_UART -I$(srcroot)
 
-# Some modules don't build cleanly yet.
-exec.o: SIM_WERROR_CFLAGS =
-
 ## COMMON_POST_CONFIG_FRAG
 
 # `sis' doesn't need interf.o.
diff --git a/sim/erc32/exec.c b/sim/erc32/exec.c
index ef93692e7a2..26d48c0e46e 100644
--- a/sim/erc32/exec.c
+++ b/sim/erc32/exec.c
@@ -1345,7 +1345,7 @@ dispatch_instruction(struct pstate *sregs)
 	    if (mexc) {
 		sregs->trap = TRAP_DEXC;
 	    } else {
-		sregs->fs[rd] = *((float32 *) & data);
+		memcpy (&sregs->fs[rd], &data, sizeof (sregs->fs[rd]));
 	    }
 	    break;
 	case LDDF:
@@ -1373,11 +1373,12 @@ dispatch_instruction(struct pstate *sregs)
 	    } else {
 		rd &= 0x1E;
 		sregs->flrd = rd;
-		sregs->fs[rd] = *((float32 *) & ddata[0]);
+		memcpy (&sregs->fs[rd], &ddata[0], sizeof (sregs->fs[rd]));
 #ifdef STAT
 		sregs->nload++;	/* Double load counts twice */
 #endif
-		sregs->fs[rd + 1] = *((float32 *) & ddata[1]);
+		memcpy (&sregs->fs[rd + 1], &ddata[1],
+			sizeof (sregs->fs[rd + 1]));
 		sregs->ltime = ebase.simtime + sregs->icnt + FLSTHOLD +
 			       sregs->hold + sregs->fhold;
 	    }