-
Notifications
You must be signed in to change notification settings - Fork 11.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
clang
feature request: warn on incorrect tagged union value access
#74205
Comments
@llvm/issue-subscribers-clang-frontend Author: Matheus Moreira (matheusmoreira)
Currently `clang` does not produce a warning if the value of a tagged union that doesn't correspond to its type tag is accessed.
For example, this code: // warn.c
#include <stdio.h>
enum T { I, F };
union U { int i; float f; };
struct S { enum T t; union U u; };
int main(void) {
struct S s = { .t = F, .u.f = 12345.67890f };
switch (s.t) {
case I:
printf("%d\n", s.u.i);
break;
case F:
// copied the above case
// but neglected to update the code
printf("%d\n", s.u.i);
break;
}
} Does not produce any warning when compiled, leading to incorrect results: $ clang -Weverything -o warn warn.c && ./warn
1178658487 I understand that A compiler mechanism to establish a relationship between the struct S {
enum T t;
union U {
int i __attribute__((tag(t, I)));
float f __attribute__((tag(t, F)));
} u;
}; Then switch (s.t) {
case I:
// i is accessed
// the tag of i is t
// t is supposed to equal I
// compiler knows t equals I because of switch case
// correct, no warning is emitted
printf("%d\n", s.u.i);
break;
case F:
// i is accessed
// the tag of i is t
// t is supposed to equal I
// compiler knows t equals F because of switch case
// incorrect, a warning is emitted
printf("%d\n", s.u.i);
break;
} Relevant links:
|
Equivalent issue on the GCC issue tracker: 112840 - feature request: warn on incorrect tagged union value access |
Proposal in the GCC Bugzilla: a general
|
Currently
clang
does not produce a warning if the value of a tagged union that doesn't correspond to its type tag is accessed.For example, this code:
Does not produce any warning when compiled, leading to incorrect results:
$ clang -Weverything -o warn warn.c && ./warn 1178658487
I understand that
union
s are typically used for type punning and that such accesses are often intended by the programmer but compiler checks would still be beneficial when that's not the case. People have created C preprocessor solutions to use tagged unions safely in C. I've also seen support for safe tagged unions in newer languages like Zig.A compiler mechanism to establish a relationship between the
union
values and their correspondingenum
tags would be extremely useful. Something like this, perhaps:Then
clang
would be able to warn whenunion
values are accessed in a context where their specified tags are not known to be the correct value:Relevant links:
The text was updated successfully, but these errors were encountered: