[PATCH v2] C, ObjC: Add -Wunterminated-string-initialization

[PATCH v2] C, ObjC: Add -Wunterminated-string-initialization

[Alejandro Colomar]

Warn about the following:

    char  s[3] = "foo";

Initializing a char array with a string literal of the same length as
the size of the array is usually a mistake.  Rarely is the case where
one wants to create a non-terminated character sequence from a string
literal.

In some cases, for writing faster code, one may want to use arrays
instead of pointers, since that removes the need for storing an array of
pointers apart from the strings themselves.

    char  *log_levels[]   = { "info", "warning", "err" };
vs.
    char  log_levels[][7] = { "info", "warning", "err" };

This forces the programmer to specify a size, which might change if a
new entry is later added.  Having no way to enforce null termination is
very dangerous, however, so it is useful to have a warning for this, so
that the compiler can make sure that the programmer didn't make any
mistakes.  This warning catches the bug above, so that the programmer
will be able to fix it and write:

    char  log_levels[][8] = { "info", "warning", "err" };

This warning already existed as part of -Wc++-compat, but this patch
allows enabling it separately.  It is also included in -Wextra, since
it may not always be desired (when unterminated character sequences are
wanted), but it's likely to be desired in most cases.

Link: <https://lists.gnu.org/archive/html/groff/2022-11/msg00059.html>
Link: <https://lists.gnu.org/archive/html/groff/2022-11/msg00063.html>
Link: <https://inbox.sourceware.org/gcc/36da94eb-1cac-5ae8-7fea-ec66160cf413@gmail.com/T/>
Acked-by: Doug McIlroy <douglas.mcilroy@dartmouth.edu>
Cc: "G. Branden Robinson" <g.branden.robinson@gmail.com>
Cc: Ralph Corderoy <ralph@inputplus.co.uk>
Cc: Dave Kemper <saint.snit@gmail.com>
Cc: Larry McVoy <lm@mcvoy.com>
Cc: Andrew Pinski <pinskia@gmail.com>
Cc: Jonathan Wakely <jwakely.gcc@gmail.com>
Cc: Andrew Clayton <andrew@digital-domain.net>
Cc: Martin Uecker <muecker@gwdg.de>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
---

Hi,

I sent v1 to the wrong list.  This time I've made sure to write to
gcc-patches@.

v2 adds some draft of a test, as suggested by Martin.  However, I don't
know yet how to write those, so the test is just a draft.  But I did
test the feature, by compiling GCC and compiling some small program with
it.

Cheers,
Alex


Range-diff against v1:
1:  61ddf1eb816 ! 1:  e40d8f54942 C, ObjC: Add -Wunterminated-string-initialization
    @@ Commit message
         Cc: Andrew Pinski <pinskia@gmail.com>
         Cc: Jonathan Wakely <jwakely.gcc@gmail.com>
         Cc: Andrew Clayton <andrew@digital-domain.net>
    +    Cc: Martin Uecker <muecker@gwdg.de>
         Signed-off-by: Alejandro Colomar <alx@kernel.org>
     
      ## gcc/c-family/c.opt ##
    @@ gcc/c/c-typeck.cc: digest_init (location_t init_loc, tree type, tree init, tree
      	      if (compare_tree_int (TYPE_SIZE_UNIT (type), len) < 0)
      		{
      		  unsigned HOST_WIDE_INT size
    +
    + ## gcc/testsuite/gcc.dg/Wunterminated-string-initialization.c (new) ##
    +@@
    ++/* { dg-do compile } */
    ++/* { dg-options "-Wunterminated-string-initialization" } */
    ++
    ++char a1[] = "a";
    ++char a2[1] = "a";	/* { dg-warning "unterminated char sequence" } */
    ++char a3[2] = "a";

 gcc/c-family/c.opt                                         | 4 ++++
 gcc/c/c-typeck.cc                                          | 6 +++---
 gcc/testsuite/gcc.dg/Wunterminated-string-initialization.c | 6 ++++++
 3 files changed, 13 insertions(+), 3 deletions(-)
 create mode 100644 gcc/testsuite/gcc.dg/Wunterminated-string-initialization.c

diff --git a/gcc/c-family/c.opt b/gcc/c-family/c.opt
index 3333cddeece..7f1fccfe02b 100644
--- a/gcc/c-family/c.opt
+++ b/gcc/c-family/c.opt
@@ -1382,6 +1382,10 @@ Wunsuffixed-float-constants
 C ObjC Var(warn_unsuffixed_float_constants) Warning
 Warn about unsuffixed float constants.
 
+Wunterminated-string-initialization
+C ObjC Var(warn_unterminated_string_initialization) Warning LangEnabledBy(C ObjC,Wextra || Wc++-compat)
+Warn about character arrays initialized as unterminated character sequences by a string literal.
+
 Wunused
 C ObjC C++ ObjC++ LangEnabledBy(C ObjC C++ ObjC++,Wall)
 ; documented in common.opt
diff --git a/gcc/c/c-typeck.cc b/gcc/c/c-typeck.cc
index 45bacc06c47..ce2750f98bb 100644
--- a/gcc/c/c-typeck.cc
+++ b/gcc/c/c-typeck.cc
@@ -8420,11 +8420,11 @@ digest_init (location_t init_loc, tree type, tree init, tree origtype,
 		pedwarn_init (init_loc, 0,
 			      ("initializer-string for array of %qT "
 			       "is too long"), typ1);
-	      else if (warn_cxx_compat
+	      else if (warn_unterminated_string_initialization
 		       && compare_tree_int (TYPE_SIZE_UNIT (type), len) < 0)
-		warning_at (init_loc, OPT_Wc___compat,
+		warning_at (init_loc, OPT_Wunterminated_string_initialization,
 			    ("initializer-string for array of %qT "
-			     "is too long for C++"), typ1);
+			     "is too long"), typ1);
 	      if (compare_tree_int (TYPE_SIZE_UNIT (type), len) < 0)
 		{
 		  unsigned HOST_WIDE_INT size
diff --git a/gcc/testsuite/gcc.dg/Wunterminated-string-initialization.c b/gcc/testsuite/gcc.dg/Wunterminated-string-initialization.c
new file mode 100644
index 00000000000..c6517702d51
--- /dev/null
+++ b/gcc/testsuite/gcc.dg/Wunterminated-string-initialization.c
@@ -0,0 +1,6 @@
+/* { dg-do compile } */
+/* { dg-options "-Wunterminated-string-initialization" } */
+
+char a1[] = "a";
+char a2[1] = "a";	/* { dg-warning "unterminated char sequence" } */
+char a3[2] = "a";
-- 
2.39.2

Re: [PATCH v2] C, ObjC: Add -Wunterminated-string-initialization

[David Malcolm]

On Fri, 2023-03-24 at 14:39 +0100, Alejandro Colomar via Gcc-patches
wrote:
> Warn about the following:
> 
>     char  s[3] = "foo";
> 
> Initializing a char array with a string literal of the same length as
> the size of the array is usually a mistake.  Rarely is the case where
> one wants to create a non-terminated character sequence from a string
> literal.
> 
> In some cases, for writing faster code, one may want to use arrays
> instead of pointers, since that removes the need for storing an array
> of
> pointers apart from the strings themselves.
> 
>     char  *log_levels[]   = { "info", "warning", "err" };
> vs.
>     char  log_levels[][7] = { "info", "warning", "err" };
> 
> This forces the programmer to specify a size, which might change if a
> new entry is later added.  Having no way to enforce null termination
> is
> very dangerous, however, so it is useful to have a warning for this,
> so
> that the compiler can make sure that the programmer didn't make any
> mistakes.  This warning catches the bug above, so that the programmer
> will be able to fix it and write:
> 
>     char  log_levels[][8] = { "info", "warning", "err" };
> 
> This warning already existed as part of -Wc++-compat, but this patch
> allows enabling it separately.  It is also included in -Wextra, since
> it may not always be desired (when unterminated character sequences
> are
> wanted), but it's likely to be desired in most cases.
> 
> Link:
> <https://lists.gnu.org/archive/html/groff/2022-11/msg00059.html>
> Link:
> <https://lists.gnu.org/archive/html/groff/2022-11/msg00063.html>
> Link:
> <https://inbox.sourceware.org/gcc/36da94eb-1cac-5ae8-7fea-ec66160cf41
> 3@gmail.com/T/>
> Acked-by: Doug McIlroy <douglas.mcilroy@dartmouth.edu>
> Cc: "G. Branden Robinson" <g.branden.robinson@gmail.com>
> Cc: Ralph Corderoy <ralph@inputplus.co.uk>
> Cc: Dave Kemper <saint.snit@gmail.com>
> Cc: Larry McVoy <lm@mcvoy.com>
> Cc: Andrew Pinski <pinskia@gmail.com>
> Cc: Jonathan Wakely <jwakely.gcc@gmail.com>
> Cc: Andrew Clayton <andrew@digital-domain.net>
> Cc: Martin Uecker <muecker@gwdg.de>
> Signed-off-by: Alejandro Colomar <alx@kernel.org>
> ---
> 
> Hi,

Hi Alex, thanks for the patch.

> 
> I sent v1 to the wrong list.  This time I've made sure to write to
> gcc-patches@.

Note that right now we're deep in bug-fixing/stabilization for GCC 13
(and trunk is still tracking that effort), so your patch might be more
suitable for GCC 14.

> 
> v2 adds some draft of a test, as suggested by Martin.  However, I
> don't
> know yet how to write those, so the test is just a draft.  But I did
> test the feature, by compiling GCC and compiling some small program
> with
> it.

Unfortunately the answer to the question "how do I run just one
testcase in GCC's testsuite" is rather non-trivial; FWIW I've written
up some notes on working with the GCC testsuite here:
https://gcc-newbies-guide.readthedocs.io/en/latest/working-with-the-testsuite.html

Hope this is helpful
Dave


[...snip...]

Re: [PATCH v2] C, ObjC: Add -Wunterminated-string-initialization

[Alejandro Colomar]

[-- Attachment #1.1: Type: text/plain, Size: 1628 bytes --]

Hi David,

On 3/24/23 15:53, David Malcolm wrote:
> On Fri, 2023-03-24 at 14:39 +0100, Alejandro Colomar via Gcc-patches
> wrote:
>> Warn about the following:
>>
>>     char  s[3] = "foo";
>>
[...]

>> ---
>>
>> Hi,
> 
> Hi Alex, thanks for the patch.

:)

> 
>>
>> I sent v1 to the wrong list.  This time I've made sure to write to
>> gcc-patches@.
> 
> Note that right now we're deep in bug-fixing/stabilization for GCC 13
> (and trunk is still tracking that effort), so your patch might be more
> suitable for GCC 14.

Sure, no problem.  Do you have a "next" branch where you pick patches
for after the release, or should I resend after the release?  Is
discussion of a patch reasonable now, or is it too much distracting
from your stabilization efforts?

> 
>>
>> v2 adds some draft of a test, as suggested by Martin.  However, I
>> don't
>> know yet how to write those, so the test is just a draft.  But I did
>> test the feature, by compiling GCC and compiling some small program
>> with
>> it.
> 
> Unfortunately the answer to the question "how do I run just one
> testcase in GCC's testsuite" is rather non-trivial; FWIW I've written
> up some notes on working with the GCC testsuite here:
> https://gcc-newbies-guide.readthedocs.io/en/latest/working-with-the-testsuite.html

Hmm, I'll try following that; thanks!  Is there anything obvious that
I might have missed, at first glance?

> 
> Hope this is helpful

Yup.  Thanks!

> Dave

Cheers,
Alex

-- 
<http://www.alejandro-colomar.es/>
GPG key fingerprint: A9348594CE31283A826FBDD8D57633D441E25BB5

[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

Re: [PATCH v2] C, ObjC: Add -Wunterminated-string-initialization

[David Malcolm]

On Fri, 2023-03-24 at 18:45 +0100, Alejandro Colomar wrote:
> Hi David,
> 
> On 3/24/23 15:53, David Malcolm wrote:
> > On Fri, 2023-03-24 at 14:39 +0100, Alejandro Colomar via Gcc-
> > patches
> > wrote:
> > > Warn about the following:
> > > 
> > >     char  s[3] = "foo";
> > > 
> [...]
> 
> > > ---
> > > 
> > > Hi,
> > 
> > Hi Alex, thanks for the patch.
> 
> :)
> 
> > 
> > > 
> > > I sent v1 to the wrong list.  This time I've made sure to write
> > > to
> > > gcc-patches@.
> > 
> > Note that right now we're deep in bug-fixing/stabilization for GCC
> > 13
> > (and trunk is still tracking that effort), so your patch might be
> > more
> > suitable for GCC 14.
> 
> Sure, no problem.  Do you have a "next" branch where you pick patches
> for after the release, or should I resend after the release?  

We don't; resending it after release is probably best.

> Is
> discussion of a patch reasonable now, or is it too much distracting
> from your stabilization efforts?

FWIW I'd prefer to postpone the discussion until after we branch for
the release.

> 
> > 
> > > 
> > > v2 adds some draft of a test, as suggested by Martin.  However, I
> > > don't
> > > know yet how to write those, so the test is just a draft.  But I
> > > did
> > > test the feature, by compiling GCC and compiling some small
> > > program
> > > with
> > > it.
> > 
> > Unfortunately the answer to the question "how do I run just one
> > testcase in GCC's testsuite" is rather non-trivial; FWIW I've
> > written
> > up some notes on working with the GCC testsuite here:
> > https://gcc-newbies-guide.readthedocs.io/en/latest/working-with-the-testsuite.html
> 
> Hmm, I'll try following that; thanks!  Is there anything obvious that
> I might have missed, at first glance?

The main thing is that there's a difference between compiling the test
case "by hand", versus doing it through the test harness - the latter
sets up the environment in a particular way, injects a particular set
of flags, etc etc.

Dave

Ping: [PATCH v2] C, ObjC: Add -Wunterminated-string-initialization

[Alejandro Colomar]

[-- Attachment #1.1: Type: text/plain, Size: 2465 bytes --]

Hi David,

On 3/24/23 18:58, David Malcolm wrote:
> On Fri, 2023-03-24 at 18:45 +0100, Alejandro Colomar wrote:
>> Hi David,
>>
>> On 3/24/23 15:53, David Malcolm wrote:
>>> On Fri, 2023-03-24 at 14:39 +0100, Alejandro Colomar via Gcc-
>>> patches
>>> wrote:
>>>> Warn about the following:
>>>>
>>>>     char  s[3] = "foo";
>>>>
>> [...]
>>
>>>> ---
>>>>
>>>> Hi,
>>>
>>> Hi Alex, thanks for the patch.
>>
>> :)
>>
>>>
>>>>
>>>> I sent v1 to the wrong list.  This time I've made sure to write
>>>> to
>>>> gcc-patches@.
>>>
>>> Note that right now we're deep in bug-fixing/stabilization for GCC
>>> 13
>>> (and trunk is still tracking that effort), so your patch might be
>>> more
>>> suitable for GCC 14.
>>
>> Sure, no problem.  Do you have a "next" branch where you pick patches
>> for after the release, or should I resend after the release?  
> 
> We don't; resending it after release is probably best.
> 
>> Is
>> discussion of a patch reasonable now, or is it too much distracting
>> from your stabilization efforts?
> 
> FWIW I'd prefer to postpone the discussion until after we branch for
> the release.

