From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <SRS0=7lpT=KL=kernel.org=alx@sourceware.org>
Received: from dfw.source.kernel.org (dfw.source.kernel.org [139.178.84.217])
	by sourceware.org (Postfix) with ESMTPS id AFB1C3858C98
	for <gcc-patches@gcc.gnu.org>; Tue,  5 Mar 2024 20:20:43 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org AFB1C3858C98
Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=kernel.org
Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=kernel.org
ARC-Filter: OpenARC Filter v1.0.0 sourceware.org AFB1C3858C98
Authentication-Results: server2.sourceware.org; arc=none smtp.remote-ip=139.178.84.217
ARC-Seal: i=1; a=rsa-sha256; d=sourceware.org; s=key; t=1709670045; cv=none;
	b=ZbbWfMdYsWPhy3UzybVLMJWWbRRBVIb98kzg+RP+TXEmIGhY41SRORDDPW1ttoJ7ypRub7OYEiOzlTRCX+P88iX05LJifZHQN1GMonS1RPlIOWIHm7ypDG5MKz0MJa4XasScvARyuyPpe+4Scxz73voSG5ahu59SMGkxMxij/YI=
ARC-Message-Signature: i=1; a=rsa-sha256; d=sourceware.org; s=key;
	t=1709670045; c=relaxed/simple;
	bh=BLhteomizp+brkQ+rgIk3oRSjZIHoQd9JDhmSi+hSp8=;
	h=DKIM-Signature:Date:From:To:Subject:Message-ID:MIME-Version; b=L6DXlo5GJfeaLwAGpsHxvLBE6ujwLV2KPhkjrAd10kaSSTvES+OfrjpSVcGGnUIFQazF+JtUFtsJ7G5MPicLKMpe6jbvJSCtRQTSIXYPunDSvRKjzNocv2cNOTDgfM+ugDBdekq5x+LLGMGG/MzU4wtQS5NVeUIg91+m8AHfd9Q=
ARC-Authentication-Results: i=1; server2.sourceware.org
Received: from smtp.kernel.org (transwarp.subspace.kernel.org [100.75.92.58])
	by dfw.source.kernel.org (Postfix) with ESMTP id 9C971617AA
	for <gcc-patches@gcc.gnu.org>; Tue,  5 Mar 2024 20:20:42 +0000 (UTC)
Received: by smtp.kernel.org (Postfix) with ESMTPSA id 98856C433F1
	for <gcc-patches@gcc.gnu.org>; Tue,  5 Mar 2024 20:20:41 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=kernel.org;
	s=k20201202; t=1709670042;
	bh=BLhteomizp+brkQ+rgIk3oRSjZIHoQd9JDhmSi+hSp8=;
	h=Date:From:To:Subject:References:In-Reply-To:From;
	b=n/VyHyD11cCGMorLuUT0wsg1DFgenIBOvptpjg2HkIeyqSDkh64NPifDL8oWGgiLr
	 v7+kRvnQMSWavA9x0xP20I5qgfU2RML4QoJfQXWinQtl2dwBYCbE8D/6vcVVBtJh/h
	 rCwR/uu+TyVkjlMcLgHqhSrE5XOF3BeG3/TKJfEIXGkSsTt9qF/pyJDDsM440xXGXv
	 Naq/s0MR2Z+/JXaXVsI4rXHrBbdE9zZzJ1ERW89zSwON2BG3OIz+YqOjsQnqDe9IUC
	 fUWiXbfbHAN8MGqTIxxQSrszsRD7rkUWi2wfkNAWDqpJFXVi1yNfUq4v17kNfvDizl
	 +dTHam5ejgsiw==
Date: Tue, 5 Mar 2024 21:20:39 +0100
From: Alejandro Colomar <alx@kernel.org>
To: gcc-patches@gcc.gnu.org
Subject: [PATCH v6] C, ObjC: Add -Wunterminated-string-initialization
Message-ID: <20240305202039.21125-1-alx@kernel.org>
X-Mailer: git-send-email 2.43.0
References: <DDC0A39F-48EC-429B-8DAB-1FF54323E06B@comcast.net>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha512;
	protocol="application/pgp-signature"; boundary="vj6d7ctaf44dgcly"
Content-Disposition: inline
In-Reply-To: <DDC0A39F-48EC-429B-8DAB-1FF54323E06B@comcast.net>
X-Spam-Status: No, score=-10.4 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,GIT_PATCH_0,SPF_HELO_NONE,SPF_PASS,TXREP,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org
List-Id: <gcc-patches.gcc.gnu.org>


--vj6d7ctaf44dgcly
Content-Type: text/plain; protected-headers=v1; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
Subject: [PATCH v6] C, ObjC: Add -Wunterminated-string-initialization
MIME-Version: 1.0

Warn about the following:

    char  s[3] =3D "foo";

Initializing a char array with a string literal of the same length as
the size of the array is usually a mistake.  Rarely is the case where
one wants to create a non-terminated character sequence from a string
literal.

