public inbox for gcc-bugs@sourceware.org help / color / mirror / Atom feed
From: "matheus.a.m.moreira at gmail dot com" <gcc-bugzilla@gcc.gnu.org> To: gcc-bugs@gcc.gnu.org Subject: [Bug c/112840] New: feature request: warn on incorrect tagged union value access Date: Sun, 03 Dec 2023 21:36:47 +0000 [thread overview] Message-ID: <bug-112840-4@http.gcc.gnu.org/bugzilla/> (raw) https://gcc.gnu.org/bugzilla/show_bug.cgi?id=112840 Bug ID: 112840 Summary: feature request: warn on incorrect tagged union value access Product: gcc Version: unknown Status: UNCONFIRMED Severity: normal Priority: P3 Component: c Assignee: unassigned at gcc dot gnu.org Reporter: matheus.a.m.moreira at gmail dot com Target Milestone: --- It would be useful if GCC could warn the programmer if the value of a tagged union that doesn't correspond to its type tag is accessed. Here's an example that illustrates the kind of mistake such a warning would prevent: #include <stdio.h> enum T { I, F }; union U { int i; float f; }; struct S { enum T t; union U u; }; int main(void) { struct S s = { .t = F, .u.f = 12345.67890f }; switch (s.t) { case I: printf("%d\n", s.u.i); break; case F: // copied the above case // but neglected to update the code printf("%d\n", s.u.i); break; } } I understand that unions are typically used for type punning and that such accesses are often intended by the programmer but compiler checks would still be beneficial when that's not the case. A compiler mechanism to establish a relationship between the union values and their corresponding enum tags would be extremely useful. Something like this, perhaps: struct S { enum T t; union U { int i __attribute__((tag(t, I))); float f __attribute__((tag(t, F))); } u; }; Then gcc would be able to warn when union values are accessed in a context where their specified tags are not known to be the correct value: switch (s.t) { case I: // i is accessed // the tag of i is t // t is supposed to equal I // compiler knows t equals I because of switch case // correct, no warning is emitted printf("%d\n", s.u.i); break; case F: // i is accessed // the tag of i is t // t is supposed to equal I // compiler knows t equals F because of switch case // incorrect, a warning is emitted printf("%d\n", s.u.i); break; } Such a feature would make C less error prone. I've also seen support for safe tagged unions in newer languages like Zig. People have created C preprocessor solutions to use tagged unions safely in C due to the lack of this safety: https://github.com/Hirrolot/datatype99 Relevant clang issue: https://github.com/llvm/llvm-project/issues/74205
next reply other threads:[~2023-12-03 21:36 UTC|newest] Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top 2023-12-03 21:36 matheus.a.m.moreira at gmail dot com [this message] 2023-12-03 21:39 ` [Bug c/112840] " pinskia at gcc dot gnu.org 2023-12-03 21:40 ` pinskia at gcc dot gnu.org 2023-12-17 19:38 ` uecker at gcc dot gnu.org 2024-01-30 0:40 ` matheus.a.m.moreira at gmail dot com
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=bug-112840-4@http.gcc.gnu.org/bugzilla/ \ --to=gcc-bugzilla@gcc.gnu.org \ --cc=gcc-bugs@gcc.gnu.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).