Sure.  AFAIK it's fair game already to propose patches to GCC 14,
right?  Would you please have a look into this?  Thanks!

> 
>>
>>>
>>>>
>>>> v2 adds some draft of a test, as suggested by Martin.  However, I
>>>> don't
>>>> know yet how to write those, so the test is just a draft.  But I
>>>> did
>>>> test the feature, by compiling GCC and compiling some small
>>>> program
>>>> with
>>>> it.
>>>
>>> Unfortunately the answer to the question "how do I run just one
>>> testcase in GCC's testsuite" is rather non-trivial; FWIW I've
>>> written
>>> up some notes on working with the GCC testsuite here:
>>> https://gcc-newbies-guide.readthedocs.io/en/latest/working-with-the-testsuite.html
>>
>> Hmm, I'll try following that; thanks!  Is there anything obvious that
>> I might have missed, at first glance?
> 
> The main thing is that there's a difference between compiling the test
> case "by hand", versus doing it through the test harness - the latter
> sets up the environment in a particular way, injects a particular set
> of flags, etc etc.

I forgot about this; I'll have a look into it when I find some time.

Cheers,
Alex

> 
> Dave
> 

-- 
<http://www.alejandro-colomar.es/>
GPG key fingerprint: A9348594CE31283A826FBDD8D57633D441E25BB5

[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

Re: [PATCH v2] C, ObjC: Add -Wunterminated-string-initialization

[Alejandro Colomar]

[-- Attachment #1: Type: text/plain, Size: 4123 bytes --]

Hi David,

Sorry for the half-year delay!  I have some update.  :)

On Fri, Mar 24, 2023 at 10:53:22AM -0400, David Malcolm wrote:
> On Fri, 2023-03-24 at 14:39 +0100, Alejandro Colomar via Gcc-patches
> wrote:
> > Warn about the following:
> > 
> >     char  s[3] = "foo";
> > 
> > Initializing a char array with a string literal of the same length as
> > the size of the array is usually a mistake.  Rarely is the case where
> > one wants to create a non-terminated character sequence from a string
> > literal.
> > 
> > In some cases, for writing faster code, one may want to use arrays
> > instead of pointers, since that removes the need for storing an array
> > of
> > pointers apart from the strings themselves.
> > 
> >     char  *log_levels[]   = { "info", "warning", "err" };
> > vs.
> >     char  log_levels[][7] = { "info", "warning", "err" };
> > 
> > This forces the programmer to specify a size, which might change if a
> > new entry is later added.  Having no way to enforce null termination
> > is
> > very dangerous, however, so it is useful to have a warning for this,
> > so
> > that the compiler can make sure that the programmer didn't make any
> > mistakes.  This warning catches the bug above, so that the programmer
> > will be able to fix it and write:
> > 
> >     char  log_levels[][8] = { "info", "warning", "err" };
> > 
> > This warning already existed as part of -Wc++-compat, but this patch
> > allows enabling it separately.  It is also included in -Wextra, since
> > it may not always be desired (when unterminated character sequences
> > are
> > wanted), but it's likely to be desired in most cases.
> > 
> > Link:
> > <https://lists.gnu.org/archive/html/groff/2022-11/msg00059.html>
> > Link:
> > <https://lists.gnu.org/archive/html/groff/2022-11/msg00063.html>
> > Link:
> > <https://inbox.sourceware.org/gcc/36da94eb-1cac-5ae8-7fea-ec66160cf41
> > 3@gmail.com/T/>
> > Acked-by: Doug McIlroy <douglas.mcilroy@dartmouth.edu>
> > Cc: "G. Branden Robinson" <g.branden.robinson@gmail.com>
> > Cc: Ralph Corderoy <ralph@inputplus.co.uk>
> > Cc: Dave Kemper <saint.snit@gmail.com>
> > Cc: Larry McVoy <lm@mcvoy.com>
> > Cc: Andrew Pinski <pinskia@gmail.com>
> > Cc: Jonathan Wakely <jwakely.gcc@gmail.com>
> > Cc: Andrew Clayton <andrew@digital-domain.net>
> > Cc: Martin Uecker <muecker@gwdg.de>
> > Signed-off-by: Alejandro Colomar <alx@kernel.org>
> > ---
> > 
> > Hi,
> 
> Hi Alex, thanks for the patch.
> 
> > 
> > I sent v1 to the wrong list.  This time I've made sure to write to
> > gcc-patches@.
> 
> Note that right now we're deep in bug-fixing/stabilization for GCC 13
> (and trunk is still tracking that effort), so your patch might be more
> suitable for GCC 14.
> 
> > 
> > v2 adds some draft of a test, as suggested by Martin.  However, I
> > don't
> > know yet how to write those, so the test is just a draft.  But I did
> > test the feature, by compiling GCC and compiling some small program
> > with
> > it.
> 
> Unfortunately the answer to the question "how do I run just one
> testcase in GCC's testsuite" is rather non-trivial; FWIW I've written
> up some notes on working with the GCC testsuite here:
> https://gcc-newbies-guide.readthedocs.io/en/latest/working-with-the-testsuite.html
> 
> Hope this is helpful
> Dave
> 
> 
> [...snip...]
> 

I ran the tests, and get some unexpected failure.  I used dg-warning,
but maybe I used it wrong?  Here's the output:

```
output is:
/home/alx/src/gnu/gcc/wustr/gcc/testsuite/gcc.dg/Wunterminated-string-initialization.c:5:14: warning: initializer-string for array of 'char' is too long [-Wunterminated-string-initi
alization]

FAIL: gcc.dg/Wunterminated-string-initialization.c  (test for warnings, line 5)
```

And here's the test:

```
/* { dg-do compile } */
/* { dg-options "-Wunterminated-string-initialization" } */

char a1[] = "a";
char a2[1] = "a";	/* { dg-warning "unterminated char sequence" } */
char a3[2] = "a";
```

Why isn't it expecting the warning?

Thanks,
Alex

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

Re: [PATCH v2] C, ObjC: Add -Wunterminated-string-initialization

[Martin Uecker]

(I shortened the recipient list)

Am Sonntag, dem 01.10.2023 um 02:55 +0200 schrieb Alejandro Colomar:

> > 
...
> I ran the tests, and get some unexpected failure.  I used dg-warning,
> but maybe I used it wrong?  Here's the output:
> 
> ```
> output is:
> /home/alx/src/gnu/gcc/wustr/gcc/testsuite/gcc.dg/Wunterminated-string-initialization.c:5:14: warning: initializer-string for array of 'char' is too long [-Wunterminated-string-initi
> alization]
> 
> FAIL: gcc.dg/Wunterminated-string-initialization.c  (test for warnings, line 5)
> ```
> 
> And here's the test:
> 
> ```
> /* { dg-do compile } */
> /* { dg-options "-Wunterminated-string-initialization" } */
> 
> char a1[] = "a";
> char a2[1] = "a";	/* { dg-warning "unterminated char sequence" } */
> char a3[2] = "a";
> ```
> 
> Why isn't it expecting the warning?

Because the text does not match the actual output above?
You should see an additional FAIL for an excess warning.

Martin

Re: [PATCH v2] C, ObjC: Add -Wunterminated-string-initialization

[Alejandro Colomar]

[-- Attachment #1: Type: text/plain, Size: 1662 bytes --]

On Sun, Oct 01, 2023 at 09:37:59AM +0200, Martin Uecker wrote:
> 
> (I shortened the recipient list)
> 
> Am Sonntag, dem 01.10.2023 um 02:55 +0200 schrieb Alejandro Colomar:
> 
> > > 
> ...
> > I ran the tests, and get some unexpected failure.  I used dg-warning,
> > but maybe I used it wrong?  Here's the output:
> > 
> > ```
> > output is:
> > /home/alx/src/gnu/gcc/wustr/gcc/testsuite/gcc.dg/Wunterminated-string-initialization.c:5:14: warning: initializer-string for array of 'char' is too long [-Wunterminated-string-initi
> > alization]
> > 
> > FAIL: gcc.dg/Wunterminated-string-initialization.c  (test for warnings, line 5)
> > ```
> > 
> > And here's the test:
> > 
> > ```
> > /* { dg-do compile } */
> > /* { dg-options "-Wunterminated-string-initialization" } */
> > 
> > char a1[] = "a";
> > char a2[1] = "a";	/* { dg-warning "unterminated char sequence" } */
> > char a3[2] = "a";
> > ```
> > 
> > Why isn't it expecting the warning?
> 
> Because the text does not match the actual output above?

Makes sense.

Here's the output after a fix (which I'll send soon as a new revision):

```
output is:
/home/alx/src/gnu/gcc/wustr/gcc/testsuite/gcc.dg/Wunterminated-string-initialization.c:5:14: warning: initializer-string for array of 'char' is too long [-Wunterminated-string-initialization]

```
and

```
                === gcc Summary ===

# of expected passes            2
```

The only thing that concerns me a little bit is that I don't see any
PASS (or XFAIL).

> You should see an additional FAIL for an excess warning.

Yep, I did.

Cheers,
Alex

> 
> Martin
> 
> 
> 
> 

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

[PATCH v3] C, ObjC: Add -Wunterminated-string-initialization

[Alejandro Colomar]

From: Alejandro Colomar <alx.manpages@gmail.com>

Warn about the following:

    char  s[3] = "foo";

Initializing a char array with a string literal of the same length as
the size of the array is usually a mistake.  Rarely is the case where
one wants to create a non-terminated character sequence from a string
literal.

In some cases, for writing faster code, one may want to use arrays
instead of pointers, since that removes the need for storing an array of
pointers apart from the strings themselves.

    char  *log_levels[]   = { "info", "warning", "err" };
vs.
    char  log_levels[][7] = { "info", "warning", "err" };

This forces the programmer to specify a size, which might change if a
new entry is later added.  Having no way to enforce null termination is
very dangerous, however, so it is useful to have a warning for this, so
that the compiler can make sure that the programmer didn't make any
mistakes.  This warning catches the bug above, so that the programmer
will be able to fix it and write:

    char  log_levels[][8] = { "info", "warning", "err" };

This warning already existed as part of -Wc++-compat, but this patch
allows enabling it separately.  It is also included in -Wextra, since
it may not always be desired (when unterminated character sequences are
wanted), but it's likely to be desired in most cases.

Link: <https://lists.gnu.org/archive/html/groff/2022-11/msg00059.html>
Link: <https://lists.gnu.org/archive/html/groff/2022-11/msg00063.html>
Link: <https://inbox.sourceware.org/gcc/36da94eb-1cac-5ae8-7fea-ec66160cf413@gmail.com/T/>
Acked-by: Doug McIlroy <douglas.mcilroy@dartmouth.edu>
Cc: "G. Branden Robinson" <g.branden.robinson@gmail.com>
Cc: Ralph Corderoy <ralph@inputplus.co.uk>
Cc: Dave Kemper <saint.snit@gmail.com>
Cc: Larry McVoy <lm@mcvoy.com>
Cc: Andrew Pinski <pinskia@gmail.com>
Cc: Jonathan Wakely <jwakely.gcc@gmail.com>
Cc: Andrew Clayton <andrew@digital-domain.net>
Cc: Martin Uecker <muecker@gwdg.de>
Cc: David Malcolm <dmalcolm@redhat.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
---

v3:

-  Fix dg-warning message in the testsuite.

 gcc/c-family/c.opt                                         | 4 ++++
 gcc/c/c-typeck.cc                                          | 6 +++---
 gcc/testsuite/gcc.dg/Wunterminated-string-initialization.c | 6 ++++++
 3 files changed, 13 insertions(+), 3 deletions(-)
 create mode 100644 gcc/testsuite/gcc.dg/Wunterminated-string-initialization.c

diff --git a/gcc/c-family/c.opt b/gcc/c-family/c.opt
index 44b9c862c14..e8f6b836836 100644
--- a/gcc/c-family/c.opt
+++ b/gcc/c-family/c.opt
@@ -1407,6 +1407,10 @@ Wunsuffixed-float-constants
 C ObjC Var(warn_unsuffixed_float_constants) Warning
 Warn about unsuffixed float constants.
 
+Wunterminated-string-initialization
+C ObjC Var(warn_unterminated_string_initialization) Warning LangEnabledBy(C ObjC,Wextra || Wc++-compat)
+Warn about character arrays initialized as unterminated character sequences by a string literal.
+
 Wunused
 C ObjC C++ ObjC++ LangEnabledBy(C ObjC C++ ObjC++,Wall)
 ; documented in common.opt
diff --git a/gcc/c/c-typeck.cc b/gcc/c/c-typeck.cc
index e55e887da14..7df9de819ed 100644
--- a/gcc/c/c-typeck.cc
+++ b/gcc/c/c-typeck.cc
@@ -8399,11 +8399,11 @@ digest_init (location_t init_loc, tree type, tree init, tree origtype,
 		pedwarn_init (init_loc, 0,
 			      ("initializer-string for array of %qT "
 			       "is too long"), typ1);
-	      else if (warn_cxx_compat
+	      else if (warn_unterminated_string_initialization
 		       && compare_tree_int (TYPE_SIZE_UNIT (type), len) < 0)
-		warning_at (init_loc, OPT_Wc___compat,
+		warning_at (init_loc, OPT_Wunterminated_string_initialization,
 			    ("initializer-string for array of %qT "
-			     "is too long for C++"), typ1);
+			     "is too long"), typ1);
 	      if (compare_tree_int (TYPE_SIZE_UNIT (type), len) < 0)
 		{
 		  unsigned HOST_WIDE_INT size
diff --git a/gcc/testsuite/gcc.dg/Wunterminated-string-initialization.c b/gcc/testsuite/gcc.dg/Wunterminated-string-initialization.c
new file mode 100644
index 00000000000..13d5dbc6640
--- /dev/null
+++ b/gcc/testsuite/gcc.dg/Wunterminated-string-initialization.c
@@ -0,0 +1,6 @@
+/* { dg-do compile } */
+/* { dg-options "-Wunterminated-string-initialization" } */
+
+char a1[] = "a";
+char a2[1] = "a";	/* { dg-warning "initializer-string for array of 'char' is too long" } */
+char a3[2] = "a";
-- 
2.40.1

[PATCH v4] C, ObjC: Add -Wunterminated-string-initialization

[Alejandro Colomar]

Warn about the following:

    char  s[3] = "foo";

Initializing a char array with a string literal of the same length as
the size of the array is usually a mistake.  Rarely is the case where
one wants to create a non-terminated character sequence from a string
literal.

In some cases, for writing faster code, one may want to use arrays
instead of pointers, since that removes the need for storing an array of
pointers apart from the strings themselves.

    char  *log_levels[]   = { "info", "warning", "err" };
vs.
    char  log_levels[][7] = { "info", "warning", "err" };

This forces the programmer to specify a size, which might change if a
new entry is later added.  Having no way to enforce null termination is
very dangerous, however, so it is useful to have a warning for this, so
that the compiler can make sure that the programmer didn't make any
mistakes.  This warning catches the bug above, so that the programmer
will be able to fix it and write:

    char  log_levels[][8] = { "info", "warning", "err" };

This warning already existed as part of -Wc++-compat, but this patch
allows enabling it separately.  It is also included in -Wextra, since
it may not always be desired (when unterminated character sequences are
wanted), but it's likely to be desired in most cases.

