Problem report: Struct aliasing problem causes Thread_Ready_Chain corruption in 4.6.99.3

Till Straumann strauman at slac.stanford.edu
Thu Dec 7 18:48:04 UTC 2006


Ralf Corsepius wrote:
> On Thu, 2006-12-07 at 09:47 +0100, Wolfram Wadepohl wrote:
>   
>> Till Straumann schrieb:
>>
>>     
>>> I agree with Linus' sentiment, too. The problem, however,
>>> is (repeating mantra) that this is not just some weirdo
>>> gcc optimization that can be switched off. It is the C99 *standard*.
>>> Even if you can switch this off for gcc today, there is no
>>> guarantee that you will be able to in the future or on other
>>> compilers. If we want to produce C99 compliant code then
>>> we must comply with the alias rule. period.
>>>       
>>> Steven Johnson wrote:
>>>       
>>>> I have been quietly following this thread, but I find the whole 
>>>> -fstrict-aliasing/-fnostrict-aliasing issue to be very disturbing.  
>>>> Luckily my program isn't built with -O2 or I probably would have been 
>>>> tracking untold numbers of strange bugs in known working code.  For 
>>>> the C language to change so that a pointer (regardless of the pointer 
>>>> type used to reference that memory) no longer points to a known piece 
>>>> of memory, in a predictable way is whacked.
>>>>
>>>> I for one do not look forward to adding __attribute__ ((may_alias)) to 
>>>> the hundreds of places where I change the way I address memory using 
>>>> pointers.  It is a monumental waste of time, prone to error and in my 
>>>> opinion putting in declarations to fix a broken compiler 
>>>> optimisation.  When a compiler optimisation breaks a fundamental 
>>>> aspect of C that has existed since the beginnings of the language, 
>>>> then I consider that optimisation to be broken, and not the code 
>>>> itself.  I will be adding -fno-strict-aliasing to all of my builds in 
>>>> future, and I will be making sure RTEMS (and all of the other Open 
>>>> Source libraries I use) builds with -fno-strict-aliasing, regardless 
>>>> of what is ultimately decided here),  I just don't want the headache.  
>>>> In my opinion you wouldn't be fixing RTEMS by adding these 
>>>> declarations or changing the code, you would be working around a 
>>>> broken compiler.  The other OS's that use -fno-strict-aliasing are (in 
>>>> my opinion) doing the right thing.  I also fail to see how the option 
>>>> could yield any tangible benefits on performance that would warrant 
>>>> the pain and difficulty it causes.
>>>>
>>>> But that is my 2c.
>>>>         
>> Hi all,
>>
>> i've follwed the discussion on the list. As a user of RTEMS building 
>> comercial *embedded* applications with high availability the only short 
>> term solution is to use -fno-strict-aliasing for the whole program 
>> including all RTEMS parts.
>>
>> Till is right in telling us the gcc optimization (weird or not) *is* C99 
>> standard. 
>>     
> I agree with Till and you.
>
>   
>> Following this argumentation and expecting that 
>> -fno-strict-aliasing will be dropped eventually and also considering that 
>> we write embedded code dealing with real hardware i ask the question if C 
>> is the right language to implement these applications in the future. A 
>> programming language forcing me to consider what machine code the compiler 
>> will eventually produce is not worth using for *embedded* programming.
>>     
> Well, let me put this way: There are people having tried to (ab-)use C
> as macro assembler. C99 (probably under the influence of C++) has voided
> this aspect to a large extend and shifted to a different level of
> programming languages (more into Pascal's direction).
>
> As most high level applications don't apply such "assembler like"
> features, so they aren't really affected. And those highlevel
> application which do (esp. some GUI toolkits) are facing similar issues
> as we are.
>
>   
>> In general and from an academic point of view Ralf is totally right; the 
>> standard is clear and the code should be fixed. A proper data model, well 
>> designed from base on,  will hopefully not produce aliasing problems. But 
>> is this always possible and adequate in real work? It shuold be for basic 
>> technology like RTOS or general libraries like newlib!
>>     
> I think so, but ... as we currently all are experiencing, the "C as
> macro assembler times" seem to be over.
>
>   
>> In fact the current RTEMS code is not in the shape that aliasing is not 
>> considered as a problem. It has grown over more than a decade of years.
>> Is this the time for a complete rewrite?
>>     
> Frankly speaking, I think, at least some very basic parts/types RTEMS
> are in need of a redesign/rewrite. IMO, introducing "type strictness"
> and related to it, to "properly-typed" APIs is in dire need.
>
> RTEMS definitely has weaknesses related to these areas. Therefore, I
> would expect a large amount of the issues related to "strict aliasing"
> and "strict alignment" to collapse, once they would be addressed.
>
>   
>>  Can we fix it?
>>     
> I hope so, but do not expect this to happen any time soon.
>
>   
>>  What piece of work 
>> can i do, as a user with limited knowledge of kernel functonality?
>>     
> Good question.
>
> ATM, from my point of view, people being familiar with certain flavors
> of asm who could identify aliasing showing effects on RTEMS code would
> be helpful. I have been trying to identify files being affected by
> strict-aliasing and meanwhile have a list consisting of ca. 20000 object
> (Note: *.o not *.c!) files (out of ca. 70000) from RTEMS-4.8, which are
> affected by aliasing.
>
> Now, identifying those which really are broken by aliasing would be
> necessary. So far, apart of Peer's/Thomas's case [1], I haven't found
> any :)
>   
Problem with your current approach is that you don't really
find alias rule violations but only the subset of them that
cause problems with current gcc's optimization implementation.

T.
> Ralf
>
> [1] Which meanwhile is supposed to be worked-around.
>
>
>   




More information about the users mailing list