public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug c/112840] New: feature request: warn on incorrect tagged union value access
@ 2023-12-03 21:36 matheus.a.m.moreira at gmail dot com
2023-12-03 21:39 ` [Bug c/112840] " pinskia at gcc dot gnu.org
` (3 more replies)
0 siblings, 4 replies; 5+ messages in thread
From: matheus.a.m.moreira at gmail dot com @ 2023-12-03 21:36 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=112840
Bug ID: 112840
Summary: feature request: warn on incorrect tagged union value
access
Product: gcc
Version: unknown
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: c
Assignee: unassigned at gcc dot gnu.org
Reporter: matheus.a.m.moreira at gmail dot com
Target Milestone: ---
It would be useful if GCC could warn the programmer if the value of a tagged
union that doesn't correspond to its type tag is accessed.
Here's an example that illustrates the kind of mistake such a warning would
prevent:
#include <stdio.h>
enum T { I, F };
union U { int i; float f; };
struct S { enum T t; union U u; };
int main(void) {
struct S s = { .t = F, .u.f = 12345.67890f };
switch (s.t) {
case I:
printf("%d\n", s.u.i);
break;
case F:
// copied the above case
// but neglected to update the code
printf("%d\n", s.u.i);
break;
}
}
I understand that unions are typically used for type punning and that such
accesses are often intended by the programmer but compiler checks would still
be beneficial when that's not the case.
A compiler mechanism to establish a relationship between the union values and
their corresponding enum tags would be extremely useful. Something like this,
perhaps:
struct S {
enum T t;
union U {
int i __attribute__((tag(t, I)));
float f __attribute__((tag(t, F)));
} u;
};
Then gcc would be able to warn when union values are accessed in a context
where their specified tags are not known to be the correct value:
switch (s.t) {
case I:
// i is accessed
// the tag of i is t
// t is supposed to equal I
// compiler knows t equals I because of switch case
// correct, no warning is emitted
printf("%d\n", s.u.i);
break;
case F:
// i is accessed
// the tag of i is t
// t is supposed to equal I
// compiler knows t equals F because of switch case
// incorrect, a warning is emitted
printf("%d\n", s.u.i);
break;
}
Such a feature would make C less error prone. I've also seen support for safe
tagged unions in newer languages like Zig. People have created C preprocessor
solutions to use tagged unions safely in C due to the lack of this safety:
https://github.com/Hirrolot/datatype99
Relevant clang issue:
https://github.com/llvm/llvm-project/issues/74205
^ permalink raw reply [flat|nested] 5+ messages in thread
* [Bug c/112840] feature request: warn on incorrect tagged union value access
2023-12-03 21:36 [Bug c/112840] New: feature request: warn on incorrect tagged union value access matheus.a.m.moreira at gmail dot com
@ 2023-12-03 21:39 ` pinskia at gcc dot gnu.org
2023-12-03 21:40 ` pinskia at gcc dot gnu.org
` (2 subsequent siblings)
3 siblings, 0 replies; 5+ messages in thread
From: pinskia at gcc dot gnu.org @ 2023-12-03 21:39 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=112840
Andrew Pinski <pinskia at gcc dot gnu.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Keywords| |diagnostic
Severity|normal |enhancement
See Also| |https://github.com/llvm/llv
| |m-project/issues/74205
^ permalink raw reply [flat|nested] 5+ messages in thread
* [Bug c/112840] feature request: warn on incorrect tagged union value access
2023-12-03 21:36 [Bug c/112840] New: feature request: warn on incorrect tagged union value access matheus.a.m.moreira at gmail dot com
2023-12-03 21:39 ` [Bug c/112840] " pinskia at gcc dot gnu.org
@ 2023-12-03 21:40 ` pinskia at gcc dot gnu.org
2023-12-17 19:38 ` uecker at gcc dot gnu.org
2024-01-30 0:40 ` matheus.a.m.moreira at gmail dot com
3 siblings, 0 replies; 5+ messages in thread
From: pinskia at gcc dot gnu.org @ 2023-12-03 21:40 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=112840
--- Comment #1 from Andrew Pinski <pinskia at gcc dot gnu.org> ---
This seems more like something for analyzier rather than a generic warning due
to it requires keeping track of the path where the access is located.
^ permalink raw reply [flat|nested] 5+ messages in thread
* [Bug c/112840] feature request: warn on incorrect tagged union value access
2023-12-03 21:36 [Bug c/112840] New: feature request: warn on incorrect tagged union value access matheus.a.m.moreira at gmail dot com
2023-12-03 21:39 ` [Bug c/112840] " pinskia at gcc dot gnu.org
2023-12-03 21:40 ` pinskia at gcc dot gnu.org
@ 2023-12-17 19:38 ` uecker at gcc dot gnu.org
2024-01-30 0:40 ` matheus.a.m.moreira at gmail dot com
3 siblings, 0 replies; 5+ messages in thread
From: uecker at gcc dot gnu.org @ 2023-12-17 19:38 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=112840
uecker at gcc dot gnu.org changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |uecker at gcc dot gnu.org
--- Comment #2 from uecker at gcc dot gnu.org ---
I would go for a more generic feature where one can specify some invariant /
condition that needs be true when a member of a struct / union is accessed.
struct S {
enum T t;
union U {
int i [[gnu::guard(.t == I)]];
float f [[gnu::guard(.t == f)]];
} u;
};
^ permalink raw reply [flat|nested] 5+ messages in thread
* [Bug c/112840] feature request: warn on incorrect tagged union value access
2023-12-03 21:36 [Bug c/112840] New: feature request: warn on incorrect tagged union value access matheus.a.m.moreira at gmail dot com
` (2 preceding siblings ...)
2023-12-17 19:38 ` uecker at gcc dot gnu.org
@ 2024-01-30 0:40 ` matheus.a.m.moreira at gmail dot com
3 siblings, 0 replies; 5+ messages in thread
From: matheus.a.m.moreira at gmail dot com @ 2024-01-30 0:40 UTC (permalink / raw)
To: gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=112840
--- Comment #3 from Matheus Afonso Martins Moreira <matheus.a.m.moreira at gmail dot com> ---
(In reply to uecker from comment #2)
> I would go for a more generic feature where one can specify some invariant /
> condition that needs be true when a member of a struct / union is accessed.
So the proposed solution is a guard(expr) attribute that causes the compiler to
warn the developer if it can't statically determine that expr is true in the
appropriate context.
This would be great!! Much more flexible than the tag attribute I proposed. How
can we make it happen? I've never hacked on GCC before.
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2024-01-30 0:40 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2023-12-03 21:36 [Bug c/112840] New: feature request: warn on incorrect tagged union value access matheus.a.m.moreira at gmail dot com
2023-12-03 21:39 ` [Bug c/112840] " pinskia at gcc dot gnu.org
2023-12-03 21:40 ` pinskia at gcc dot gnu.org
2023-12-17 19:38 ` uecker at gcc dot gnu.org
2024-01-30 0:40 ` matheus.a.m.moreira at gmail dot com
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).