Link: <https://lists.gnu.org/archive/html/groff/2022-11/msg00059.html>
Link: <https://lists.gnu.org/archive/html/groff/2022-11/msg00063.html>
Link: <https://inbox.sourceware.org/gcc/36da94eb-1cac-5ae8-7fea-ec66160cf413@gmail.com/T/>
Acked-by: Doug McIlroy <douglas.mcilroy@dartmouth.edu>
Cc: "G. Branden Robinson" <g.branden.robinson@gmail.com>
Cc: Ralph Corderoy <ralph@inputplus.co.uk>
Cc: Dave Kemper <saint.snit@gmail.com>
Cc: Larry McVoy <lm@mcvoy.com>
Cc: Andrew Pinski <pinskia@gmail.com>
Cc: Jonathan Wakely <jwakely.gcc@gmail.com>
Cc: Andrew Clayton <andrew@digital-domain.net>
Cc: Martin Uecker <muecker@gwdg.de>
Cc: David Malcolm <dmalcolm@redhat.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
---

v4:

-  Fix From: address

 gcc/c-family/c.opt                                         | 4 ++++
 gcc/c/c-typeck.cc                                          | 6 +++---
 gcc/testsuite/gcc.dg/Wunterminated-string-initialization.c | 6 ++++++
 3 files changed, 13 insertions(+), 3 deletions(-)
 create mode 100644 gcc/testsuite/gcc.dg/Wunterminated-string-initialization.c

diff --git a/gcc/c-family/c.opt b/gcc/c-family/c.opt
index 44b9c862c14..e8f6b836836 100644
--- a/gcc/c-family/c.opt
+++ b/gcc/c-family/c.opt
@@ -1407,6 +1407,10 @@ Wunsuffixed-float-constants
 C ObjC Var(warn_unsuffixed_float_constants) Warning
 Warn about unsuffixed float constants.
 
+Wunterminated-string-initialization
+C ObjC Var(warn_unterminated_string_initialization) Warning LangEnabledBy(C ObjC,Wextra || Wc++-compat)
+Warn about character arrays initialized as unterminated character sequences by a string literal.
+
 Wunused
 C ObjC C++ ObjC++ LangEnabledBy(C ObjC C++ ObjC++,Wall)
 ; documented in common.opt
diff --git a/gcc/c/c-typeck.cc b/gcc/c/c-typeck.cc
index e55e887da14..7df9de819ed 100644
--- a/gcc/c/c-typeck.cc
+++ b/gcc/c/c-typeck.cc
@@ -8399,11 +8399,11 @@ digest_init (location_t init_loc, tree type, tree init, tree origtype,
 		pedwarn_init (init_loc, 0,
 			      ("initializer-string for array of %qT "
 			       "is too long"), typ1);
-	      else if (warn_cxx_compat
+	      else if (warn_unterminated_string_initialization
 		       && compare_tree_int (TYPE_SIZE_UNIT (type), len) < 0)
-		warning_at (init_loc, OPT_Wc___compat,
+		warning_at (init_loc, OPT_Wunterminated_string_initialization,
 			    ("initializer-string for array of %qT "
-			     "is too long for C++"), typ1);
+			     "is too long"), typ1);
 	      if (compare_tree_int (TYPE_SIZE_UNIT (type), len) < 0)
 		{
 		  unsigned HOST_WIDE_INT size
diff --git a/gcc/testsuite/gcc.dg/Wunterminated-string-initialization.c b/gcc/testsuite/gcc.dg/Wunterminated-string-initialization.c
new file mode 100644
index 00000000000..13d5dbc6640
--- /dev/null
+++ b/gcc/testsuite/gcc.dg/Wunterminated-string-initialization.c
@@ -0,0 +1,6 @@
+/* { dg-do compile } */
+/* { dg-options "-Wunterminated-string-initialization" } */
+
+char a1[] = "a";
+char a2[1] = "a";	/* { dg-warning "initializer-string for array of 'char' is too long" } */
+char a3[2] = "a";
-- 
2.40.1

[PATCH v5] C, ObjC: Add -Wunterminated-string-initialization

[Alejandro Colomar]

Warn about the following:

    char  s[3] = "foo";

Initializing a char array with a string literal of the same length as
the size of the array is usually a mistake.  Rarely is the case where
one wants to create a non-terminated character sequence from a string
literal.

In some cases, for writing faster code, one may want to use arrays
instead of pointers, since that removes the need for storing an array of
pointers apart from the strings themselves.

    char  *log_levels[]   = { "info", "warning", "err" };
vs.
    char  log_levels[][7] = { "info", "warning", "err" };

This forces the programmer to specify a size, which might change if a
new entry is later added.  Having no way to enforce null termination is
very dangerous, however, so it is useful to have a warning for this, so
that the compiler can make sure that the programmer didn't make any
mistakes.  This warning catches the bug above, so that the programmer
will be able to fix it and write:

    char  log_levels[][8] = { "info", "warning", "err" };

This warning already existed as part of -Wc++-compat, but this patch
allows enabling it separately.  It is also included in -Wextra, since
it may not always be desired (when unterminated character sequences are
wanted), but it's likely to be desired in most cases.

Since Wc++-compat now includes this warning, the test has to be modified
to expect the text of the new warning too, in <gcc.dg/Wcxx-compat-14.c>.

Link: <https://lists.gnu.org/archive/html/groff/2022-11/msg00059.html>
Link: <https://lists.gnu.org/archive/html/groff/2022-11/msg00063.html>
Link: <https://inbox.sourceware.org/gcc/36da94eb-1cac-5ae8-7fea-ec66160cf413@gmail.com/T/>
Acked-by: Doug McIlroy <douglas.mcilroy@dartmouth.edu>
Cc: "G. Branden Robinson" <g.branden.robinson@gmail.com>
Cc: Ralph Corderoy <ralph@inputplus.co.uk>
Cc: Dave Kemper <saint.snit@gmail.com>
Cc: Larry McVoy <lm@mcvoy.com>
Cc: Andrew Pinski <pinskia@gmail.com>
Cc: Jonathan Wakely <jwakely.gcc@gmail.com>
Cc: Andrew Clayton <andrew@digital-domain.net>
Cc: Martin Uecker <muecker@gwdg.de>
Cc: David Malcolm <dmalcolm@redhat.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
---

v5:

-  Fix existing C++-compat tests.  [reported by <ci_notify@linaro.org>]


 gcc/c-family/c.opt                                         | 4 ++++
 gcc/c/c-typeck.cc                                          | 6 +++---
 gcc/testsuite/gcc.dg/Wcxx-compat-14.c                      | 2 +-
 gcc/testsuite/gcc.dg/Wunterminated-string-initialization.c | 6 ++++++
 4 files changed, 14 insertions(+), 4 deletions(-)
 create mode 100644 gcc/testsuite/gcc.dg/Wunterminated-string-initialization.c

diff --git a/gcc/c-family/c.opt b/gcc/c-family/c.opt
index 44b9c862c14..e8f6b836836 100644
--- a/gcc/c-family/c.opt
+++ b/gcc/c-family/c.opt
@@ -1407,6 +1407,10 @@ Wunsuffixed-float-constants
 C ObjC Var(warn_unsuffixed_float_constants) Warning
 Warn about unsuffixed float constants.
 
+Wunterminated-string-initialization
+C ObjC Var(warn_unterminated_string_initialization) Warning LangEnabledBy(C ObjC,Wextra || Wc++-compat)
+Warn about character arrays initialized as unterminated character sequences by a string literal.
+
 Wunused
 C ObjC C++ ObjC++ LangEnabledBy(C ObjC C++ ObjC++,Wall)
 ; documented in common.opt
diff --git a/gcc/c/c-typeck.cc b/gcc/c/c-typeck.cc
index e55e887da14..7df9de819ed 100644
--- a/gcc/c/c-typeck.cc
+++ b/gcc/c/c-typeck.cc
@@ -8399,11 +8399,11 @@ digest_init (location_t init_loc, tree type, tree init, tree origtype,
 		pedwarn_init (init_loc, 0,
 			      ("initializer-string for array of %qT "
 			       "is too long"), typ1);
-	      else if (warn_cxx_compat
+	      else if (warn_unterminated_string_initialization
 		       && compare_tree_int (TYPE_SIZE_UNIT (type), len) < 0)
-		warning_at (init_loc, OPT_Wc___compat,
+		warning_at (init_loc, OPT_Wunterminated_string_initialization,
 			    ("initializer-string for array of %qT "
-			     "is too long for C++"), typ1);
+			     "is too long"), typ1);
 	      if (compare_tree_int (TYPE_SIZE_UNIT (type), len) < 0)
 		{
 		  unsigned HOST_WIDE_INT size
diff --git a/gcc/testsuite/gcc.dg/Wcxx-compat-14.c b/gcc/testsuite/gcc.dg/Wcxx-compat-14.c
index 23783711be6..6df0ee197cc 100644
--- a/gcc/testsuite/gcc.dg/Wcxx-compat-14.c
+++ b/gcc/testsuite/gcc.dg/Wcxx-compat-14.c
@@ -2,5 +2,5 @@
 /* { dg-options "-Wc++-compat" } */
 
 char a1[] = "a";
-char a2[1] = "a";	/* { dg-warning "C\[+\]\[+\]" } */
+char a2[1] = "a";	/* { dg-warning "initializer-string for array of 'char' is too long" } */
 char a3[2] = "a";
diff --git a/gcc/testsuite/gcc.dg/Wunterminated-string-initialization.c b/gcc/testsuite/gcc.dg/Wunterminated-string-initialization.c
new file mode 100644
index 00000000000..13d5dbc6640
--- /dev/null
+++ b/gcc/testsuite/gcc.dg/Wunterminated-string-initialization.c
@@ -0,0 +1,6 @@
+/* { dg-do compile } */
+/* { dg-options "-Wunterminated-string-initialization" } */
+
+char a1[] = "a";
+char a2[1] = "a";	/* { dg-warning "initializer-string for array of 'char' is too long" } */
+char a3[2] = "a";
-- 
2.40.1

Ping: [PATCH v5] C, ObjC: Add -Wunterminated-string-initialization

[Alejandro Colomar]

[-- Attachment #1: Type: text/plain, Size: 5584 bytes --]

Hi,

Gentle ping here.

Thanks,
Alex

On Sun, Oct 01, 2023 at 06:24:00PM +0200, Alejandro Colomar wrote:
> Warn about the following:
> 
>     char  s[3] = "foo";
> 
> Initializing a char array with a string literal of the same length as
> the size of the array is usually a mistake.  Rarely is the case where
> one wants to create a non-terminated character sequence from a string
> literal.
> 
> In some cases, for writing faster code, one may want to use arrays
> instead of pointers, since that removes the need for storing an array of
> pointers apart from the strings themselves.
> 
>     char  *log_levels[]   = { "info", "warning", "err" };
> vs.
>     char  log_levels[][7] = { "info", "warning", "err" };
> 
> This forces the programmer to specify a size, which might change if a
> new entry is later added.  Having no way to enforce null termination is
> very dangerous, however, so it is useful to have a warning for this, so
> that the compiler can make sure that the programmer didn't make any
> mistakes.  This warning catches the bug above, so that the programmer
> will be able to fix it and write:
> 
>     char  log_levels[][8] = { "info", "warning", "err" };
> 
> This warning already existed as part of -Wc++-compat, but this patch
> allows enabling it separately.  It is also included in -Wextra, since
> it may not always be desired (when unterminated character sequences are
> wanted), but it's likely to be desired in most cases.
> 
> Since Wc++-compat now includes this warning, the test has to be modified
> to expect the text of the new warning too, in <gcc.dg/Wcxx-compat-14.c>.
> 
> Link: <https://lists.gnu.org/archive/html/groff/2022-11/msg00059.html>
> Link: <https://lists.gnu.org/archive/html/groff/2022-11/msg00063.html>
> Link: <https://inbox.sourceware.org/gcc/36da94eb-1cac-5ae8-7fea-ec66160cf413@gmail.com/T/>
> Acked-by: Doug McIlroy <douglas.mcilroy@dartmouth.edu>
> Cc: "G. Branden Robinson" <g.branden.robinson@gmail.com>
> Cc: Ralph Corderoy <ralph@inputplus.co.uk>
> Cc: Dave Kemper <saint.snit@gmail.com>
> Cc: Larry McVoy <lm@mcvoy.com>
> Cc: Andrew Pinski <pinskia@gmail.com>
> Cc: Jonathan Wakely <jwakely.gcc@gmail.com>
> Cc: Andrew Clayton <andrew@digital-domain.net>
> Cc: Martin Uecker <muecker@gwdg.de>
> Cc: David Malcolm <dmalcolm@redhat.com>
> Signed-off-by: Alejandro Colomar <alx@kernel.org>
> ---
> 
> v5:
> 
> -  Fix existing C++-compat tests.  [reported by <ci_notify@linaro.org>]
> 
> 
>  gcc/c-family/c.opt                                         | 4 ++++
>  gcc/c/c-typeck.cc                                          | 6 +++---
>  gcc/testsuite/gcc.dg/Wcxx-compat-14.c                      | 2 +-
>  gcc/testsuite/gcc.dg/Wunterminated-string-initialization.c | 6 ++++++
>  4 files changed, 14 insertions(+), 4 deletions(-)
>  create mode 100644 gcc/testsuite/gcc.dg/Wunterminated-string-initialization.c
> 
> diff --git a/gcc/c-family/c.opt b/gcc/c-family/c.opt
> index 44b9c862c14..e8f6b836836 100644
> --- a/gcc/c-family/c.opt
> +++ b/gcc/c-family/c.opt
> @@ -1407,6 +1407,10 @@ Wunsuffixed-float-constants
>  C ObjC Var(warn_unsuffixed_float_constants) Warning
>  Warn about unsuffixed float constants.
>  
> +Wunterminated-string-initialization
> +C ObjC Var(warn_unterminated_string_initialization) Warning LangEnabledBy(C ObjC,Wextra || Wc++-compat)
> +Warn about character arrays initialized as unterminated character sequences by a string literal.
> +
>  Wunused
>  C ObjC C++ ObjC++ LangEnabledBy(C ObjC C++ ObjC++,Wall)
>  ; documented in common.opt
> diff --git a/gcc/c/c-typeck.cc b/gcc/c/c-typeck.cc
> index e55e887da14..7df9de819ed 100644
> --- a/gcc/c/c-typeck.cc
> +++ b/gcc/c/c-typeck.cc
> @@ -8399,11 +8399,11 @@ digest_init (location_t init_loc, tree type, tree init, tree origtype,
>  		pedwarn_init (init_loc, 0,
>  			      ("initializer-string for array of %qT "
>  			       "is too long"), typ1);
> -	      else if (warn_cxx_compat
> +	      else if (warn_unterminated_string_initialization
>  		       && compare_tree_int (TYPE_SIZE_UNIT (type), len) < 0)
> -		warning_at (init_loc, OPT_Wc___compat,
> +		warning_at (init_loc, OPT_Wunterminated_string_initialization,
>  			    ("initializer-string for array of %qT "
> -			     "is too long for C++"), typ1);
> +			     "is too long"), typ1);
>  	      if (compare_tree_int (TYPE_SIZE_UNIT (type), len) < 0)
>  		{
>  		  unsigned HOST_WIDE_INT size
> diff --git a/gcc/testsuite/gcc.dg/Wcxx-compat-14.c b/gcc/testsuite/gcc.dg/Wcxx-compat-14.c
> index 23783711be6..6df0ee197cc 100644
> --- a/gcc/testsuite/gcc.dg/Wcxx-compat-14.c
> +++ b/gcc/testsuite/gcc.dg/Wcxx-compat-14.c
> @@ -2,5 +2,5 @@
>  /* { dg-options "-Wc++-compat" } */
>  
>  char a1[] = "a";
> -char a2[1] = "a";	/* { dg-warning "C\[+\]\[+\]" } */
> +char a2[1] = "a";	/* { dg-warning "initializer-string for array of 'char' is too long" } */
>  char a3[2] = "a";
> diff --git a/gcc/testsuite/gcc.dg/Wunterminated-string-initialization.c b/gcc/testsuite/gcc.dg/Wunterminated-string-initialization.c
> new file mode 100644
> index 00000000000..13d5dbc6640
> --- /dev/null
> +++ b/gcc/testsuite/gcc.dg/Wunterminated-string-initialization.c
> @@ -0,0 +1,6 @@
> +/* { dg-do compile } */
> +/* { dg-options "-Wunterminated-string-initialization" } */
> +
> +char a1[] = "a";
> +char a2[1] = "a";	/* { dg-warning "initializer-string for array of 'char' is too long" } */
> +char a3[2] = "a";
> -- 
> 2.40.1
> 

