Is pointer conversion through a void pointer well defined?

Question

Suppose I have some structures defined like:

struct foo { int a; };
struct bar { struct foo r; int b; };
struct baz { struct bar z; int c; };

Does the C standard guarantee that the following code is strictly conforming?

struct baz x;
struct foo *p = (void *)&x;
assert(p == &x.z.r);

---

^{The motivation for this construct is to provide a consistent programming idiom for casting to a pointer type that is known to be compatible.}

---

Now, this is what C says about how structures and its initial members are convertible:

Within a structure object, the non-bit-field members and the units in which bit-fields reside have addresses that increase in the order in which they are declared. A pointer to a structure object, suitably converted, points to its initial member (or if that member is a bit-field, then to the unit in which it resides), and vice versa. There may be unnamed padding within a structure object, but not at its beginning.
_{C.11 §6.7.2.1¶15}

This is what it says about void pointer conversions:

A pointer to void may be converted to or from a pointer to any object type. A pointer to any object type may be converted to a pointer to void and back again; the result shall compare equal to the original pointer.
_{C.11 §6.3.2.3¶1}

And this is what it says about converting between object pointer types:

A pointer to an object type may be converted to a pointer to a different object type. If the resulting pointer is not correctly aligned⁶⁸⁾ for the referenced type, the behavior is undefined. Otherwise, when converted back again, the result shall compare equal to the original pointer.

^{68) In general, the concept ‘‘correctly aligned’’ is transitive: if a pointer to type A is correctly aligned for a pointer to type B, which in turn is correctly aligned for a pointer to type C, then a pointer to type A is correctly aligned for a pointer to type C.}
_{C.11 §6.3.2.3¶7}

My understanding from the above is that converting an object pointer to an object pointer of a different type via a void * conversion is perfectly fine. But, I got a comment that suggests otherwise.

Answer 1

Your example is strictly conforming.

The 2^nd sentence from §6.7.2.1 ¶15 (A pointer to a structure object, suitably converted, points to its initial member ... and vice versa.) guarantees the following equalities :

(sruct bar *) &x == &(x.z)
(struct foo *) &(x.z) == &(x.z.r)

As you are at the beginning of the struct, no padding can occur, and my understanding of the standard is that the address of a struct and of its first element are the same.

So struct foo *p = (void *) &x; is correct as would be struct foo *p = (struct foo *) &x;

In that particular case, the alignment is guaranteed to be correct per §6.7.2.1 ¶15. And it is always allowed to pass via a void *, but it is not necessary, because §6.3.2.3 ¶7 allows the conversion between pointers to different objects, provided there is no alignment problem

And it should be noted that §6.2.3.2 ¶7 also says : When a pointer to an object is converted to a pointer to a character type, the result points to the lowest addressed byte of the object that means that all those pointers point in fact to the lowest addressed byte of x.r.z.a. So you could also pass via pointers to char because we also have :

(char *) &x == (char *) &(x.z) == (char *) &(x.z.r) == (char *) &(x.z.r.a)

Answer 2

Yes, in terms of language standard, your example is strictly conforming, thus, perfectly legal. This essentially comes from 2 quotes you provided (important is highlighted). The first one:

A pointer to void may be converted to or from a pointer to any object type.

This means that in your assignment in code we have a successfull cast from struct baz pointer to void pointer and, after that, successfull cast from void pointer to struct due to the fact that both pointers are aligned equally. If that was not the case, we would have undefined behaviour due to non-compliance to 6.3.2.3 that you provided.

And the second one:

68) In general, the concept ‘‘correctly aligned’’ is transitive: if a pointer to type A is correctly aligned for a pointer to type B, which in turn is correctly aligned for a pointer to type C, then a pointer to type A is correctly aligned for a pointer to type C.

And this one is more important. It does not state (nor should it) that types A and C must be the same which, in turn, allows them not to. The only restriction is the alingment.

That's pretty much it.

Of course, however, such manipulations are unsafe for obvious reasons.

Answer 3

IMHO yes, apart on what strict interpretations of standard can make questionable, allocation of objects in memory follows the same rule on the same compiler: supply an address suitable for any kind of variable. Because each structure starts with its first variable for the transitive property the structure itself will be aligned to an address that suits any kind of variable. The latter close the doubt that different structures have different addresses, no modification can be made between conversions because the address definition follows the same rules. That's of course not true for following structure fields, which can be not contiguous to conform with alignment requirements of following fields. If you operate on the first element of a structure it is guarantee that is the same as the first field of the structure itself.

Now have a look to one of the most diffused piece of software all around: the Independent JPEG group JPEGlib. The whole software, compiled on many processors and machines, uses a technique that resembles C++ management passing structures wich beginning is always the same, but that holds many other, and different substructures and fields between calls.

This code compile and runs on anything from toys to PC's to tablets, etc...

Answer 4

To complete the analysis, it is necessary to see the definition of how pointer equality is defined:

... If one operand is a pointer to an object type and the other is a pointer to a qualified or unqualified version of void, the former is converted to the type of the latter.

Two pointers compare equal if and only if both are null pointers, both are pointers to the same object (including a pointer to an object and a subobject at its beginning) or function, both are pointers to one past the last element of the same array object, or one is a pointer to one past the end of one array object and the other is a pointer to the start of a different array object that happens to immediately follow the first array object in the address space.
_{C.11 §6.5.9¶5-6}

So, here is an argument that it is well-defined:

(void *)&x == (void *)&x.z ^{§6.7.2.1¶15, §6.5.9¶5-6}
(void *)&x.z == &x.z.r ^{§6.7.2.1¶15, §6.5.9¶5-6}
(void *)&x == &x.z.r ^{transitive equality}
(struct foo *)(void *)&x == (void *)&x ^{§6.3.2.3¶1, §6.5.9¶5-6}
(struct foo *)(void *)&x == &x.z.r ^{transitive equality}

The last step above is the essence of initializing p and the assertion from the code in the question.