In some cases, for writing faster code, one may want to use arrays
instead of pointers, since that removes the need for storing an array of
pointers apart from the strings themselves.

    char  *log_levels[]   =3D { "info", "warning", "err" };
vs.
    char  log_levels[][7] =3D { "info", "warning", "err" };

This forces the programmer to specify a size, which might change if a
new entry is later added.  Having no way to enforce null termination is
very dangerous, however, so it is useful to have a warning for this, so
that the compiler can make sure that the programmer didn't make any
mistakes.  This warning catches the bug above, so that the programmer
will be able to fix it and write:

    char  log_levels[][8] =3D { "info", "warning", "err" };

This warning already existed as part of -Wc++-compat, but this patch
allows enabling it separately.  It is also included in -Wextra, since
it may not always be desired (when unterminated character sequences are
wanted), but it's likely to be desired in most cases.

Since Wc++-compat now includes this warning, the test has to be modified
to expect the text of the new warning too, in <gcc.dg/Wcxx-compat-14.c>.

Link: <https://lists.gnu.org/archive/html/groff/2022-11/msg00059.html>
Link: <https://lists.gnu.org/archive/html/groff/2022-11/msg00063.html>
Link: <https://inbox.sourceware.org/gcc/36da94eb-1cac-5ae8-7fea-ec66160cf41=
3@gmail.com/T/>
Acked-by: Doug McIlroy <douglas.mcilroy@dartmouth.edu>
Cc: "G. Branden Robinson" <g.branden.robinson@gmail.com>
Cc: Ralph Corderoy <ralph@inputplus.co.uk>
Cc: Dave Kemper <saint.snit@gmail.com>
Cc: Larry McVoy <lm@mcvoy.com>
Cc: Andrew Pinski <pinskia@gmail.com>
Cc: Jonathan Wakely <jwakely.gcc@gmail.com>
Cc: Andrew Clayton <andrew@digital-domain.net>
Cc: Martin Uecker <muecker@gwdg.de>
Cc: David Malcolm <dmalcolm@redhat.com>
Cc: Mike Stump <mikestump@comcast.net>
Cc: Joseph Myers <josmyers@redhat.com>
Cc: Sandra Loosemore <sloosemore@baylibre.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
---

Hi!

v6:
-  Small wording fix in c.opt
-  Document the option in invoke.texi

I tried again, but didn't find much alphabetic order  in there, so put
it where Mike suggested, after -Warray-bounds=3Dn.

Have a lovely night!
Alex


Range-diff against v5:
1:  d98d1fec176 ! 1:  e8fd975bde7 C, ObjC: Add -Wunterminated-string-initia=
lization
    @@ gcc/c-family/c.opt: Wunsuffixed-float-constants
     =20
     +Wunterminated-string-initialization
     +C ObjC Var(warn_unterminated_string_initialization) Warning LangEnabl=
edBy(C ObjC,Wextra || Wc++-compat)
    -+Warn about character arrays initialized as unterminated character seq=
uences by a string literal.
    ++Warn about character arrays initialized as unterminated character seq=
uences with a string literal.
     +
      Wunused
      C ObjC C++ ObjC++ LangEnabledBy(C ObjC C++ ObjC++,Wall)
    @@ gcc/c/c-typeck.cc: digest_init (location_t init_loc, tree type, tree=
 init, tree
      		{
      		  unsigned HOST_WIDE_INT size
    =20
    + ## gcc/doc/invoke.texi ##
    +@@ gcc/doc/invoke.texi: Objective-C and Objective-C++ Dialects}.
    + -Wsystem-headers  -Wtautological-compare  -Wtrampolines  -Wtrigraphs
    + -Wtrivial-auto-var-init -Wtsan -Wtype-limits  -Wundef
    + -Wuninitialized  -Wunknown-pragmas
    +--Wunsuffixed-float-constants  -Wunused
    ++-Wunsuffixed-float-constants
    ++-Wunterminated-string-initialization
    ++-Wunused
    + -Wunused-but-set-parameter  -Wunused-but-set-variable
    + -Wunused-const-variable  -Wunused-const-variable=3D@var{n}
    + -Wunused-function  -Wunused-label  -Wunused-local-typedefs
    +@@ gcc/doc/invoke.texi: name is still supported, but the newer name is=
 more descriptive.)
    + -Wredundant-move @r{(only for C++)}
    + -Wtype-limits
    + -Wuninitialized
    ++-Wunterminated-string-initialization
    + -Wshift-negative-value @r{(in C++11 to C++17 and in C99 and newer)}
    + -Wunused-parameter @r{(only with} @option{-Wunused} @r{or} @option{-W=
all}@r{)}
    + -Wunused-but-set-parameter @r{(only with} @option{-Wunused} @r{or} @o=
ption{-Wall}@r{)}}
    +@@ gcc/doc/invoke.texi: arithmetic that may yield out of bounds values=
=2E This warning level may
    + give a larger number of false positives and is deactivated by default.
    + @end table
    +=20
    ++@opindex Wunterminated-string-initialization
    ++@opindex Wno-unterminated-string-initialization
    ++@item -Wunterminated-string-initialization
    ++Warn about character arrays
    ++initialized as unterminated character sequences
    ++with a string literal.
    ++For example:
    ++
    ++@smallexample
    ++char arr[3] =3D "foo";
    ++@end smallexample
    ++
    ++@option{-Wunterminated-string-initialization} is enabled by @option{-=
Wextra}.
    ++
    + @opindex Warray-compare
    + @opindex Wno-array-compare
    + @item -Warray-compare
    +
      ## gcc/testsuite/gcc.dg/Wcxx-compat-14.c ##
     @@
      /* { dg-options "-Wc++-compat" } */