-- 
<https://www.alejandro-colomar.es/>

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

Re: [PATCH v5] C, ObjC: Add -Wunterminated-string-initialization

[Alejandro Colomar]

[-- Attachment #1: Type: text/plain, Size: 5701 bytes --]

Hi,

Gentle ping, just again a little before v14 stage 3.

Do I need to do anything else with this patch?  The CI seemed to say
it's ok.

Cheers,
Alex

On Sun, Oct 01, 2023 at 06:24:00PM +0200, Alejandro Colomar wrote:
> Warn about the following:
> 
>     char  s[3] = "foo";
> 
> Initializing a char array with a string literal of the same length as
> the size of the array is usually a mistake.  Rarely is the case where
> one wants to create a non-terminated character sequence from a string
> literal.
> 
> In some cases, for writing faster code, one may want to use arrays
> instead of pointers, since that removes the need for storing an array of
> pointers apart from the strings themselves.
> 
>     char  *log_levels[]   = { "info", "warning", "err" };
> vs.
>     char  log_levels[][7] = { "info", "warning", "err" };
> 
> This forces the programmer to specify a size, which might change if a
> new entry is later added.  Having no way to enforce null termination is
> very dangerous, however, so it is useful to have a warning for this, so
> that the compiler can make sure that the programmer didn't make any
> mistakes.  This warning catches the bug above, so that the programmer
> will be able to fix it and write:
> 
>     char  log_levels[][8] = { "info", "warning", "err" };
> 
> This warning already existed as part of -Wc++-compat, but this patch
> allows enabling it separately.  It is also included in -Wextra, since
> it may not always be desired (when unterminated character sequences are
> wanted), but it's likely to be desired in most cases.
> 
> Since Wc++-compat now includes this warning, the test has to be modified
> to expect the text of the new warning too, in <gcc.dg/Wcxx-compat-14.c>.
> 
> Link: <https://lists.gnu.org/archive/html/groff/2022-11/msg00059.html>
> Link: <https://lists.gnu.org/archive/html/groff/2022-11/msg00063.html>
> Link: <https://inbox.sourceware.org/gcc/36da94eb-1cac-5ae8-7fea-ec66160cf413@gmail.com/T/>
> Acked-by: Doug McIlroy <douglas.mcilroy@dartmouth.edu>
> Cc: "G. Branden Robinson" <g.branden.robinson@gmail.com>
> Cc: Ralph Corderoy <ralph@inputplus.co.uk>
> Cc: Dave Kemper <saint.snit@gmail.com>
> Cc: Larry McVoy <lm@mcvoy.com>
> Cc: Andrew Pinski <pinskia@gmail.com>
> Cc: Jonathan Wakely <jwakely.gcc@gmail.com>
> Cc: Andrew Clayton <andrew@digital-domain.net>
> Cc: Martin Uecker <muecker@gwdg.de>
> Cc: David Malcolm <dmalcolm@redhat.com>
> Signed-off-by: Alejandro Colomar <alx@kernel.org>
> ---
> 
> v5:
> 
> -  Fix existing C++-compat tests.  [reported by <ci_notify@linaro.org>]
> 
> 
>  gcc/c-family/c.opt                                         | 4 ++++
>  gcc/c/c-typeck.cc                                          | 6 +++---
>  gcc/testsuite/gcc.dg/Wcxx-compat-14.c                      | 2 +-
>  gcc/testsuite/gcc.dg/Wunterminated-string-initialization.c | 6 ++++++
>  4 files changed, 14 insertions(+), 4 deletions(-)
>  create mode 100644 gcc/testsuite/gcc.dg/Wunterminated-string-initialization.c
> 
> diff --git a/gcc/c-family/c.opt b/gcc/c-family/c.opt
> index 44b9c862c14..e8f6b836836 100644
> --- a/gcc/c-family/c.opt
> +++ b/gcc/c-family/c.opt
> @@ -1407,6 +1407,10 @@ Wunsuffixed-float-constants
>  C ObjC Var(warn_unsuffixed_float_constants) Warning
>  Warn about unsuffixed float constants.
>  
> +Wunterminated-string-initialization
> +C ObjC Var(warn_unterminated_string_initialization) Warning LangEnabledBy(C ObjC,Wextra || Wc++-compat)
> +Warn about character arrays initialized as unterminated character sequences by a string literal.
> +
>  Wunused
>  C ObjC C++ ObjC++ LangEnabledBy(C ObjC C++ ObjC++,Wall)
>  ; documented in common.opt
> diff --git a/gcc/c/c-typeck.cc b/gcc/c/c-typeck.cc
> index e55e887da14..7df9de819ed 100644
> --- a/gcc/c/c-typeck.cc
> +++ b/gcc/c/c-typeck.cc
> @@ -8399,11 +8399,11 @@ digest_init (location_t init_loc, tree type, tree init, tree origtype,
>  		pedwarn_init (init_loc, 0,
>  			      ("initializer-string for array of %qT "
>  			       "is too long"), typ1);
> -	      else if (warn_cxx_compat
> +	      else if (warn_unterminated_string_initialization
>  		       && compare_tree_int (TYPE_SIZE_UNIT (type), len) < 0)
> -		warning_at (init_loc, OPT_Wc___compat,
> +		warning_at (init_loc, OPT_Wunterminated_string_initialization,
>  			    ("initializer-string for array of %qT "
> -			     "is too long for C++"), typ1);
> +			     "is too long"), typ1);
>  	      if (compare_tree_int (TYPE_SIZE_UNIT (type), len) < 0)
>  		{
>  		  unsigned HOST_WIDE_INT size
> diff --git a/gcc/testsuite/gcc.dg/Wcxx-compat-14.c b/gcc/testsuite/gcc.dg/Wcxx-compat-14.c
> index 23783711be6..6df0ee197cc 100644
> --- a/gcc/testsuite/gcc.dg/Wcxx-compat-14.c
> +++ b/gcc/testsuite/gcc.dg/Wcxx-compat-14.c
> @@ -2,5 +2,5 @@
>  /* { dg-options "-Wc++-compat" } */
>  
>  char a1[] = "a";
> -char a2[1] = "a";	/* { dg-warning "C\[+\]\[+\]" } */
> +char a2[1] = "a";	/* { dg-warning "initializer-string for array of 'char' is too long" } */
>  char a3[2] = "a";
> diff --git a/gcc/testsuite/gcc.dg/Wunterminated-string-initialization.c b/gcc/testsuite/gcc.dg/Wunterminated-string-initialization.c
> new file mode 100644
> index 00000000000..13d5dbc6640
> --- /dev/null
> +++ b/gcc/testsuite/gcc.dg/Wunterminated-string-initialization.c
> @@ -0,0 +1,6 @@
> +/* { dg-do compile } */
> +/* { dg-options "-Wunterminated-string-initialization" } */
> +
> +char a1[] = "a";
> +char a2[1] = "a";	/* { dg-warning "initializer-string for array of 'char' is too long" } */
> +char a3[2] = "a";
> -- 
> 2.40.1
> 

-- 
<https://www.alejandro-colomar.es/>

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

[PATCH v5 RESEND] C, ObjC: Add -Wunterminated-string-initialization

[Alejandro Colomar]

[-- Attachment #1: Type: text/plain, Size: 5183 bytes --]

Warn about the following:

    char  s[3] = "foo";

Initializing a char array with a string literal of the same length as
the size of the array is usually a mistake.  Rarely is the case where
one wants to create a non-terminated character sequence from a string
literal.

In some cases, for writing faster code, one may want to use arrays
instead of pointers, since that removes the need for storing an array of
pointers apart from the strings themselves.

    char  *log_levels[]   = { "info", "warning", "err" };
vs.
    char  log_levels[][7] = { "info", "warning", "err" };

This forces the programmer to specify a size, which might change if a
new entry is later added.  Having no way to enforce null termination is
very dangerous, however, so it is useful to have a warning for this, so
that the compiler can make sure that the programmer didn't make any
mistakes.  This warning catches the bug above, so that the programmer
will be able to fix it and write:

    char  log_levels[][8] = { "info", "warning", "err" };

This warning already existed as part of -Wc++-compat, but this patch
allows enabling it separately.  It is also included in -Wextra, since
it may not always be desired (when unterminated character sequences are
wanted), but it's likely to be desired in most cases.

Since Wc++-compat now includes this warning, the test has to be modified
to expect the text of the new warning too, in <gcc.dg/Wcxx-compat-14.c>.

Link: <https://lists.gnu.org/archive/html/groff/2022-11/msg00059.html>
Link: <https://lists.gnu.org/archive/html/groff/2022-11/msg00063.html>
Link: <https://inbox.sourceware.org/gcc/36da94eb-1cac-5ae8-7fea-ec66160cf413@gmail.com/T/>
Acked-by: Doug McIlroy <douglas.mcilroy@dartmouth.edu>
Cc: "G. Branden Robinson" <g.branden.robinson@gmail.com>
Cc: Ralph Corderoy <ralph@inputplus.co.uk>
Cc: Dave Kemper <saint.snit@gmail.com>
Cc: Larry McVoy <lm@mcvoy.com>
Cc: Andrew Pinski <pinskia@gmail.com>
Cc: Jonathan Wakely <jwakely.gcc@gmail.com>
Cc: Andrew Clayton <andrew@digital-domain.net>
Cc: Martin Uecker <muecker@gwdg.de>
Cc: David Malcolm <dmalcolm@redhat.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
---

v5:

-  Fix existing C++-compat tests.  [reported by <ci_notify@linaro.org>]


 gcc/c-family/c.opt                                         | 4 ++++
 gcc/c/c-typeck.cc                                          | 6 +++---
 gcc/testsuite/gcc.dg/Wcxx-compat-14.c                      | 2 +-
 gcc/testsuite/gcc.dg/Wunterminated-string-initialization.c | 6 ++++++
 4 files changed, 14 insertions(+), 4 deletions(-)
 create mode 100644 gcc/testsuite/gcc.dg/Wunterminated-string-initialization.c

diff --git a/gcc/c-family/c.opt b/gcc/c-family/c.opt
index 44b9c862c14..e8f6b836836 100644
--- a/gcc/c-family/c.opt
+++ b/gcc/c-family/c.opt
@@ -1407,6 +1407,10 @@ Wunsuffixed-float-constants
 C ObjC Var(warn_unsuffixed_float_constants) Warning
 Warn about unsuffixed float constants.
 
+Wunterminated-string-initialization
+C ObjC Var(warn_unterminated_string_initialization) Warning LangEnabledBy(C ObjC,Wextra || Wc++-compat)
+Warn about character arrays initialized as unterminated character sequences by a string literal.
+
 Wunused
 C ObjC C++ ObjC++ LangEnabledBy(C ObjC C++ ObjC++,Wall)
 ; documented in common.opt
diff --git a/gcc/c/c-typeck.cc b/gcc/c/c-typeck.cc
index e55e887da14..7df9de819ed 100644
--- a/gcc/c/c-typeck.cc
+++ b/gcc/c/c-typeck.cc
@@ -8399,11 +8399,11 @@ digest_init (location_t init_loc, tree type, tree init, tree origtype,
 		pedwarn_init (init_loc, 0,
 			      ("initializer-string for array of %qT "
 			       "is too long"), typ1);
-	      else if (warn_cxx_compat
+	      else if (warn_unterminated_string_initialization
 		       && compare_tree_int (TYPE_SIZE_UNIT (type), len) < 0)
-		warning_at (init_loc, OPT_Wc___compat,
+		warning_at (init_loc, OPT_Wunterminated_string_initialization,
 			    ("initializer-string for array of %qT "
-			     "is too long for C++"), typ1);
+			     "is too long"), typ1);
 	      if (compare_tree_int (TYPE_SIZE_UNIT (type), len) < 0)
 		{
 		  unsigned HOST_WIDE_INT size
diff --git a/gcc/testsuite/gcc.dg/Wcxx-compat-14.c b/gcc/testsuite/gcc.dg/Wcxx-compat-14.c
index 23783711be6..6df0ee197cc 100644
--- a/gcc/testsuite/gcc.dg/Wcxx-compat-14.c
+++ b/gcc/testsuite/gcc.dg/Wcxx-compat-14.c
@@ -2,5 +2,5 @@
 /* { dg-options "-Wc++-compat" } */
 
 char a1[] = "a";
-char a2[1] = "a";	/* { dg-warning "C\[+\]\[+\]" } */
+char a2[1] = "a";	/* { dg-warning "initializer-string for array of 'char' is too long" } */
 char a3[2] = "a";
diff --git a/gcc/testsuite/gcc.dg/Wunterminated-string-initialization.c b/gcc/testsuite/gcc.dg/Wunterminated-string-initialization.c
new file mode 100644
index 00000000000..13d5dbc6640
--- /dev/null
+++ b/gcc/testsuite/gcc.dg/Wunterminated-string-initialization.c
@@ -0,0 +1,6 @@
+/* { dg-do compile } */
+/* { dg-options "-Wunterminated-string-initialization" } */
+
+char a1[] = "a";
+char a2[1] = "a";	/* { dg-warning "initializer-string for array of 'char' is too long" } */
+char a3[2] = "a";
-- 
2.40.1


[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

Re: [PATCH v5 RESEND] C, ObjC: Add -Wunterminated-string-initialization

[Mike Stump]

On Feb 6, 2024, at 2:45 AM, Alejandro Colomar <alx@kernel.org> wrote:
> 
> Warn about the following:
> 
>    char  s[3] = "foo";

No ObjC specific impact here, so no need for ObjC review.

