←back to thread

GCC 15.1

(gcc.gnu.org)
270 points jrepinc | 2 comments | 25 Apr 25 10:53 UTC | HN request time: 0s | source
Show context
Calavar ◴[25 Apr 25 12:39 UTC] No.43792948[source]
> {0} initializer in C or C++ for unions no longer guarantees clearing of the whole union (except for static storage duration initialization), it just initializes the first union member to zero. If initialization of the whole union including padding bits is desirable, use {} (valid in C23 or C++) or use -fzero-init-padding-bits=unions option to restore old GCC behavior.

This is going to silently break so much existing code, especially union based type punning in C code. {0} used to guarantee full zeroing and {} did not, and step by step we've flipped the situation to the reverse. The only sensible thing, in terms of not breaking old code, would be to have both {0} and {} zero initialize the whole union.

I'm sure this change was discussed in depth on the mailing list, but it's absolutely mind boggling to me

replies(14): >>43793036 #>>43793080 #>>43793121 #>>43793150 #>>43793166 #>>43794045 #>>43794558 #>>43796460 #>>43798312 #>>43798826 #>>43800132 #>>43800234 #>>43800932 #>>43800975 #
ogoffart ◴[25 Apr 25 13:01 UTC] No.43793121[source]
> This is going to silently break so much existing code

The code was already broken. It was an undefined behavior.

That's a problem with C and it's undefined behavior minefields.

replies(3): >>43793132 #>>43793486 #>>43796042 #
ryao ◴[25 Apr 25 13:02 UTC] No.43793132[source]
GCC has long been known to define undefined behavior in C unions. In particular, type punning in unions is undefined behavior under the C and C++ standards, but GCC (and Clang) define it.
replies(3): >>43793225 #>>43793908 #>>43794163 #
mtklein ◴[25 Apr 25 13:11 UTC] No.43793225{3}[source]
I have always thought that punning through a union was legal in C but UB in C++, and that punning through incompatible pointer casting was UB in both.

I am basing this entirely on memory and the wikipedia article on type punning. I welcome extremely pedantic feedback.

replies(3): >>43793282 #>>43794008 #>>43794170 #
jcranmer ◴[25 Apr 25 14:48 UTC] No.43794170{4}[source]
> punning through a union was legal in C

In C89, it was implementation-defined. In C99, it was made expressly legal, but it was erroneously included in the list of undefined behavior annex. From C11 on, the annex was fixed.

> but UB in C++

C++11 adopted "unrestricted unions", which added a concept of active members that is UB to access other members unless you make them active. Except active members rely on constructors and destructors, which primitive types don't have, so the standard isn't particularly clear on what happens here. The current consensus is that it's UB.

C++20 added std::bit_cast which is a much safer interface to type punning than unions.

> punning through incompatible pointer casting was UB in both

There is a general rule that accessing an object through an 'incompatible' lvalue is illegal in both languages. In general, changing the const or volatile qualifier on the object is legal, as is reading via a different signed or unsigned variant, and char pointers can read anything.

replies(2): >>43794240 #>>43794425 #
1. ryao ◴[25 Apr 25 15:14 UTC] No.43794425{5}[source]
The GCC developers disagree as of last December:

> Type punning via unions is undefined behavior in both c and c++.

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=118141#c13

replies(1): >>43800862 #
2. saagarjha ◴[26 Apr 25 04:07 UTC] No.43800862[source]
I think they're wrong about C.