 gcc/c-family/c.opt                            |  4 ++++
 gcc/c/c-typeck.cc                             |  6 +++---
 gcc/doc/invoke.texi                           | 19 ++++++++++++++++++-
 gcc/testsuite/gcc.dg/Wcxx-compat-14.c         |  2 +-
 .../Wunterminated-string-initialization.c     |  6 ++++++
 5 files changed, 32 insertions(+), 5 deletions(-)
 create mode 100644 gcc/testsuite/gcc.dg/Wunterminated-string-initializatio=
n.c

diff --git a/gcc/c-family/c.opt b/gcc/c-family/c.opt
index 44b9c862c14..3837021747b 100644
--- a/gcc/c-family/c.opt
+++ b/gcc/c-family/c.opt
@@ -1407,6 +1407,10 @@ Wunsuffixed-float-constants
 C ObjC Var(warn_unsuffixed_float_constants) Warning
 Warn about unsuffixed float constants.
=20
+Wunterminated-string-initialization
+C ObjC Var(warn_unterminated_string_initialization) Warning LangEnabledBy(=
C ObjC,Wextra || Wc++-compat)
+Warn about character arrays initialized as unterminated character sequence=
s with a string literal.
+
 Wunused
 C ObjC C++ ObjC++ LangEnabledBy(C ObjC C++ ObjC++,Wall)
 ; documented in common.opt
diff --git a/gcc/c/c-typeck.cc b/gcc/c/c-typeck.cc
index e55e887da14..7df9de819ed 100644
--- a/gcc/c/c-typeck.cc
+++ b/gcc/c/c-typeck.cc
@@ -8399,11 +8399,11 @@ digest_init (location_t init_loc, tree type, tree i=
nit, tree origtype,
 		pedwarn_init (init_loc, 0,
 			      ("initializer-string for array of %qT "
 			       "is too long"), typ1);
-	      else if (warn_cxx_compat
+	      else if (warn_unterminated_string_initialization
 		       && compare_tree_int (TYPE_SIZE_UNIT (type), len) < 0)
-		warning_at (init_loc, OPT_Wc___compat,
+		warning_at (init_loc, OPT_Wunterminated_string_initialization,
 			    ("initializer-string for array of %qT "
-			     "is too long for C++"), typ1);
+			     "is too long"), typ1);
 	      if (compare_tree_int (TYPE_SIZE_UNIT (type), len) < 0)
 		{
 		  unsigned HOST_WIDE_INT size
diff --git a/gcc/doc/invoke.texi b/gcc/doc/invoke.texi
index 146b40414b0..f81df4de934 100644
--- a/gcc/doc/invoke.texi
+++ b/gcc/doc/invoke.texi
@@ -410,7 +410,9 @@ Objective-C and Objective-C++ Dialects}.
 -Wsystem-headers  -Wtautological-compare  -Wtrampolines  -Wtrigraphs
 -Wtrivial-auto-var-init -Wtsan -Wtype-limits  -Wundef
 -Wuninitialized  -Wunknown-pragmas
--Wunsuffixed-float-constants  -Wunused
+-Wunsuffixed-float-constants
+-Wunterminated-string-initialization
+-Wunused
 -Wunused-but-set-parameter  -Wunused-but-set-variable
 -Wunused-const-variable  -Wunused-const-variable=3D@var{n}
 -Wunused-function  -Wunused-label  -Wunused-local-typedefs
@@ -6264,6 +6266,7 @@ name is still supported, but the newer name is more d=
escriptive.)
 -Wredundant-move @r{(only for C++)}
 -Wtype-limits
 -Wuninitialized
+-Wunterminated-string-initialization
 -Wshift-negative-value @r{(in C++11 to C++17 and in C99 and newer)}
 -Wunused-parameter @r{(only with} @option{-Wunused} @r{or} @option{-Wall}@=
r{)}
 -Wunused-but-set-parameter @r{(only with} @option{-Wunused} @r{or} @option=
{-Wall}@r{)}}
@@ -8281,6 +8284,20 @@ arithmetic that may yield out of bounds values. This=
 warning level may
 give a larger number of false positives and is deactivated by default.
 @end table
=20
+@opindex Wunterminated-string-initialization
+@opindex Wno-unterminated-string-initialization
+@item -Wunterminated-string-initialization
+Warn about character arrays
+initialized as unterminated character sequences
+with a string literal.
+For example:
+
+@smallexample
+char arr[3] =3D "foo";
+@end smallexample
+
+@option{-Wunterminated-string-initialization} is enabled by @option{-Wextr=
a}.
+
 @opindex Warray-compare
 @opindex Wno-array-compare
 @item -Warray-compare
diff --git a/gcc/testsuite/gcc.dg/Wcxx-compat-14.c b/gcc/testsuite/gcc.dg/W=
cxx-compat-14.c
index 23783711be6..6df0ee197cc 100644
--- a/gcc/testsuite/gcc.dg/Wcxx-compat-14.c
+++ b/gcc/testsuite/gcc.dg/Wcxx-compat-14.c
@@ -2,5 +2,5 @@
 /* { dg-options "-Wc++-compat" } */
=20
 char a1[] =3D "a";
-char a2[1] =3D "a";	/* { dg-warning "C\[+\]\[+\]" } */
+char a2[1] =3D "a";	/* { dg-warning "initializer-string for array of 'char=
' is too long" } */
 char a3[2] =3D "a";
diff --git a/gcc/testsuite/gcc.dg/Wunterminated-string-initialization.c b/g=
cc/testsuite/gcc.dg/Wunterminated-string-initialization.c
new file mode 100644
index 00000000000..13d5dbc6640
--- /dev/null
+++ b/gcc/testsuite/gcc.dg/Wunterminated-string-initialization.c
@@ -0,0 +1,6 @@
+/* { dg-do compile } */
+/* { dg-options "-Wunterminated-string-initialization" } */
+
+char a1[] =3D "a";
+char a2[1] =3D "a";	/* { dg-warning "initializer-string for array of 'char=
' is too long" } */
+char a3[2] =3D "a";
--=20
2.43.0