As a member of the peanut gallery, I like the patch.

Joseph, this is been submitted 5 times over the past year.  Any thoughts?

> Initializing a char array with a string literal of the same length as
> the size of the array is usually a mistake.  Rarely is the case where
> one wants to create a non-terminated character sequence from a string
> literal.
> 
> In some cases, for writing faster code, one may want to use arrays
> instead of pointers, since that removes the need for storing an array of
> pointers apart from the strings themselves.
> 
>    char  *log_levels[]   = { "info", "warning", "err" };
> vs.
>    char  log_levels[][7] = { "info", "warning", "err" };
> 
> This forces the programmer to specify a size, which might change if a
> new entry is later added.  Having no way to enforce null termination is
> very dangerous, however, so it is useful to have a warning for this, so
> that the compiler can make sure that the programmer didn't make any
> mistakes.  This warning catches the bug above, so that the programmer
> will be able to fix it and write:
> 
>    char  log_levels[][8] = { "info", "warning", "err" };
> 
> This warning already existed as part of -Wc++-compat, but this patch
> allows enabling it separately.  It is also included in -Wextra, since
> it may not always be desired (when unterminated character sequences are
> wanted), but it's likely to be desired in most cases.
> 
> Since Wc++-compat now includes this warning, the test has to be modified
> to expect the text of the new warning too, in <gcc.dg/Wcxx-compat-14.c>.
> 
> Link: <https://lists.gnu.org/archive/html/groff/2022-11/msg00059.html>
> Link: <https://lists.gnu.org/archive/html/groff/2022-11/msg00063.html>
> Link: <https://inbox.sourceware.org/gcc/36da94eb-1cac-5ae8-7fea-ec66160cf413@gmail.com/T/>
> Acked-by: Doug McIlroy <douglas.mcilroy@dartmouth.edu>
> Cc: "G. Branden Robinson" <g.branden.robinson@gmail.com>
> Cc: Ralph Corderoy <ralph@inputplus.co.uk>
> Cc: Dave Kemper <saint.snit@gmail.com>
> Cc: Larry McVoy <lm@mcvoy.com>
> Cc: Andrew Pinski <pinskia@gmail.com>
> Cc: Jonathan Wakely <jwakely.gcc@gmail.com>
> Cc: Andrew Clayton <andrew@digital-domain.net>
> Cc: Martin Uecker <muecker@gwdg.de>
> Cc: David Malcolm <dmalcolm@redhat.com>
> Signed-off-by: Alejandro Colomar <alx@kernel.org>
> ---
> 
> v5:
> 
> -  Fix existing C++-compat tests.  [reported by <ci_notify@linaro.org>]
> 
> 
> gcc/c-family/c.opt                                         | 4 ++++
> gcc/c/c-typeck.cc                                          | 6 +++---
> gcc/testsuite/gcc.dg/Wcxx-compat-14.c                      | 2 +-
> gcc/testsuite/gcc.dg/Wunterminated-string-initialization.c | 6 ++++++
> 4 files changed, 14 insertions(+), 4 deletions(-)
> create mode 100644 gcc/testsuite/gcc.dg/Wunterminated-string-initialization.c
> 
> diff --git a/gcc/c-family/c.opt b/gcc/c-family/c.opt
> index 44b9c862c14..e8f6b836836 100644
> --- a/gcc/c-family/c.opt
> +++ b/gcc/c-family/c.opt
> @@ -1407,6 +1407,10 @@ Wunsuffixed-float-constants
> C ObjC Var(warn_unsuffixed_float_constants) Warning
> Warn about unsuffixed float constants.
> 
> +Wunterminated-string-initialization
> +C ObjC Var(warn_unterminated_string_initialization) Warning LangEnabledBy(C ObjC,Wextra || Wc++-compat)
> +Warn about character arrays initialized as unterminated character sequences by a string literal.
> +
> Wunused
> C ObjC C++ ObjC++ LangEnabledBy(C ObjC C++ ObjC++,Wall)
> ; documented in common.opt
> diff --git a/gcc/c/c-typeck.cc b/gcc/c/c-typeck.cc
> index e55e887da14..7df9de819ed 100644
> --- a/gcc/c/c-typeck.cc
> +++ b/gcc/c/c-typeck.cc
> @@ -8399,11 +8399,11 @@ digest_init (location_t init_loc, tree type, tree init, tree origtype,
> 		pedwarn_init (init_loc, 0,
> 			      ("initializer-string for array of %qT "
> 			       "is too long"), typ1);
> -	      else if (warn_cxx_compat
> +	      else if (warn_unterminated_string_initialization
> 		       && compare_tree_int (TYPE_SIZE_UNIT (type), len) < 0)
> -		warning_at (init_loc, OPT_Wc___compat,
> +		warning_at (init_loc, OPT_Wunterminated_string_initialization,
> 			    ("initializer-string for array of %qT "
> -			     "is too long for C++"), typ1);
> +			     "is too long"), typ1);
> 	      if (compare_tree_int (TYPE_SIZE_UNIT (type), len) < 0)
> 		{
> 		  unsigned HOST_WIDE_INT size
> diff --git a/gcc/testsuite/gcc.dg/Wcxx-compat-14.c b/gcc/testsuite/gcc.dg/Wcxx-compat-14.c
> index 23783711be6..6df0ee197cc 100644
> --- a/gcc/testsuite/gcc.dg/Wcxx-compat-14.c
> +++ b/gcc/testsuite/gcc.dg/Wcxx-compat-14.c
> @@ -2,5 +2,5 @@
> /* { dg-options "-Wc++-compat" } */
> 
> char a1[] = "a";
> -char a2[1] = "a";	/* { dg-warning "C\[+\]\[+\]" } */
> +char a2[1] = "a";	/* { dg-warning "initializer-string for array of 'char' is too long" } */
> char a3[2] = "a";
> diff --git a/gcc/testsuite/gcc.dg/Wunterminated-string-initialization.c b/gcc/testsuite/gcc.dg/Wunterminated-string-initialization.c
> new file mode 100644
> index 00000000000..13d5dbc6640
> --- /dev/null
> +++ b/gcc/testsuite/gcc.dg/Wunterminated-string-initialization.c
> @@ -0,0 +1,6 @@
> +/* { dg-do compile } */
> +/* { dg-options "-Wunterminated-string-initialization" } */
> +
> +char a1[] = "a";
> +char a2[1] = "a";	/* { dg-warning "initializer-string for array of 'char' is too long" } */
> +char a3[2] = "a";

Re: [PATCH v5 RESEND] C, ObjC: Add -Wunterminated-string-initialization

[Alejandro Colomar]

[-- Attachment #1: Type: text/plain, Size: 778 bytes --]

Hi Mike, Joseph,

On Sun, Feb 25, 2024 at 10:10:09AM -0800, Mike Stump wrote:
> On Feb 6, 2024, at 2:45 AM, Alejandro Colomar <alx@kernel.org> wrote:
> > 
> > Warn about the following:
> > 
> >    char  s[3] = "foo";
> 
> No ObjC specific impact here, so no need for ObjC review.
> 
> As a member of the peanut gallery, I like the patch.
> 
> Joseph, this is been submitted 5 times over the past year.  Any thoughts?

Thanks!  BTW, I'd like to know if I did anything wrong so that it wasn't
reviewed in all this time, or if it's just that everyone was busy doing
other stuff.  Do you prefer if I ping more often?  Or something else?

Have a lovely day!
Alex

-- 
<https://www.alejandro-colomar.es/>
Looking for a remote C programming job at the moment.

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

Re: [PATCH v5 RESEND] C, ObjC: Add -Wunterminated-string-initialization

[Joseph Myers]

On Sun, 25 Feb 2024, Mike Stump wrote:

> On Feb 6, 2024, at 2:45 AM, Alejandro Colomar <alx@kernel.org> wrote:
> > 
> > Warn about the following:
> > 
> >    char  s[3] = "foo";
> 
> No ObjC specific impact here, so no need for ObjC review.
> 
> As a member of the peanut gallery, I like the patch.
> 
> Joseph, this is been submitted 5 times over the past year.  Any thoughts?

The idea seems reasonable, but the patch needs documentation for the new 
option in invoke.texi.

-- 
Joseph S. Myers
josmyers@redhat.com

Re: [PATCH v5 RESEND] C, ObjC: Add -Wunterminated-string-initialization

[Joseph Myers]

On Sun, 25 Feb 2024, Alejandro Colomar wrote:

> or if it's just that everyone was busy doing
> other stuff.

Yes, that's right.  The patch was already listed on my patch review 
backlog, but that backlog is long.

-- 
Joseph S. Myers
josmyers@redhat.com

Re: [PATCH v5 RESEND] C, ObjC: Add -Wunterminated-string-initialization

[Alejandro Colomar]

[-- Attachment #1: Type: text/plain, Size: 9709 bytes --]

Hi Joseph,

On Mon, Feb 26, 2024 at 03:24:32PM +0000, Joseph Myers wrote:
> On Sun, 25 Feb 2024, Mike Stump wrote:
> 
> > On Feb 6, 2024, at 2:45 AM, Alejandro Colomar <alx@kernel.org> wrote:
> > > 
> > > Warn about the following:
> > > 
> > >    char  s[3] = "foo";
> > 
> > No ObjC specific impact here, so no need for ObjC review.
> > 
> > As a member of the peanut gallery, I like the patch.
> > 
> > Joseph, this is been submitted 5 times over the past year.  Any thoughts?
> 
> The idea seems reasonable, but the patch needs documentation for the new 
> option in invoke.texi.

Thanks!  Will do.

I don't see an obvious order in that file.  Where would you put the
option?  Do you want me to sort(1) it first, and then insert the new
option in alphabetic order?

$ man gcc 2>/dev/null | grep -e '^ \{0,3\}[^ ]' -e '^ \{4,7\}-' | sed -n '/^ \{1,3\}Options to Request or Suppress Warnings/,/^ \{1,3\}[^ ]/p'
   Options to Request or Suppress Warnings
     -fsyntax-only
     -fmax-errors=n
     -w  Inhibit all warning messages.
     -Werror
     -Werror=
     -Wfatal-errors
     -Wno- options with old compilers, but if something goes wrong, the compiler warns that an unrecognized option is present.
     -Wpedantic
     -pedantic
     -pedantic-errors
     -Wall
     -Wextra
     -Wabi (C, Objective‐C, C++ and Objective-C++ only)
     -Wno-changes-meaning (C++ and Objective-C++ only)
     -Wchar-subscripts
     -Wno-coverage-mismatch
     -Wno-coverage-invalid-line-number
     -Wno-cpp (C, Objective‐C, C++, Objective-C++ and Fortran only)
     -Wdouble-promotion (C, C++, Objective‐C and Objective-C++ only)
     -Wduplicate-decl-specifier (C and Objective‐C only)
     -Wformat
     -Wformat=n
     -Wno-format-contains-nul
     -Wno-format-extra-args
     -Wformat-overflow
     -Wformat-overflow=level
     -Wno-format-zero-length
     -Wformat-nonliteral
     -Wformat-security
     -Wformat-signedness
     -Wformat-truncation
     -Wformat-truncation=level
     -Wformat-y2k
     -Wnonnull
     -Wnonnull-compare
     -Wnull-dereference
     -Winfinite-recursion
     -Winit-self (C, C++, Objective‐C and Objective-C++ only)
     -Wno-implicit-int (C and Objective‐C only)
     -Wno-implicit-function-declaration (C and Objective‐C only)
     -Wimplicit (C and Objective‐C only)
     -Wimplicit-fallthrough
     -Wimplicit-fallthrough=n
     -Wno-if-not-aligned (C, C++, Objective‐C and Objective-C++ only)
     -Wignored-qualifiers (C and C++ only)
     -Wno-ignored-attributes (C and C++ only)
     -Wmain
     -Wmisleading-indentation (C and C++ only)
     -Wmissing-attributes
     -Wmissing-braces
     -Wmissing-include-dirs (C, C++, Objective‐C, Objective-C++ and Fortran only)
     -Wno-missing-profile
     -Wmismatched-dealloc
     -Wmultistatement-macros
     -Wparentheses
     -Wno-self-move (C++ and Objective-C++ only)
     -Wsequence-point
     -Wno-return-local-addr
     -Wreturn-type
     -Wno-shift-count-negative
     -Wno-shift-count-overflow
     -Wshift-negative-value
     -Wno-shift-overflow
     -Wshift-overflow=n
     -Wswitch
     -Wswitch-default
     -Wswitch-enum
     -Wno-switch-bool
     -Wno-switch-outside-range
     -Wno-switch-unreachable
     -Wsync-nand (C and C++ only)
     -Wtrivial-auto-var-init
     -Wunused-but-set-parameter
     -Wunused-but-set-variable
     -Wunused-function
     -Wunused-label
     -Wunused-local-typedefs (C, Objective‐C, C++ and Objective-C++ only)
     -Wunused-parameter
     -Wno-unused-result
     -Wunused-variable
     -Wunused-const-variable
     -Wunused-const-variable=n
     -Wunused-value
     -Wunused
     -Wuninitialized
     -Wno-invalid-memory-model
     -Wmaybe-uninitialized
     -Wunknown-pragmas
     -Wno-pragmas
     -Wno-prio-ctor-dtor
     -Wstrict-aliasing
     -Wstrict-aliasing=n
     -Wstrict-overflow
     -Wstrict-overflow=n
     -Wstring-compare
     -Wno-stringop-overflow
     -Wstringop-overflow
     -Wstringop-overflow=type
     -Wno-stringop-overread
     -Wno-stringop-truncation
     -Wstrict-flex-arrays
     -Wsuggest-attribute=[pure|const|noreturn|format|cold|malloc]
     -Walloc-zero
     -Walloc-size-larger-than=byte‐size
     -Wno-alloc-size-larger-than
     -Walloca
     -Walloca-larger-than=byte‐size
     -Wno-alloca-larger-than
     -Warith-conversion
     -Warray-bounds
     -Warray-bounds=n
     -Warray-compare
     -Warray-parameter
     -Warray-parameter=n
     -Wattribute-alias=n
     -Wno-attribute-alias
     -Wbidi-chars=[none|unpaired|any|ucn]
     -Wbool-compare
     -Wbool-operation
     -Wduplicated-branches
     -Wduplicated-cond
     -Wframe-address
     -Wno-discarded-qualifiers (C and Objective‐C only)
     -Wno-discarded-array-qualifiers (C and Objective‐C only)
     -Wno-incompatible-pointer-types (C and Objective‐C only)
     -Wno-int-conversion (C and Objective‐C only)
     -Wzero-length-bounds
     -Wno-div-by-zero
     -Wsystem-headers
     -Wtautological-compare
     -Wtrampolines
     -Wfloat-equal
     -Wtraditional (C and Objective‐C only)
     -Wtraditional-conversion (C and Objective‐C only)
     -Wdeclaration-after-statement (C and Objective‐C only)
     -Wshadow
     -Wno-shadow-ivar (Objective‐C only)
     -Wshadow=global
     -Wshadow=local
     -Wshadow=compatible-local
     -Wlarger-than=byte‐size
     -Wno-larger-than
     -Wframe-larger-than=byte‐size
     -Wno-frame-larger-than
     -Wfree-nonheap-object
     -Wstack-usage=byte‐size
     -Wno-stack-usage
     -Wunsafe-loop-optimizations
     -Wno-pedantic-ms-format (MinGW targets only)
     -Wpointer-arith
     -Wno-pointer-compare
     -Wtsan
     -Wtype-limits
     -Wabsolute-value (C and Objective‐C only)
     -Wcomment
     -Wcomments
     -Wtrigraphs
     -Wundef
     -Wexpansion-to-defined
     -Wunused-macros
     -Wno-endif-labels
     -Wbad-function-cast (C and Objective‐C only)
     -Wc90-c99-compat (C and Objective‐C only)
     -Wc99-c11-compat (C and Objective‐C only)
     -Wc11-c2x-compat (C and Objective‐C only)
     -Wc++-compat (C and Objective‐C only)
     -Wc++11-compat (C++ and Objective-C++ only)
     -Wc++14-compat (C++ and Objective-C++ only)
     -Wc++17-compat (C++ and Objective-C++ only)
     -Wc++20-compat (C++ and Objective-C++ only)
     -Wno-c++11-extensions (C++ and Objective-C++ only)
     -Wno-c++14-extensions (C++ and Objective-C++ only)
     -Wno-c++17-extensions (C++ and Objective-C++ only)
     -Wno-c++20-extensions (C++ and Objective-C++ only)
     -Wno-c++23-extensions (C++ and Objective-C++ only)
     -Wcast-qual
     -Wcast-align
     -Wcast-align=strict
     -Wcast-function-type
     -Wwrite-strings
     -Wclobbered
     -Wno-complain-wrong-lang
     -Wconversion
     -Wdangling-else
     -Wdangling-pointer
     -Wdangling-pointer=n
     -Wdate-time
     -Wempty-body
     -Wno-endif-labels
     -Wenum-compare
     -Wenum-conversion
     -Wenum-int-mismatch (C and Objective‐C only)
     -Wjump-misses-init (C, Objective‐C only)
     -Wsign-compare
     -Wsign-conversion
     -Wfloat-conversion
     -Wno-scalar-storage-order
     -Wsizeof-array-div
     -Wsizeof-pointer-div
     -Wsizeof-pointer-memaccess
     -Wno-sizeof-array-argument
     -Wmemset-elt-size
     -Wmemset-transposed-args
     -Waddress
     -Wno-address-of-packed-member
     -Wlogical-op
     -Wlogical-not-parentheses
     -Waggregate-return
     -Wno-aggressive-loop-optimizations
     -Wno-attributes
     -Wno-builtin-declaration-mismatch
     -Wno-builtin-macro-redefined
     -Wstrict-prototypes (C and Objective‐C only)
     -Wold-style-declaration (C and Objective‐C only)
     -Wold-style-definition (C and Objective‐C only)
     -Wmissing-parameter-type (C and Objective‐C only)
     -Wmissing-prototypes (C and Objective‐C only)
     -Wmissing-declarations
     -Wmissing-field-initializers
     -Wno-missing-requires
     -Wno-missing-template-keyword
     -Wno-multichar
     -Wnormalized=[none|id|nfc|nfkc]
     -Wno-attribute-warning
     -Wno-deprecated
     -Wno-deprecated-declarations
     -Wno-overflow
     -Wno-odr
     -Wopenacc-parallelism
     -Wopenmp-simd
     -Woverride-init (C and Objective‐C only)
     -Wno-override-init-side-effects (C and Objective‐C only)
     -Wpacked
     -Wnopacked-bitfield-compat
     -Wpacked-not-aligned (C, C++, Objective‐C and Objective-C++ only)
     -Wpadded
     -Wredundant-decls
     -Wrestrict
     -Wnested-externs (C and Objective‐C only)
     -Winline
     -Winterference-size
     -Wint-in-bool-context
     -Wno-int-to-pointer-cast
     -Wno-pointer-to-int-cast (C and Objective‐C only)
     -Winvalid-pch
     -Winvalid-utf8
     -Wno-unicode
     -Wlong-long
     -Wvariadic-macros
     -Wno-varargs
     -Wvector-operation-performance
     -Wvla
     -Wvla-larger-than=byte‐size
     -Wno-vla-larger-than
     -Wvla-parameter
     -Wvolatile-register-var
     -Wxor-used-as-pow (C, C++, Objective‐C and Objective-C++ only)
     -Wdisabled-optimization
     -Wpointer-sign (C and Objective‐C only)
     -Wstack-protector
     -Woverlength-strings
     -Wunsuffixed-float-constants (C and Objective‐C only)
     -Wno-lto-type-mismatch
     -Wno-designated-init (C and Objective‐C only)
   Options That Control Static Analysis


