[Bug c/61579] New: -Wwrite-strings does not behave as a warning option

[Bug c/61579] New: -Wwrite-strings does not behave as a warning option

[bugdal at aerifal dot cx]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=61579

            Bug ID: 61579
           Summary: -Wwrite-strings does not behave as a warning option
           Product: gcc
           Version: unknown
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: c
          Assignee: unassigned at gcc dot gnu.org
          Reporter: bugdal at aerifal dot cx

Unlike other -W family options, -Wwrite-strings does not actually behave as a
warning option but as an option that alters the language semantics. I think
this inconsistency should be considered a bug and fixed. It leads to multiple
issues:

1. Warning messages wrongly show as [enabled by default] rather than
[-Wwrite-strings], since discarding const qualifier is enabled by default.

2. Some code which should produce a warning actually produces an error. As a
trivial but stupid example, if(0)*""=0; One can of course construct
non-trivial, non-stupid examples of this, particularly with the ?: operator.

3. The semantics of code using __typeof__, ?:, and now more importantly with
C11, _Generic, are changed by -Wwrite-strings. As a particularly bad case, I
think this could lead to the introduction of aliasing violations and undefined
behavior in code that had well-defined behavior without -Wwrite-strings.

Ideally the current implementation of -Wwrite-strings should be scrapped and
replaced with one that actually detects particular usage that's deemed
dangerous rather than changing the language semantics.

[Bug c/61579] -Wwrite-strings does not behave as a warning option

[manu at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=61579

Manuel López-Ibáñez <manu at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |jsm28 at gcc dot gnu.org,
                   |                            |manu at gcc dot gnu.org

--- Comment #1 from Manuel López-Ibáñez <manu at gcc dot gnu.org> ---
Agreed. It seems that in order to get the desired warning, the solution was to
change the type and warn implicitly, rather than detect the potential cases
explicitly. This is a quite ugly hack.

On the other hand, I don't expect an existing GCC developer to fix this, given
the long history of -Wwrite-strings. Someone new will have to step up,
implement it and defend it in front of the C FE maintainers.
>From gcc-bugs-return-454654-listarch-gcc-bugs=gcc.gnu.org@gcc.gnu.org Sat Jun 21 16:38:35 2014
Return-Path: <gcc-bugs-return-454654-listarch-gcc-bugs=gcc.gnu.org@gcc.gnu.org>
Delivered-To: listarch-gcc-bugs@gcc.gnu.org
Received: (qmail 25488 invoked by alias); 21 Jun 2014 16:38:34 -0000
Mailing-List: contact gcc-bugs-help@gcc.gnu.org; run by ezmlm
Precedence: bulk
List-Id: <gcc-bugs.gcc.gnu.org>
List-Archive: <http://gcc.gnu.org/ml/gcc-bugs/>
List-Post: <mailto:gcc-bugs@gcc.gnu.org>
List-Help: <mailto:gcc-bugs-help@gcc.gnu.org>
Sender: gcc-bugs-owner@gcc.gnu.org
Delivered-To: mailing list gcc-bugs@gcc.gnu.org
Received: (qmail 25437 invoked by uid 48); 21 Jun 2014 16:38:29 -0000
From: "alex.wolf at gmail dot com" <gcc-bugzilla@gcc.gnu.org>
To: gcc-bugs@gcc.gnu.org
Subject: [Bug objc/50909] Process "#pragma options align=reset" correctly on Mac OS X
Date: Sat, 21 Jun 2014 16:38:00 -0000
X-Bugzilla-Reason: CC
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: gcc
X-Bugzilla-Component: objc
X-Bugzilla-Version: 4.6.2
X-Bugzilla-Keywords:
X-Bugzilla-Severity: normal
X-Bugzilla-Who: alex.wolf at gmail dot com
X-Bugzilla-Status: UNCONFIRMED
X-Bugzilla-Priority: P3
X-Bugzilla-Assigned-To: unassigned at gcc dot gnu.org
X-Bugzilla-Target-Milestone: ---
X-Bugzilla-Flags:
X-Bugzilla-Changed-Fields: cc
Message-ID: <bug-50909-4-SlIIwuNUfL@http.gcc.gnu.org/bugzilla/>
In-Reply-To: <bug-50909-4@http.gcc.gnu.org/bugzilla/>
References: <bug-50909-4@http.gcc.gnu.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
X-Bugzilla-URL: http://gcc.gnu.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-SW-Source: 2014-06/txt/msg01736.txt.bz2
Content-length: 466

https://gcc.gnu.org/bugzilla/show_bug.cgi?idP909

Alex <alex.wolf at gmail dot com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |alex.wolf at gmail dot com

