Most active commenters
  • mistrial9(4)
  • grandempire(3)

←back to thread

GCC 15.1

(gcc.gnu.org)
270 points jrepinc | 11 comments | 25 Apr 25 10:53 UTC | HN request time: 0s | source | bottom
Show context
Calavar ◴[25 Apr 25 12:39 UTC] No.43792948[source]
> {0} initializer in C or C++ for unions no longer guarantees clearing of the whole union (except for static storage duration initialization), it just initializes the first union member to zero. If initialization of the whole union including padding bits is desirable, use {} (valid in C23 or C++) or use -fzero-init-padding-bits=unions option to restore old GCC behavior.

This is going to silently break so much existing code, especially union based type punning in C code. {0} used to guarantee full zeroing and {} did not, and step by step we've flipped the situation to the reverse. The only sensible thing, in terms of not breaking old code, would be to have both {0} and {} zero initialize the whole union.

I'm sure this change was discussed in depth on the mailing list, but it's absolutely mind boggling to me

replies(14): >>43793036 #>>43793080 #>>43793121 #>>43793150 #>>43793166 #>>43794045 #>>43794558 #>>43796460 #>>43798312 #>>43798826 #>>43800132 #>>43800234 #>>43800932 #>>43800975 #
mistrial9 ◴[25 Apr 25 13:04 UTC] No.43793150[source]
using UNION was always considered sketchy IMHO. This is trivia for security exploiters?
replies(1): >>43793494 #
1. grandempire ◴[25 Apr 25 13:43 UTC] No.43793494[source]
No. This is how sum types are implemented.

And from a runtime perspective it’s going to be a struct with perhaps more padding. You’ll need more details about your specific threat model to explain why that’s bad.

replies(1): >>43793585 #
2. mistrial9 ◴[25 Apr 25 13:54 UTC] No.43793585[source]
a quick search says that std::variant is the modern replacement to implement your niche feature "sum types"
replies(3): >>43793601 #>>43794375 #>>43795744 #
3. grandempire ◴[25 Apr 25 13:56 UTC] No.43793601[source]
That’s for C++. And how is std::variant implemented?
replies(1): >>43793747 #
4. LowLevelMahn ◴[25 Apr 25 14:10 UTC] No.43793747{3}[source]
not using a union: https://ojdip.net/2013/10/implementing-a-variant-type-in-cpp... because the union can't be extended with variadic template types
replies(2): >>43793985 #>>43794060 #
5. grandempire ◴[25 Apr 25 14:31 UTC] No.43793985{4}[source]
So instead it has a buffer large enough to hold all the types? That’s what union does.

Still waiting to hear the security concerns.

6. LegionMammal978 ◴[25 Apr 25 14:38 UTC] No.43794060{4}[source]
Actually, it does use a union, in both libstdc++ [0] and libc++ [1]. (Underneath a lengthy stack of base classes, since it wouldn't be C++ if it weren't painful to match the specified semantics.)

[0] https://gcc.gnu.org/git/?p=gcc.git;a=blob;f=libstdc%2B%2B-v3...

[1] https://github.com/llvm/llvm-project/blob/llvmorg-20.1.3/lib...

7. jlouis ◴[25 Apr 25 15:10 UTC] No.43794375[source]
Not a niche feature. Fundamental for any decent language with a type system.
replies(1): >>43799265 #
8. soraminazuki ◴[25 Apr 25 16:41 UTC] No.43795744[source]
Whoa, that's a core building block of programming and computer science that you're dismissing as "niche" without explanation.
replies(1): >>43799273 #
9. mistrial9 ◴[25 Apr 25 22:56 UTC] No.43799265{3}[source]
ok, but C99 and C++11 and others, all have ways to implement types. "Fundemental" as you say.. using UNION in C++ is not a good choice to implement types.. in old C99, you can use UNION that way but why? footguns all around.
10. mistrial9 ◴[25 Apr 25 22:58 UTC] No.43799273{3}[source]
yes types are a core building block of programming and computer science, but not using UNION ? this casual dismissal of "criticisms of UNION" here seems superficial and un-wise to me.
replies(1): >>43800625 #
11. soraminazuki ◴[26 Apr 25 03:18 UTC] No.43800625{4}[source]
Sum types, not C unions. Different concepts.

A sum type is a concept from type theory. Like unions, it expresses a type that can be either one of multiple types. But unlike unions, it retains information about which type it is.

Properly implemented sum types are completely type safe. I can't be 100% sure what your particular "criticisms" of C unions precisely are, but assuming they all relate to type safety, they don't apply to sum types.

Sum types are important because any real world project has to deal with data that's either A or B. There's nothing controversial here.

In C, a union is a way to implement that. Yes, it's unsafe. But can you eliminate the use of unsafe features from C projects? No, if they deal with memory.

Also, it's rich and quite frankly rude to brush off my comment as "casual dismissals," "superficial," and "unwise" when it's a direct response to this.

> your niche feature "sum types"

That's pure unprovoked smugness right there that contains no substance of what your criticisms actually are, let alone the reason.