Have a lovely day!
Alex

-- 
<https://www.alejandro-colomar.es/>
Looking for a remote C programming job at the moment.

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

Re: [PATCH v5 RESEND] C, ObjC: Add -Wunterminated-string-initialization

[Joseph Myers]

On Mon, 26 Feb 2024, Alejandro Colomar wrote:

> > The idea seems reasonable, but the patch needs documentation for the new 
> > option in invoke.texi.
> 
> Thanks!  Will do.
> 
> I don't see an obvious order in that file.  Where would you put the
> option?  Do you want me to sort(1) it first, and then insert the new
> option in alphabetic order?

Sandra might have a better idea of how the warning options ought to be 
ordered in the manual.  (Obviously, don't mix reordering with any content 
changes.)

-- 
Joseph S. Myers
josmyers@redhat.com

Re: [PATCH v5 RESEND] C, ObjC: Add -Wunterminated-string-initialization

[Mike Stump]

On Feb 26, 2024, at 7:56 AM, Alejandro Colomar <alx@kernel.org> wrote:
> 
> I don't see an obvious order in that file.  Where would you put the
> option?

The best place, would be to put it just after:

    -Warray-bounds
    -Warray-bounds=n

This is a functional style grouping that best mirrors the existing ordering.  A runner up would be next to the string options or near a "terminating NUL", but after review, these don't seem more suitable.

> Do you want me to sort(1) it first, and then insert the new
> option in alphabetic order?

No.  Let others play at that.

Re: [PATCH v5 RESEND] C, ObjC: Add -Wunterminated-string-initialization

[Sandra Loosemore]

On 2/26/24 09:19, Joseph Myers wrote:
> On Mon, 26 Feb 2024, Alejandro Colomar wrote:
> 
>>> The idea seems reasonable, but the patch needs documentation for the new
>>> option in invoke.texi.
>>
>> Thanks!  Will do.
>>
>> I don't see an obvious order in that file.  Where would you put the
>> option?  Do you want me to sort(1) it first, and then insert the new
>> option in alphabetic order?
> 
> Sandra might have a better idea of how the warning options ought to be
> ordered in the manual.  (Obviously, don't mix reordering with any content
> changes.)

Please don't blindly sort the options sections of the manual.  They've 
typically been organized to present general options first (things like 
-Wpedantic in the warning options section, or -g or -o in the debugging 
and optimization optimization sections), then more specialized flags for 
controlling specific individual behaviors.  We could do a better job of 
keeping the latter sublists alphabetized, but in some cases we have also 
grouped documentation for related options together even if they are not 
alphabetical, but that needs some manual review and decision-making and 
should not be mixed with adding new content.  We do try to keep the 
lists in the "Option Summary" section alphabetized except for the 
general options listed first, though.

As far as where to put documentation for new options, I'd say that you 
should put it in alphabetical order in the appropriate section, unless 
there is good reason to put it somewhere else, or the alphabetization of 
the whole section is so messed-up you can't figure out where it should 
go (putting it at the end is OK in that case, as opposed to some other 
random location in the list).  Remember to add the matching entry in the 
appropriate "Option Summary" list, and for this option IIUC you also 
need to add it to the lists of other options enabled by -Wextra and 
-Wc++-compat.

Are we still accepting patches to add new options in stage 4, or is this 
a stage 1 item?

-Sandra

[PATCH v6] C, ObjC: Add -Wunterminated-string-initialization

[Alejandro Colomar]

[-- Attachment #1: Type: text/plain, Size: 10039 bytes --]

Warn about the following:

    char  s[3] = "foo";

Initializing a char array with a string literal of the same length as
the size of the array is usually a mistake.  Rarely is the case where
one wants to create a non-terminated character sequence from a string
literal.

In some cases, for writing faster code, one may want to use arrays
instead of pointers, since that removes the need for storing an array of
pointers apart from the strings themselves.

    char  *log_levels[]   = { "info", "warning", "err" };
vs.
    char  log_levels[][7] = { "info", "warning", "err" };

This forces the programmer to specify a size, which might change if a
new entry is later added.  Having no way to enforce null termination is
very dangerous, however, so it is useful to have a warning for this, so
that the compiler can make sure that the programmer didn't make any
mistakes.  This warning catches the bug above, so that the programmer
will be able to fix it and write:

    char  log_levels[][8] = { "info", "warning", "err" };

This warning already existed as part of -Wc++-compat, but this patch
allows enabling it separately.  It is also included in -Wextra, since
it may not always be desired (when unterminated character sequences are
wanted), but it's likely to be desired in most cases.

Since Wc++-compat now includes this warning, the test has to be modified
to expect the text of the new warning too, in <gcc.dg/Wcxx-compat-14.c>.

Link: <https://lists.gnu.org/archive/html/groff/2022-11/msg00059.html>
Link: <https://lists.gnu.org/archive/html/groff/2022-11/msg00063.html>
Link: <https://inbox.sourceware.org/gcc/36da94eb-1cac-5ae8-7fea-ec66160cf413@gmail.com/T/>
Acked-by: Doug McIlroy <douglas.mcilroy@dartmouth.edu>
Cc: "G. Branden Robinson" <g.branden.robinson@gmail.com>
Cc: Ralph Corderoy <ralph@inputplus.co.uk>
Cc: Dave Kemper <saint.snit@gmail.com>
Cc: Larry McVoy <lm@mcvoy.com>
Cc: Andrew Pinski <pinskia@gmail.com>
Cc: Jonathan Wakely <jwakely.gcc@gmail.com>
Cc: Andrew Clayton <andrew@digital-domain.net>
Cc: Martin Uecker <muecker@gwdg.de>
Cc: David Malcolm <dmalcolm@redhat.com>
Cc: Mike Stump <mikestump@comcast.net>
Cc: Joseph Myers <josmyers@redhat.com>
Cc: Sandra Loosemore <sloosemore@baylibre.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
---

Hi!

v6:
-  Small wording fix in c.opt
-  Document the option in invoke.texi

I tried again, but didn't find much alphabetic order  in there, so put
it where Mike suggested, after -Warray-bounds=n.

Have a lovely night!
Alex


Range-diff against v5:
1:  d98d1fec176 ! 1:  e8fd975bde7 C, ObjC: Add -Wunterminated-string-initialization
    @@ gcc/c-family/c.opt: Wunsuffixed-float-constants
      
     +Wunterminated-string-initialization
     +C ObjC Var(warn_unterminated_string_initialization) Warning LangEnabledBy(C ObjC,Wextra || Wc++-compat)
    -+Warn about character arrays initialized as unterminated character sequences by a string literal.
    ++Warn about character arrays initialized as unterminated character sequences with a string literal.
     +
      Wunused
      C ObjC C++ ObjC++ LangEnabledBy(C ObjC C++ ObjC++,Wall)
    @@ gcc/c/c-typeck.cc: digest_init (location_t init_loc, tree type, tree init, tree
      		{
      		  unsigned HOST_WIDE_INT size
     
    + ## gcc/doc/invoke.texi ##
    +@@ gcc/doc/invoke.texi: Objective-C and Objective-C++ Dialects}.
    + -Wsystem-headers  -Wtautological-compare  -Wtrampolines  -Wtrigraphs
    + -Wtrivial-auto-var-init -Wtsan -Wtype-limits  -Wundef
    + -Wuninitialized  -Wunknown-pragmas
    +--Wunsuffixed-float-constants  -Wunused
    ++-Wunsuffixed-float-constants
    ++-Wunterminated-string-initialization
    ++-Wunused
    + -Wunused-but-set-parameter  -Wunused-but-set-variable
    + -Wunused-const-variable  -Wunused-const-variable=@var{n}
    + -Wunused-function  -Wunused-label  -Wunused-local-typedefs
    +@@ gcc/doc/invoke.texi: name is still supported, but the newer name is more descriptive.)
    + -Wredundant-move @r{(only for C++)}
    + -Wtype-limits
    + -Wuninitialized
    ++-Wunterminated-string-initialization
    + -Wshift-negative-value @r{(in C++11 to C++17 and in C99 and newer)}
    + -Wunused-parameter @r{(only with} @option{-Wunused} @r{or} @option{-Wall}@r{)}
    + -Wunused-but-set-parameter @r{(only with} @option{-Wunused} @r{or} @option{-Wall}@r{)}}
    +@@ gcc/doc/invoke.texi: arithmetic that may yield out of bounds values. This warning level may
    + give a larger number of false positives and is deactivated by default.
    + @end table
    + 
    ++@opindex Wunterminated-string-initialization
    ++@opindex Wno-unterminated-string-initialization
    ++@item -Wunterminated-string-initialization
    ++Warn about character arrays
    ++initialized as unterminated character sequences
    ++with a string literal.
    ++For example:
    ++
    ++@smallexample
    ++char arr[3] = "foo";
    ++@end smallexample
    ++
    ++@option{-Wunterminated-string-initialization} is enabled by @option{-Wextra}.
    ++
    + @opindex Warray-compare
    + @opindex Wno-array-compare
    + @item -Warray-compare
    +
      ## gcc/testsuite/gcc.dg/Wcxx-compat-14.c ##
     @@
      /* { dg-options "-Wc++-compat" } */

 gcc/c-family/c.opt                            |  4 ++++
 gcc/c/c-typeck.cc                             |  6 +++---
 gcc/doc/invoke.texi                           | 19 ++++++++++++++++++-
 gcc/testsuite/gcc.dg/Wcxx-compat-14.c         |  2 +-
 .../Wunterminated-string-initialization.c     |  6 ++++++
 5 files changed, 32 insertions(+), 5 deletions(-)
 create mode 100644 gcc/testsuite/gcc.dg/Wunterminated-string-initialization.c

diff --git a/gcc/c-family/c.opt b/gcc/c-family/c.opt
index 44b9c862c14..3837021747b 100644
--- a/gcc/c-family/c.opt
+++ b/gcc/c-family/c.opt
@@ -1407,6 +1407,10 @@ Wunsuffixed-float-constants
 C ObjC Var(warn_unsuffixed_float_constants) Warning
 Warn about unsuffixed float constants.
 