--vj6d7ctaf44dgcly
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAABCgAdFiEE6jqH8KTroDDkXfJAnowa+77/2zIFAmXnfpcACgkQnowa+77/
2zIqWg//Z9LHC9p35BtYzP1Kj+SxR4nffgjr4GHFLnSLypFAd5qr9Wb+qUTDdJfe
xFebW+QU+9YjWggBaq9kdDRjZ0cW9QA6EY1rgKO0sg+vC087AJ08r0prwHyRbHVn
HyjvVAmM48FmDyn55ufJxZFxfMgDX1PgQHuY5eVnvtXvTJp7PylM9n3YK73gVAhL
CFqMggDqdbQ+dKk1XDh45SjqG3gYUojo95GH8zk3acXktSsjmm02C8Ti+Wywl8Ug
Xa/jFHuPl4V3xYWT9DyezNM3GoU6lO4YsgKVYm8QivsNq7/wKgw66V/1THdRiLb0
2rcSJTu1FaQz0e2OslE2HbtCAjvrCyyZ/MDHkjBuO7PhJOHd4z6OkQe7ygML0MJh
yR6G9vpsQ2Eteght3wB8nzDYTeNcETHh+s/xWUYYe+vTXRqzhwe030OgwB3xIgCk
BHfwMkp+VZpSCgVEZmUQjABlRJWGvdoNp1OLe80/8jAudbEFbDfZFOskgxYASYaJ
Dqib9563wTPbvvucYsYSgGeG6K1pv+tpCaBv1W8wHYdJPFReUFddBDHEBASb4EVw
oPbHSN8j+Ui8YPoeisi/m0tEyOdFnICgnD29/43u/W5PdSwDdDNOnF5qnJGFOY/j
swCc1WrNlryzGgfhMMdJQe6Qz7TUbAPLCclF+b2LByAurX+/4cY=
=bNLx
-----END PGP SIGNATURE-----

--vj6d7ctaf44dgcly--