We are running a survey to help us improve the experience for all of our members. If you see the survey appear, please take the time to tell us about your experience if you can.
Here is a link to a number of suggestions I have compiled for hardening of firmware.
I'm pretty sure that a lot can be said about the list, so please post coding tips or links to pages with good information of software hardening.
iapetus.neab.net/.../hardening.html
In your case, it may even be required to use the second construct to make sure that both timers are always incremented by the same amount.
Aliasing is not a concept that should be forbidden, but something the developer must at all times design for and document.
The trivial case of a required aliasing is inserts/removes to a sorted array, and a reason for the existence of the memmove() function that handles overlapping memory regions.
But the above two situations are not problematic for the compiler. If your pointer was to a variable that could change during the function call, then you should have used the volatile keyword to force multiple pointer accesses. Without volatile, it will be up to the compiler to decide if it should read 'step once or twice.
The problematic and hurtful form of aliasing is when you have a global variable that you sometimes accesses directly, and sometimes using a pointer. A function that gets this pointer as a parameter will not know that writes to the pointer will change the value of the global variable, so it may decide to cache the contents of the global variable. And it will not know that a write to the global variable will change the value accessible through the pointer.