+Wunterminated-string-initialization
+C ObjC Var(warn_unterminated_string_initialization) Warning LangEnabledBy(C ObjC,Wextra || Wc++-compat)
+Warn about character arrays initialized as unterminated character sequences with a string literal.
+
 Wunused
 C ObjC C++ ObjC++ LangEnabledBy(C ObjC C++ ObjC++,Wall)
 ; documented in common.opt
diff --git a/gcc/c/c-typeck.cc b/gcc/c/c-typeck.cc
index e55e887da14..7df9de819ed 100644
--- a/gcc/c/c-typeck.cc
+++ b/gcc/c/c-typeck.cc
@@ -8399,11 +8399,11 @@ digest_init (location_t init_loc, tree type, tree init, tree origtype,
 		pedwarn_init (init_loc, 0,
 			      ("initializer-string for array of %qT "
 			       "is too long"), typ1);
-	      else if (warn_cxx_compat
+	      else if (warn_unterminated_string_initialization
 		       && compare_tree_int (TYPE_SIZE_UNIT (type), len) < 0)
-		warning_at (init_loc, OPT_Wc___compat,
+		warning_at (init_loc, OPT_Wunterminated_string_initialization,
 			    ("initializer-string for array of %qT "
-			     "is too long for C++"), typ1);
+			     "is too long"), typ1);
 	      if (compare_tree_int (TYPE_SIZE_UNIT (type), len) < 0)
 		{
 		  unsigned HOST_WIDE_INT size
diff --git a/gcc/doc/invoke.texi b/gcc/doc/invoke.texi
index 146b40414b0..f81df4de934 100644
--- a/gcc/doc/invoke.texi
+++ b/gcc/doc/invoke.texi
@@ -410,7 +410,9 @@ Objective-C and Objective-C++ Dialects}.
 -Wsystem-headers  -Wtautological-compare  -Wtrampolines  -Wtrigraphs
 -Wtrivial-auto-var-init -Wtsan -Wtype-limits  -Wundef
 -Wuninitialized  -Wunknown-pragmas
--Wunsuffixed-float-constants  -Wunused
+-Wunsuffixed-float-constants
+-Wunterminated-string-initialization
+-Wunused
 -Wunused-but-set-parameter  -Wunused-but-set-variable
 -Wunused-const-variable  -Wunused-const-variable=@var{n}
 -Wunused-function  -Wunused-label  -Wunused-local-typedefs
@@ -6264,6 +6266,7 @@ name is still supported, but the newer name is more descriptive.)
 -Wredundant-move @r{(only for C++)}
 -Wtype-limits
 -Wuninitialized
+-Wunterminated-string-initialization
 -Wshift-negative-value @r{(in C++11 to C++17 and in C99 and newer)}
 -Wunused-parameter @r{(only with} @option{-Wunused} @r{or} @option{-Wall}@r{)}
 -Wunused-but-set-parameter @r{(only with} @option{-Wunused} @r{or} @option{-Wall}@r{)}}
@@ -8281,6 +8284,20 @@ arithmetic that may yield out of bounds values. This warning level may
 give a larger number of false positives and is deactivated by default.
 @end table
 
+@opindex Wunterminated-string-initialization
+@opindex Wno-unterminated-string-initialization
+@item -Wunterminated-string-initialization
+Warn about character arrays
+initialized as unterminated character sequences
+with a string literal.
+For example:
+
+@smallexample
+char arr[3] = "foo";
+@end smallexample
+
+@option{-Wunterminated-string-initialization} is enabled by @option{-Wextra}.
+
 @opindex Warray-compare
 @opindex Wno-array-compare
 @item -Warray-compare
diff --git a/gcc/testsuite/gcc.dg/Wcxx-compat-14.c b/gcc/testsuite/gcc.dg/Wcxx-compat-14.c
index 23783711be6..6df0ee197cc 100644
--- a/gcc/testsuite/gcc.dg/Wcxx-compat-14.c
+++ b/gcc/testsuite/gcc.dg/Wcxx-compat-14.c
@@ -2,5 +2,5 @@
 /* { dg-options "-Wc++-compat" } */
 
 char a1[] = "a";
-char a2[1] = "a";	/* { dg-warning "C\[+\]\[+\]" } */
+char a2[1] = "a";	/* { dg-warning "initializer-string for array of 'char' is too long" } */
 char a3[2] = "a";
diff --git a/gcc/testsuite/gcc.dg/Wunterminated-string-initialization.c b/gcc/testsuite/gcc.dg/Wunterminated-string-initialization.c
new file mode 100644
index 00000000000..13d5dbc6640
--- /dev/null
+++ b/gcc/testsuite/gcc.dg/Wunterminated-string-initialization.c
@@ -0,0 +1,6 @@
+/* { dg-do compile } */
+/* { dg-options "-Wunterminated-string-initialization" } */
+
+char a1[] = "a";
+char a2[1] = "a";	/* { dg-warning "initializer-string for array of 'char' is too long" } */
+char a3[2] = "a";
-- 
2.43.0


[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

Re: [PATCH v6] C, ObjC: Add -Wunterminated-string-initialization

[Alejandro Colomar]

[-- Attachment #1: Type: text/plain, Size: 2273 bytes --]

On Tue, Mar 05, 2024 at 09:20:42PM +0100, Alejandro Colomar wrote:
> Hi!
> 
> v6:
> -  Small wording fix in c.opt
> -  Document the option in invoke.texi
> 
> I tried again, but didn't find much alphabetic order  in there, so put
> it where Mike suggested, after -Warray-bounds=n.
> 
> Have a lovely night!
> Alex
> 
[...]
> diff --git a/gcc/doc/invoke.texi b/gcc/doc/invoke.texi
> index 146b40414b0..f81df4de934 100644
> --- a/gcc/doc/invoke.texi
> +++ b/gcc/doc/invoke.texi
> @@ -410,7 +410,9 @@ Objective-C and Objective-C++ Dialects}.
>  -Wsystem-headers  -Wtautological-compare  -Wtrampolines  -Wtrigraphs
>  -Wtrivial-auto-var-init -Wtsan -Wtype-limits  -Wundef
>  -Wuninitialized  -Wunknown-pragmas
> --Wunsuffixed-float-constants  -Wunused
> +-Wunsuffixed-float-constants
> +-Wunterminated-string-initialization
> +-Wunused
>  -Wunused-but-set-parameter  -Wunused-but-set-variable
>  -Wunused-const-variable  -Wunused-const-variable=@var{n}
>  -Wunused-function  -Wunused-label  -Wunused-local-typedefs
> @@ -6264,6 +6266,7 @@ name is still supported, but the newer name is more descriptive.)
>  -Wredundant-move @r{(only for C++)}
>  -Wtype-limits
>  -Wuninitialized
> +-Wunterminated-string-initialization
>  -Wshift-negative-value @r{(in C++11 to C++17 and in C99 and newer)}
>  -Wunused-parameter @r{(only with} @option{-Wunused} @r{or} @option{-Wall}@r{)}
>  -Wunused-but-set-parameter @r{(only with} @option{-Wunused} @r{or} @option{-Wall}@r{)}}
> @@ -8281,6 +8284,20 @@ arithmetic that may yield out of bounds values. This warning level may
>  give a larger number of false positives and is deactivated by default.
>  @end table
>  
> +@opindex Wunterminated-string-initialization
> +@opindex Wno-unterminated-string-initialization
> +@item -Wunterminated-string-initialization
> +Warn about character arrays
> +initialized as unterminated character sequences
> +with a string literal.
> +For example:
> +
> +@smallexample
> +char arr[3] = "foo";
> +@end smallexample
> +
> +@option{-Wunterminated-string-initialization} is enabled by @option{-Wextra}.

Oops, I should also mention -Wc++-compat here.


-- 
<https://www.alejandro-colomar.es/>
Looking for a remote C programming job at the moment.

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

[PATCH v7] C, ObjC: Add -Wunterminated-string-initialization

[Alejandro Colomar]

[-- Attachment #1: Type: text/plain, Size: 8106 bytes --]

Warn about the following:

    char  s[3] = "foo";

Initializing a char array with a string literal of the same length as
the size of the array is usually a mistake.  Rarely is the case where
one wants to create a non-terminated character sequence from a string
literal.

In some cases, for writing faster code, one may want to use arrays
instead of pointers, since that removes the need for storing an array of
pointers apart from the strings themselves.

    char  *log_levels[]   = { "info", "warning", "err" };
vs.
    char  log_levels[][7] = { "info", "warning", "err" };

This forces the programmer to specify a size, which might change if a
new entry is later added.  Having no way to enforce null termination is
very dangerous, however, so it is useful to have a warning for this, so
that the compiler can make sure that the programmer didn't make any
mistakes.  This warning catches the bug above, so that the programmer
will be able to fix it and write:

    char  log_levels[][8] = { "info", "warning", "err" };

This warning already existed as part of -Wc++-compat, but this patch
allows enabling it separately.  It is also included in -Wextra, since
it may not always be desired (when unterminated character sequences are
wanted), but it's likely to be desired in most cases.

Since Wc++-compat now includes this warning, the test has to be modified
to expect the text of the new warning too, in <gcc.dg/Wcxx-compat-14.c>.

Link: <https://lists.gnu.org/archive/html/groff/2022-11/msg00059.html>
Link: <https://lists.gnu.org/archive/html/groff/2022-11/msg00063.html>
Link: <https://inbox.sourceware.org/gcc/36da94eb-1cac-5ae8-7fea-ec66160cf413@gmail.com/T/>
Acked-by: Doug McIlroy <douglas.mcilroy@dartmouth.edu>
Cc: "G. Branden Robinson" <g.branden.robinson@gmail.com>
Cc: Ralph Corderoy <ralph@inputplus.co.uk>
Cc: Dave Kemper <saint.snit@gmail.com>
Cc: Larry McVoy <lm@mcvoy.com>
Cc: Andrew Pinski <pinskia@gmail.com>
Cc: Jonathan Wakely <jwakely.gcc@gmail.com>
Cc: Andrew Clayton <andrew@digital-domain.net>
Cc: Martin Uecker <muecker@gwdg.de>
Cc: David Malcolm <dmalcolm@redhat.com>
Cc: Mike Stump <mikestump@comcast.net>
Cc: Joseph Myers <josmyers@redhat.com>
Cc: Sandra Loosemore <sloosemore@baylibre.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
---
Range-diff against v6:
1:  e8fd975bde7 ! 1:  c0f3ffcca7a C, ObjC: Add -Wunterminated-string-initialization
    @@ gcc/doc/invoke.texi: arithmetic that may yield out of bounds values. This warnin
      
     +@opindex Wunterminated-string-initialization
     +@opindex Wno-unterminated-string-initialization
    -+@item -Wunterminated-string-initialization
    ++@item -Wunterminated-string-initialization @r{(C and Objective-C only)}
     +Warn about character arrays
     +initialized as unterminated character sequences
     +with a string literal.
    @@ gcc/doc/invoke.texi: arithmetic that may yield out of bounds values. This warnin
     +char arr[3] = "foo";
     +@end smallexample
     +
    -+@option{-Wunterminated-string-initialization} is enabled by @option{-Wextra}.
    ++This warning is enabled by @option{-Wextra} and @option{-Wc++-compat}.
    ++In C++, such initializations are an error.
     +
      @opindex Warray-compare
      @opindex Wno-array-compare

 gcc/c-family/c.opt                            |  4 ++++
 gcc/c/c-typeck.cc                             |  6 +++---
 gcc/doc/invoke.texi                           | 20 ++++++++++++++++++-
 gcc/testsuite/gcc.dg/Wcxx-compat-14.c         |  2 +-
 .../Wunterminated-string-initialization.c     |  6 ++++++
 5 files changed, 33 insertions(+), 5 deletions(-)
 create mode 100644 gcc/testsuite/gcc.dg/Wunterminated-string-initialization.c

diff --git a/gcc/c-family/c.opt b/gcc/c-family/c.opt
index 44b9c862c14..3837021747b 100644
--- a/gcc/c-family/c.opt
+++ b/gcc/c-family/c.opt
@@ -1407,6 +1407,10 @@ Wunsuffixed-float-constants
 C ObjC Var(warn_unsuffixed_float_constants) Warning
 Warn about unsuffixed float constants.
 
+Wunterminated-string-initialization
+C ObjC Var(warn_unterminated_string_initialization) Warning LangEnabledBy(C ObjC,Wextra || Wc++-compat)
+Warn about character arrays initialized as unterminated character sequences with a string literal.
+
 Wunused
 C ObjC C++ ObjC++ LangEnabledBy(C ObjC C++ ObjC++,Wall)
 ; documented in common.opt
diff --git a/gcc/c/c-typeck.cc b/gcc/c/c-typeck.cc
index e55e887da14..7df9de819ed 100644
--- a/gcc/c/c-typeck.cc
+++ b/gcc/c/c-typeck.cc
@@ -8399,11 +8399,11 @@ digest_init (location_t init_loc, tree type, tree init, tree origtype,
 		pedwarn_init (init_loc, 0,
 			      ("initializer-string for array of %qT "
 			       "is too long"), typ1);
-	      else if (warn_cxx_compat
+	      else if (warn_unterminated_string_initialization
 		       && compare_tree_int (TYPE_SIZE_UNIT (type), len) < 0)
-		warning_at (init_loc, OPT_Wc___compat,
+		warning_at (init_loc, OPT_Wunterminated_string_initialization,
 			    ("initializer-string for array of %qT "
-			     "is too long for C++"), typ1);
+			     "is too long"), typ1);
 	      if (compare_tree_int (TYPE_SIZE_UNIT (type), len) < 0)
 		{
 		  unsigned HOST_WIDE_INT size
diff --git a/gcc/doc/invoke.texi b/gcc/doc/invoke.texi
index 146b40414b0..4e85311851f 100644
--- a/gcc/doc/invoke.texi
+++ b/gcc/doc/invoke.texi
@@ -410,7 +410,9 @@ Objective-C and Objective-C++ Dialects}.
 -Wsystem-headers  -Wtautological-compare  -Wtrampolines  -Wtrigraphs
 -Wtrivial-auto-var-init -Wtsan -Wtype-limits  -Wundef
 -Wuninitialized  -Wunknown-pragmas
--Wunsuffixed-float-constants  -Wunused
+-Wunsuffixed-float-constants
+-Wunterminated-string-initialization
+-Wunused
 -Wunused-but-set-parameter  -Wunused-but-set-variable
 -Wunused-const-variable  -Wunused-const-variable=@var{n}
 -Wunused-function  -Wunused-label  -Wunused-local-typedefs
@@ -6264,6 +6266,7 @@ name is still supported, but the newer name is more descriptive.)
 -Wredundant-move @r{(only for C++)}
 -Wtype-limits
 -Wuninitialized
+-Wunterminated-string-initialization
 -Wshift-negative-value @r{(in C++11 to C++17 and in C99 and newer)}
 -Wunused-parameter @r{(only with} @option{-Wunused} @r{or} @option{-Wall}@r{)}
 -Wunused-but-set-parameter @r{(only with} @option{-Wunused} @r{or} @option{-Wall}@r{)}}
@@ -8281,6 +8284,21 @@ arithmetic that may yield out of bounds values. This warning level may
 give a larger number of false positives and is deactivated by default.
 @end table
 
