[Bug c/112840] New: feature request: warn on incorrect tagged union value access

Sun, 03 Dec 2023 13:36:54 -0800 

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=112840

            Bug ID: 112840
           Summary: feature request: warn on incorrect tagged union value
                    access
           Product: gcc
           Version: unknown
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: c
          Assignee: unassigned at gcc dot gnu.org
          Reporter: matheus.a.m.moreira at gmail dot com
  Target Milestone: ---

It would be useful if GCC could warn the programmer if the value of a tagged
union that doesn't correspond to its type tag is accessed.

Here's an example that illustrates the kind of mistake such a warning would
prevent:

    #include <stdio.h>

    enum T { I, F };
    union U { int i; float f; };
    struct S { enum T t; union U u; };

    int main(void) {
        struct S s = { .t = F, .u.f = 12345.67890f };
        switch (s.t) {

        case I:
            printf("%d\n", s.u.i);
            break;

        case F:

            // copied the above case
            // but neglected to update the code

            printf("%d\n", s.u.i);
            break;
        }
    }

I understand that unions are typically used for type punning and that such
accesses are often intended by the programmer but compiler checks would still
be beneficial when that's not the case.

A compiler mechanism to establish a relationship between the union values and
their corresponding enum tags would be extremely useful. Something like this,
perhaps:

    struct S {
        enum T t;
        union U {
            int i       __attribute__((tag(t, I)));
            float f     __attribute__((tag(t, F)));
        } u;
    };

Then gcc would be able to warn when union values are accessed in a context
where their specified tags are not known to be the correct value:

    switch (s.t) {

    case I:

        // i is accessed
        // the tag of i is t
        // t is supposed to equal I
        // compiler knows t equals I because of switch case
        // correct, no warning is emitted

        printf("%d\n", s.u.i);
        break;

    case F:

        // i is accessed
        // the tag of i is t
        // t is supposed to equal I
        // compiler knows t equals F because of switch case
        // incorrect, a warning is emitted

        printf("%d\n", s.u.i);
        break;
    }

Such a feature would make C less error prone. I've also seen support for safe
tagged unions in newer languages like Zig. People have created C preprocessor
solutions to use tagged unions safely in C due to the lack of this safety:

https://github.com/Hirrolot/datatype99

Relevant clang issue:

https://github.com/llvm/llvm-project/issues/74205

Reply via email to