Remove cross-type uses of memcpy.

[briansmith]

Some version of the C standard says:

If a value is copied into an object having no declared type using memcpy or memmove, or is copied as an array of character type, then the effective type of the modified object for that access and for subsequent accesses that do not modify the value is the effective type of the object from which the value is copied, if it has one.

I read "or is copied as an array of character type," to be modifying "using memcpy or memmove" and not modifying "having no declared type".

In many cases, we use memcpy to transfer the contents of something of a buffer of an unstructured type (e.g. a byte array) into a structured value (e.g. a struct or a uint32_t). From the above, it is only (guaranteed to be) valid to do this when the destination has a declared type. In practice, that means that we can only safely use this pattern when the destination is a local variable.

[briansmith]

Here's a good way to make it easy to verify the code is correct in this respect: For every use of memcpy copying a value to another value of the same type T, create a wrapper function:

static inline void t_copy(T *dest, const T *src) { memcpy(dest, src, sizeof(T)); }

or, if we're copying arrays:

static inline void t_copy_array(T *dest, const T *src, size_t n) {
    /* TODO: how to prevent |sizeof(T) * n| from overflowing? */
    memcpy(dest, src, sizeof(T) * n);
}

When this is done, every use of memcpy should be in one of these functions.

[briansmith]

Actually, I'm closing this in favor of #201, since the pattern I suggest above can likely be used to solve the more general problem.