[Mesa-dev] [PATCH v2] glsls: Modify exec_list to avoid strict-aliasing violations

Davin McCall davmac at davmac.org
Fri Jun 26 08:32:06 PDT 2015 

On 26/06/15 15:29, Erik Faye-Lund wrote:
> On Fri, Jun 26, 2015 at 4:16 PM, Davin McCall <davmac at davmac.org> wrote:
>> On 26/06/15 14:53, Erik Faye-Lund wrote:
>>> On Fri, Jun 26, 2015 at 3:05 PM, Davin McCall <davmac at davmac.org> wrote:
>>>> [...]
>>> It is. In fact, it's not even possible to violate strict-aliasing
>>> without doing at least two operations. You cannot validate operations
>>> in a vacuum, because that's not how strict-aliasing is defined.
>>
>> Any pointer dereference can violate strict aliasing - that's one operation.
>> If you mean that it's first necessary to construct a pointer value in such a
>> way that de-referencing it will be an aliasing violation, then yes, I agree
>> with this statement.
>>
> Yes, I mean exactly the latter. You cannot look at one operation in
> isolation, you need to look at the whole program.
>
>>>> As I have pointed out, with your reading,
>>>> pretty much any pointer cast constitutes an aliasing violation.
>>>>
>>> No, only those violating the strict aliasing rules I posted before.
>>
>> ... which would only allow changing const/volatile qualifiers, not the
>> pointed-to type.
>>
> You can change the pointed to type in terms of signedness, you can
> cast it to a compatible type, you can cast a void-pointer or
> char-pointer to any type. But you need to make sure you don't violate
> the strict-aliasing rules in some other way while doing the latter.

A cast by itself simply can't cause an aliasing violation, because it 
doesn't "access the stored value of an object". The aliasing violation 
has to happen either before or after the cast.

>
> Aliasing *is* hard. But let's not go shopping for that reason.

Agreed, though maybe this is getting to the point where we should take 
it off-list.

>
>> Your reading also disallows casting an 'int' variable to type 'long',
>> because that isn't on the list.
>>
>>>> The strict aliasing rules specify what kind of reference you can use to
>>>> access an object of a particular type. They say nothing about how that
>>>> reference is obtained.
>>> Which means that it applies regardless of how you obtain it.
>>
>> Yes.
>>
>>> "If a program attempts to access the stored value of an object through
>>> a glvalue of other than one of the following types the behavior is
>>> undefined"
>>>
>>> It says "if a *program* attempts", not "if a *statement* attempts" or
>>> "if an *opreation* attempts". This is a whole-program deal, not
>>> limited to one operation in isolation.
>>
>> The key part of the wording is "through a glvalue":
>>
>> "If a program attempts to access the stored value of an object *through
>> a glvalue* of other than one of the following types ..."
> This is exactly what makes this invalid AFAICT, see below.
>
>> Going back to the original example:
>>
>>     return ((const struct exec_node **)n)[0]
>>
>> The glvalue used to access the object in n is n itself. (I do not think that
>> '(const struct exec_node **)n' is even a glvalue).
> Bur 'n' *is* an lvalue, which also makes it an glvalue (for reference,
> a glvalue is a "generalized lvalue", which means that it's either an
> lvalue or an xvalue).

'n' is an lvalue, yes. Its type is 'struct exec node *' (disregarding 
const for now). So when the object that is in 'n' is accessed, it is 
accessed via an appropriate type. The cast does not itself cause an 
access and the cast expression as a whole is not an lvalue.

The fact that n is an lvalue does not mean that it can appear anywhere 
on the left-hand-side of an assignment expression; the entire 
left-hand-side expression must be an lvalue. So when you then say:

> You can write stuff like:
>
> "((const struct exec_node **)n)[0] = foo;"
>
> ...so it can appear on the left-hand side of an assignment, which
> makes it an lvalue.

... it is not quite correct. The fact that you could put n itself on the 
left-hand side of an assignment (eg "n = NULL") makes it an lvalue, not 
the fact that it appears *within* a larger expression that is on the 
left-hand side of an assignment.

In fact, the whole of '((const struct exec_node **)n)[0]' is an lvalue. 
However, '(const struct exec_node **)n' is not an lvalue.

I do believe you have some sort of misconception, and I'm trying hard to 
understand the nature of this misconception. Let's start with some stuff 
that I hope we can agree on (ignore the 'const' for now as it doesn't 
make much difference, unless you disagree?). Assume that the type of the 
variable 'n' is 'struct exec_node *'.

1. The expression '((struct exec_node **)n)[0] = foo' accesses two 
objects - one is that represented by the variable 'n', and another that 
is pointed-to by the pointer value in 'n'.
2. In (1), the first access is a read, the other is due to the 
assignment operator.
3. The object represented by the variable 'n' is not modified by the 
expression (unless 'n' has been made to point to itself).
4. The type of the 'n' object is 'struct exec_node *'
5. The type of the sub-expression 'n' is also 'struct exec_node *'.
6. The type of the sub-expression '(struct exec_node **)n' is 'struct 
exec_node **'.
7. The type of the whole expression, '((struct exec_node **)n)[0] = 
foo', is 'struct exec_node *'.

I think you would say the following (though I'd disagree):
8. The expression '((struct exec_node **)n)[0] = foo' necessarily causes 
an aliasing violation, assuming it doesn't cause undefined behavior for 
any other reason (i.e. assuming n is not null and is a valid pointer etc).
9. The statement 'return ((struct exec_node **)n)[0];' necessarily 
causes an aliasing violation, assuming it doesn't cause undefined 
behavior for any other reason.
10. The reason that (6) and (7) cause an aliasing violation is 
essentially the same.

Now if you do indeed believe (6) is true, the difficulty I'm having is 
understanding why. So, some questions:

Do you also believe the following would violate strict aliasing (and if 
so, on which line)?

    struct exec_node ** m = (struct exec_node *) n;
    return m[0];


How about this (and on which line)?

    struct exec_node ** m = (struct exec_node *) n;
    n = NULL;
    return m[0];


Davin

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freedesktop.org/archives/mesa-dev/attachments/20150626/9f51b141/attachment-0001.html>

More information about the mesa-dev mailing list