←back to thread

GCC 15.1

(gcc.gnu.org)
270 points jrepinc | 3 comments | 25 Apr 25 10:53 UTC | HN request time: 0s | source
Show context
Calavar ◴[25 Apr 25 12:39 UTC] No.43792948[source]
> {0} initializer in C or C++ for unions no longer guarantees clearing of the whole union (except for static storage duration initialization), it just initializes the first union member to zero. If initialization of the whole union including padding bits is desirable, use {} (valid in C23 or C++) or use -fzero-init-padding-bits=unions option to restore old GCC behavior.

This is going to silently break so much existing code, especially union based type punning in C code. {0} used to guarantee full zeroing and {} did not, and step by step we've flipped the situation to the reverse. The only sensible thing, in terms of not breaking old code, would be to have both {0} and {} zero initialize the whole union.

I'm sure this change was discussed in depth on the mailing list, but it's absolutely mind boggling to me

replies(14): >>43793036 #>>43793080 #>>43793121 #>>43793150 #>>43793166 #>>43794045 #>>43794558 #>>43796460 #>>43798312 #>>43798826 #>>43800132 #>>43800234 #>>43800932 #>>43800975 #
mistrial9 ◴[25 Apr 25 13:04 UTC] No.43793150[source]
using UNION was always considered sketchy IMHO. This is trivia for security exploiters?
replies(1): >>43793494 #
grandempire ◴[25 Apr 25 13:43 UTC] No.43793494[source]
No. This is how sum types are implemented.

And from a runtime perspective it’s going to be a struct with perhaps more padding. You’ll need more details about your specific threat model to explain why that’s bad.

replies(1): >>43793585 #
mistrial9 ◴[25 Apr 25 13:54 UTC] No.43793585{3}[source]
a quick search says that std::variant is the modern replacement to implement your niche feature "sum types"
replies(3): >>43793601 #>>43794375 #>>43795744 #
1. soraminazuki ◴[25 Apr 25 16:41 UTC] No.43795744{4}[source]
Whoa, that's a core building block of programming and computer science that you're dismissing as "niche" without explanation.
replies(1): >>43799273 #
2. mistrial9 ◴[25 Apr 25 22:58 UTC] No.43799273[source]
yes types are a core building block of programming and computer science, but not using UNION ? this casual dismissal of "criticisms of UNION" here seems superficial and un-wise to me.
replies(1): >>43800625 #
3. soraminazuki ◴[26 Apr 25 03:18 UTC] No.43800625[source]
Sum types, not C unions. Different concepts.

A sum type is a concept from type theory. Like unions, it expresses a type that can be either one of multiple types. But unlike unions, it retains information about which type it is.

Properly implemented sum types are completely type safe. I can't be 100% sure what your particular "criticisms" of C unions precisely are, but assuming they all relate to type safety, they don't apply to sum types.

Sum types are important because any real world project has to deal with data that's either A or B. There's nothing controversial here.

In C, a union is a way to implement that. Yes, it's unsafe. But can you eliminate the use of unsafe features from C projects? No, if they deal with memory.

Also, it's rich and quite frankly rude to brush off my comment as "casual dismissals," "superficial," and "unwise" when it's a direct response to this.

> your niche feature "sum types"

That's pure unprovoked smugness right there that contains no substance of what your criticisms actually are, let alone the reason.