Fix union initialization

tautschnig · tautschnig · commit a4a337a2b987 · 2021-03-22T22:40:46.000Z
The attached test shows that we could reach recursive initialisation of
unions with a byte_update instead of a union expression. The test was
constructed using creduce, starting from code included in the Linux
kernel.
diff --git a/regression/ansi-c/Union_Initialization3/main.c b/regression/ansi-c/Union_Initialization3/main.c
@@ -0,0 +1,23 @@
+union {
+  int a;
+  struct
+  {
+    unsigned b : 4;
+    unsigned c : 4;
+  };
+} u1 = {.b = 5, .c = 1};
+
+#ifndef _MSC_VER
+union {
+  int;
+  struct
+  {
+    unsigned b : 4;
+    unsigned c : 4;
+  };
+} u2 = {.b = 5, .c = 1};
+#endif
+
+int main()
+{
+}
diff --git a/regression/ansi-c/Union_Initialization3/test.desc b/regression/ansi-c/Union_Initialization3/test.desc
@@ -0,0 +1,12 @@
+CORE
+main.c
+
+^EXIT=0$
+^SIGNAL=0$
+--
+Invariant check failed
+--
+This test previously failed an internal invariant:
+File: ../src/ansi-c/c_typecheck_initializer.cpp:517 function: do_designated_initializer
+Condition: dest->id() == ID_union
+Reason: union should be zero initialized
diff --git a/src/ansi-c/c_typecheck_initializer.cpp b/src/ansi-c/c_typecheck_initializer.cpp
@@ -530,27 +530,36 @@ exprt::operandst::const_iterator c_typecheck_baset::do_designated_initializer(
         // initializer; other bytes have an unspecified value (C Standard
         // 6.2.6.1(7)). In practice, objects of static lifetime are fully zero
         // initialized.
-        const auto zero =
-          zero_initializer(component.type(), value.source_location(), *this);
-        if(!zero.has_value())
-        {
-          error().source_location = value.source_location();
-          error() << "cannot zero-initialize union component of type '"
-                  << to_string(component.type()) << "'" << eom;
-          throw 0;
-        }
-
         if(current_symbol.is_static_lifetime)
         {
-          byte_update_exprt byte_update{
-            byte_update_id(), *dest, from_integer(0, index_type()), *zero};
-          byte_update.add_source_location() = value.source_location();
-          *dest = std::move(byte_update);
-          dest = &(to_byte_update_expr(*dest).op2());
+          const auto zero =
+            zero_initializer(component.type(), value.source_location(), *this);
+          if(!zero.has_value())
+          {
+            error().source_location = value.source_location();
+            error() << "cannot zero-initialize union component of type '"
+                    << to_string(component.type()) << "'" << eom;
+            throw 0;
+          }
+
+          union_exprt union_expr(component.get_name(), *zero, type);
+          union_expr.add_source_location() = value.source_location();
+          *dest = std::move(union_expr);
+          dest = &(to_union_expr(*dest).op());
         }
         else
         {
-          union_exprt union_expr(component.get_name(), *zero, type);
+          const auto nondet = nondet_initializer(
+            component.type(), value.source_location(), *this);
+          if(!nondet.has_value())
+          {
+            error().source_location = value.source_location();
+            error() << "cannot nondet-initialize union component of type '"
+                    << to_string(component.type()) << "'" << eom;
+            throw 0;
+          }
+
+          union_exprt union_expr(component.get_name(), *nondet, type);
           union_expr.add_source_location() = value.source_location();
           *dest = std::move(union_expr);
           dest = &(to_union_expr(*dest).op());