--- Comment #6 from Alex <alex.wolf at gmail dot com> ---
3 years later and it still doesn't work... gcc version 4.8.3, installed using
homebrew on OSX 10.9.3.

[Bug c/61579] -Wwrite-strings does not behave as a warning option

[mpolacek at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=61579

Marek Polacek <mpolacek at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|UNCONFIRMED                 |NEW
   Last reconfirmed|                            |2014-07-22
                 CC|                            |mpolacek at gcc dot gnu.org
     Ever confirmed|0                           |1

--- Comment #2 from Marek Polacek <mpolacek at gcc dot gnu.org> ---
Confirmed.  I might possibly get to this.

[Bug c/61579] -Wwrite-strings does not behave as a warning option

[david at westcontrol dot com]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=61579

David Brown <david at westcontrol dot com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |david at westcontrol dot com

--- Comment #7 from David Brown <david at westcontrol dot com> ---
Could "-Wwrite-strings" be split into two options?  The warning could remain
(and become part of -Wall for C as well as C++) if the compiler can spot and
warn about attempts to write to string literals, while keeping these of type
"char[len]" as required by C.

A new option "-fconst-strings" could be put under "Code Gen Options" which
makes C string literals be type "const char[len]" for those that want it,
encouraging a slightly safer code style that is not standard C.

[Bug c/61579] -Wwrite-strings does not behave as a warning option

[manu at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=61579

--- Comment #8 from Manuel López-Ibáñez <manu at gcc dot gnu.org> ---
(In reply to David Brown from comment #7)
> Could "-Wwrite-strings" be split into two options?  The warning could remain
> (and become part of -Wall for C as well as C++) if the compiler can spot and
> warn about attempts to write to string literals, while keeping these of type
> "char[len]" as required by C.

I think the issue is that the warning is implemented by changing the type of
string literals and then using the already existing warning for passing const
char* to char*. Someone would need to reimplement the warning to explicitly
detect string literals instead of changing their type, probably somewhere in
this function:
https://github.com/gcc-mirror/gcc/blob/259c3965b1ba04f7ee022846af6173fb1c343bc8/gcc/c/c-typeck.c#L6585

> A new option "-fconst-strings" could be put under "Code Gen Options" which
> makes C string literals be type "const char[len]" for those that want it,
> encouraging a slightly safer code style that is not standard C.

I am not sure this is a good solution, since the only benefit of
-fconst-strings would be to trigger the warnings. I'm pretty sure it will not
affect optimization, so it is useless as a codegen option. It doesn't solve all
the issues described in comment #0.

The fix is the one outlined above: detect that the argument or assigment is a
literal string and special case the "discarding const qualifier" to trigger in
that case with -Write-strings.

But, the only way to find out for sure is to submit a patch to gcc-patches and
start the discussion.

[Bug c/61579] -Wwrite-strings does not behave as a warning option

[msebor at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=61579

Martin Sebor <msebor at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |msebor at gcc dot gnu.org
           See Also|                            |https://gcc.gnu.org/bugzill
                   |                            |a/show_bug.cgi?id=90404

--- Comment #9 from Martin Sebor <msebor at gcc dot gnu.org> ---
pr90404 is somewhat related to this: it requests a new warning option to flag
attempts to modify a const object of any type/kind.  In my prototype
implementation of it that I hope to submit for GCC 11 I call the option
-Wwrite-const.  It's implemented in the middle end so it detects all such
attempts, including for instance things like '*strchr("x", 'x') = 0', and
avoids triggering on provably unreachable code.  It's just as capable as other
late warnings, but, of course, also subject to just as many false positives and
negatives as they are.