public inbox for gcc-bugs@sourceware.org
help / color / mirror / Atom feed
From: "matheus.a.m.moreira at gmail dot com" <gcc-bugzilla@gcc.gnu.org>
To: gcc-bugs@gcc.gnu.org
Subject: [Bug c/112840] New: feature request: warn on incorrect tagged union value access
Date: Sun, 03 Dec 2023 21:36:47 +0000 [thread overview]
Message-ID: <bug-112840-4@http.gcc.gnu.org/bugzilla/> (raw)
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=112840
Bug ID: 112840
Summary: feature request: warn on incorrect tagged union value
access
Product: gcc
Version: unknown
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: c
Assignee: unassigned at gcc dot gnu.org
Reporter: matheus.a.m.moreira at gmail dot com
Target Milestone: ---
It would be useful if GCC could warn the programmer if the value of a tagged
union that doesn't correspond to its type tag is accessed.
Here's an example that illustrates the kind of mistake such a warning would
prevent:
#include <stdio.h>
enum T { I, F };
union U { int i; float f; };
struct S { enum T t; union U u; };
int main(void) {
struct S s = { .t = F, .u.f = 12345.67890f };
switch (s.t) {
case I:
printf("%d\n", s.u.i);
break;
case F:
// copied the above case
// but neglected to update the code
printf("%d\n", s.u.i);
break;
}
}
I understand that unions are typically used for type punning and that such
accesses are often intended by the programmer but compiler checks would still
be beneficial when that's not the case.
A compiler mechanism to establish a relationship between the union values and
their corresponding enum tags would be extremely useful. Something like this,
perhaps:
struct S {
enum T t;
union U {
int i __attribute__((tag(t, I)));
float f __attribute__((tag(t, F)));
} u;
};
Then gcc would be able to warn when union values are accessed in a context
where their specified tags are not known to be the correct value:
switch (s.t) {
case I:
// i is accessed
// the tag of i is t
// t is supposed to equal I
// compiler knows t equals I because of switch case
// correct, no warning is emitted
printf("%d\n", s.u.i);
break;
case F:
// i is accessed
// the tag of i is t
// t is supposed to equal I
// compiler knows t equals F because of switch case
// incorrect, a warning is emitted
printf("%d\n", s.u.i);
break;
}
Such a feature would make C less error prone. I've also seen support for safe
tagged unions in newer languages like Zig. People have created C preprocessor
solutions to use tagged unions safely in C due to the lack of this safety:
https://github.com/Hirrolot/datatype99
Relevant clang issue:
https://github.com/llvm/llvm-project/issues/74205
next reply other threads:[~2023-12-03 21:36 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-12-03 21:36 matheus.a.m.moreira at gmail dot com [this message]
2023-12-03 21:39 ` [Bug c/112840] " pinskia at gcc dot gnu.org
2023-12-03 21:40 ` pinskia at gcc dot gnu.org
2023-12-17 19:38 ` uecker at gcc dot gnu.org
2024-01-30 0:40 ` matheus.a.m.moreira at gmail dot com
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=bug-112840-4@http.gcc.gnu.org/bugzilla/ \
--to=gcc-bugzilla@gcc.gnu.org \
--cc=gcc-bugs@gcc.gnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).