+@opindex Wunterminated-string-initialization
+@opindex Wno-unterminated-string-initialization
+@item -Wunterminated-string-initialization @r{(C and Objective-C only)}
+Warn about character arrays
+initialized as unterminated character sequences
+with a string literal.
+For example:
+
+@smallexample
+char arr[3] = "foo";
+@end smallexample
+
+This warning is enabled by @option{-Wextra} and @option{-Wc++-compat}.
+In C++, such initializations are an error.
+
 @opindex Warray-compare
 @opindex Wno-array-compare
 @item -Warray-compare
diff --git a/gcc/testsuite/gcc.dg/Wcxx-compat-14.c b/gcc/testsuite/gcc.dg/Wcxx-compat-14.c
index 23783711be6..6df0ee197cc 100644
--- a/gcc/testsuite/gcc.dg/Wcxx-compat-14.c
+++ b/gcc/testsuite/gcc.dg/Wcxx-compat-14.c
@@ -2,5 +2,5 @@
 /* { dg-options "-Wc++-compat" } */
 
 char a1[] = "a";
-char a2[1] = "a";	/* { dg-warning "C\[+\]\[+\]" } */
+char a2[1] = "a";	/* { dg-warning "initializer-string for array of 'char' is too long" } */
 char a3[2] = "a";
diff --git a/gcc/testsuite/gcc.dg/Wunterminated-string-initialization.c b/gcc/testsuite/gcc.dg/Wunterminated-string-initialization.c
new file mode 100644
index 00000000000..13d5dbc6640
--- /dev/null
+++ b/gcc/testsuite/gcc.dg/Wunterminated-string-initialization.c
@@ -0,0 +1,6 @@
+/* { dg-do compile } */
+/* { dg-options "-Wunterminated-string-initialization" } */
+
+char a1[] = "a";
+char a2[1] = "a";	/* { dg-warning "initializer-string for array of 'char' is too long" } */
+char a3[2] = "a";
-- 
2.43.0


[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]

Re: [PATCH v7] C, ObjC: Add -Wunterminated-string-initialization

[Sandra Loosemore]

On 3/5/24 13:33, Alejandro Colomar wrote:
> Warn about the following:
> 
>      char  s[3] = "foo";
> 
> Initializing a char array with a string literal of the same length as
> the size of the array is usually a mistake.  Rarely is the case where
> one wants to create a non-terminated character sequence from a string
> literal.
> 
> In some cases, for writing faster code, one may want to use arrays
> instead of pointers, since that removes the need for storing an array of
> pointers apart from the strings themselves.
> 
>      char  *log_levels[]   = { "info", "warning", "err" };
> vs.
>      char  log_levels[][7] = { "info", "warning", "err" };
> 
> This forces the programmer to specify a size, which might change if a
> new entry is later added.  Having no way to enforce null termination is
> very dangerous, however, so it is useful to have a warning for this, so
> that the compiler can make sure that the programmer didn't make any
> mistakes.  This warning catches the bug above, so that the programmer
> will be able to fix it and write:
> 
>      char  log_levels[][8] = { "info", "warning", "err" };
> 
> This warning already existed as part of -Wc++-compat, but this patch
> allows enabling it separately.  It is also included in -Wextra, since
> it may not always be desired (when unterminated character sequences are
> wanted), but it's likely to be desired in most cases.
> 
> Since Wc++-compat now includes this warning, the test has to be modified
> to expect the text of the new warning too, in <gcc.dg/Wcxx-compat-14.c>.

The documentation parts of the patch are OK.

-Sandra

[PATCH v8] C, ObjC: Add -Wunterminated-string-initialization

[Alejandro Colomar]

[-- Attachment #1: Type: text/plain, Size: 10130 bytes --]

Warn about the following:

    char  s[3] = "foo";

Initializing a char array with a string literal of the same length as
the size of the array is usually a mistake.  Rarely is the case where
one wants to create a non-terminated character sequence from a string
literal.

In some cases, for writing faster code, one may want to use arrays
instead of pointers, since that removes the need for storing an array of
pointers apart from the strings themselves.

    char  *log_levels[]   = { "info", "warning", "err" };
vs.
    char  log_levels[][7] = { "info", "warning", "err" };

This forces the programmer to specify a size, which might change if a
new entry is later added.  Having no way to enforce null termination is
very dangerous, however, so it is useful to have a warning for this, so
that the compiler can make sure that the programmer didn't make any
mistakes.  This warning catches the bug above, so that the programmer
will be able to fix it and write:

    char  log_levels[][8] = { "info", "warning", "err" };

This warning already existed as part of -Wc++-compat, but this patch
allows enabling it separately.  It is also included in -Wextra, since
it may not always be desired (when unterminated character sequences are
wanted), but it's likely to be desired in most cases.

Since Wc++-compat now includes this warning, the test has to be modified
to expect the text of the new warning too, in <gcc.dg/Wcxx-compat-14.c>.

gcc/c-family/ChangeLog:

	* c.opt: Add -Wunterminated-string-initialization.

gcc/c/ChangeLog:

	* c-typeck.cc (digest_init): Separate warnings about character
	  arrays being initialized as unterminated character sequences
	  with string literals, from -Wc++-compat, into a new warning,
	  -Wunterminated-string-initialization.

gcc/ChangeLog:

	* doc/invoke.texi: Document the new
	  -Wunterminated-string-initialization.

gcc/testsuite/ChangeLog:

	* gcc.dg/Wcxx-compat-14.c: Adapt the test to match the new text
	  of the warning, which doesn't say anything about C++ anymore.
	* gcc.dg/Wunterminated-string-initialization.c: New test.

Link: <https://lists.gnu.org/archive/html/groff/2022-11/msg00059.html>
Link: <https://lists.gnu.org/archive/html/groff/2022-11/msg00063.html>
Link: <https://inbox.sourceware.org/gcc/36da94eb-1cac-5ae8-7fea-ec66160cf413@gmail.com/T/>
Acked-by: Doug McIlroy <douglas.mcilroy@dartmouth.edu>
[Sandra: The documentation parts of the patch are OK.]
Reviewed-by: Sandra Loosemore <sloosemore@baylibre.com>
Cc: "G. Branden Robinson" <g.branden.robinson@gmail.com>
Cc: Ralph Corderoy <ralph@inputplus.co.uk>
Cc: Dave Kemper <saint.snit@gmail.com>
Cc: Larry McVoy <lm@mcvoy.com>
Cc: Andrew Pinski <pinskia@gmail.com>
Cc: Jonathan Wakely <jwakely.gcc@gmail.com>
Cc: Andrew Clayton <andrew@digital-domain.net>
Cc: Martin Uecker <muecker@gwdg.de>
Cc: David Malcolm <dmalcolm@redhat.com>
Cc: Mike Stump <mikestump@comcast.net>
Cc: Joseph Myers <josmyers@redhat.com>
Signed-off-by: Alejandro Colomar <alx@kernel.org>
---

Hi!

I've added a changelog to the commit message, as requested by Sandra,
and noted her review.

Have a lovely day!
Alex


Range-diff against v7:
1:  c0f3ffcca7a ! 1:  06236d0aa05 C, ObjC: Add -Wunterminated-string-initialization
    @@ Commit message
         Since Wc++-compat now includes this warning, the test has to be modified
         to expect the text of the new warning too, in <gcc.dg/Wcxx-compat-14.c>.
     
    +    gcc/c-family/ChangeLog:
    +
    +            * c.opt: Add -Wunterminated-string-initialization.
    +
    +    gcc/c/ChangeLog:
    +
    +            * c-typeck.cc (digest_init): Separate warnings about character
    +              arrays being initialized as unterminated character sequences
    +              with string literals, from -Wc++-compat, into a new warning,
    +              -Wunterminated-string-initialization.
    +
    +    gcc/ChangeLog:
    +
    +            * doc/invoke.texi: Document the new
    +              -Wunterminated-string-initialization.
    +
    +    gcc/testsuite/ChangeLog:
    +
    +            * gcc.dg/Wcxx-compat-14.c: Adapt the test to match the new text
    +              of the warning, which doesn't say anything about C++ anymore.
    +            * gcc.dg/Wunterminated-string-initialization.c: New test.
    +
         Link: <https://lists.gnu.org/archive/html/groff/2022-11/msg00059.html>
         Link: <https://lists.gnu.org/archive/html/groff/2022-11/msg00063.html>
         Link: <https://inbox.sourceware.org/gcc/36da94eb-1cac-5ae8-7fea-ec66160cf413@gmail.com/T/>
         Acked-by: Doug McIlroy <douglas.mcilroy@dartmouth.edu>
    +    [Sandra: The documentation parts of the patch are OK.]
    +    Reviewed-by: Sandra Loosemore <sloosemore@baylibre.com>
         Cc: "G. Branden Robinson" <g.branden.robinson@gmail.com>
         Cc: Ralph Corderoy <ralph@inputplus.co.uk>
         Cc: Dave Kemper <saint.snit@gmail.com>
    @@ Commit message
         Cc: David Malcolm <dmalcolm@redhat.com>
         Cc: Mike Stump <mikestump@comcast.net>
         Cc: Joseph Myers <josmyers@redhat.com>
    -    Cc: Sandra Loosemore <sloosemore@baylibre.com>
         Signed-off-by: Alejandro Colomar <alx@kernel.org>
     
      ## gcc/c-family/c.opt ##

 gcc/c-family/c.opt                            |  4 ++++
 gcc/c/c-typeck.cc                             |  6 +++---
 gcc/doc/invoke.texi                           | 20 ++++++++++++++++++-
 gcc/testsuite/gcc.dg/Wcxx-compat-14.c         |  2 +-
 .../Wunterminated-string-initialization.c     |  6 ++++++
 5 files changed, 33 insertions(+), 5 deletions(-)
 create mode 100644 gcc/testsuite/gcc.dg/Wunterminated-string-initialization.c

diff --git a/gcc/c-family/c.opt b/gcc/c-family/c.opt
index 44b9c862c14..3837021747b 100644
--- a/gcc/c-family/c.opt
+++ b/gcc/c-family/c.opt
@@ -1407,6 +1407,10 @@ Wunsuffixed-float-constants
 C ObjC Var(warn_unsuffixed_float_constants) Warning
 Warn about unsuffixed float constants.
 
+Wunterminated-string-initialization
+C ObjC Var(warn_unterminated_string_initialization) Warning LangEnabledBy(C ObjC,Wextra || Wc++-compat)
+Warn about character arrays initialized as unterminated character sequences with a string literal.
+
 Wunused
 C ObjC C++ ObjC++ LangEnabledBy(C ObjC C++ ObjC++,Wall)
 ; documented in common.opt
diff --git a/gcc/c/c-typeck.cc b/gcc/c/c-typeck.cc
index e55e887da14..7df9de819ed 100644
--- a/gcc/c/c-typeck.cc
+++ b/gcc/c/c-typeck.cc
@@ -8399,11 +8399,11 @@ digest_init (location_t init_loc, tree type, tree init, tree origtype,
 		pedwarn_init (init_loc, 0,
 			      ("initializer-string for array of %qT "
 			       "is too long"), typ1);
-	      else if (warn_cxx_compat
+	      else if (warn_unterminated_string_initialization
 		       && compare_tree_int (TYPE_SIZE_UNIT (type), len) < 0)
-		warning_at (init_loc, OPT_Wc___compat,
+		warning_at (init_loc, OPT_Wunterminated_string_initialization,
 			    ("initializer-string for array of %qT "
-			     "is too long for C++"), typ1);
+			     "is too long"), typ1);
 	      if (compare_tree_int (TYPE_SIZE_UNIT (type), len) < 0)
 		{
 		  unsigned HOST_WIDE_INT size
diff --git a/gcc/doc/invoke.texi b/gcc/doc/invoke.texi
index 146b40414b0..4e85311851f 100644
--- a/gcc/doc/invoke.texi
+++ b/gcc/doc/invoke.texi
@@ -410,7 +410,9 @@ Objective-C and Objective-C++ Dialects}.
 -Wsystem-headers  -Wtautological-compare  -Wtrampolines  -Wtrigraphs
 -Wtrivial-auto-var-init -Wtsan -Wtype-limits  -Wundef
 -Wuninitialized  -Wunknown-pragmas
--Wunsuffixed-float-constants  -Wunused
+-Wunsuffixed-float-constants
+-Wunterminated-string-initialization
+-Wunused
 -Wunused-but-set-parameter  -Wunused-but-set-variable
 -Wunused-const-variable  -Wunused-const-variable=@var{n}
 -Wunused-function  -Wunused-label  -Wunused-local-typedefs
@@ -6264,6 +6266,7 @@ name is still supported, but the newer name is more descriptive.)
 -Wredundant-move @r{(only for C++)}
 -Wtype-limits
 -Wuninitialized
+-Wunterminated-string-initialization
 -Wshift-negative-value @r{(in C++11 to C++17 and in C99 and newer)}
 -Wunused-parameter @r{(only with} @option{-Wunused} @r{or} @option{-Wall}@r{)}
 -Wunused-but-set-parameter @r{(only with} @option{-Wunused} @r{or} @option{-Wall}@r{)}}
@@ -8281,6 +8284,21 @@ arithmetic that may yield out of bounds values. This warning level may
 give a larger number of false positives and is deactivated by default.
 @end table
 
+@opindex Wunterminated-string-initialization
+@opindex Wno-unterminated-string-initialization
+@item -Wunterminated-string-initialization @r{(C and Objective-C only)}
+Warn about character arrays
+initialized as unterminated character sequences
+with a string literal.
+For example:
+
+@smallexample
+char arr[3] = "foo";
+@end smallexample
+
+This warning is enabled by @option{-Wextra} and @option{-Wc++-compat}.
+In C++, such initializations are an error.
+
 @opindex Warray-compare
 @opindex Wno-array-compare
 @item -Warray-compare
diff --git a/gcc/testsuite/gcc.dg/Wcxx-compat-14.c b/gcc/testsuite/gcc.dg/Wcxx-compat-14.c
index 23783711be6..6df0ee197cc 100644
--- a/gcc/testsuite/gcc.dg/Wcxx-compat-14.c
+++ b/gcc/testsuite/gcc.dg/Wcxx-compat-14.c
@@ -2,5 +2,5 @@
 /* { dg-options "-Wc++-compat" } */
 
 char a1[] = "a";
-char a2[1] = "a";	/* { dg-warning "C\[+\]\[+\]" } */
+char a2[1] = "a";	/* { dg-warning "initializer-string for array of 'char' is too long" } */
 char a3[2] = "a";
diff --git a/gcc/testsuite/gcc.dg/Wunterminated-string-initialization.c b/gcc/testsuite/gcc.dg/Wunterminated-string-initialization.c
new file mode 100644
index 00000000000..13d5dbc6640
--- /dev/null
+++ b/gcc/testsuite/gcc.dg/Wunterminated-string-initialization.c
@@ -0,0 +1,6 @@
+/* { dg-do compile } */
+/* { dg-options "-Wunterminated-string-initialization" } */
+
+char a1[] = "a";
+char a2[1] = "a";	/* { dg-warning "initializer-string for array of 'char' is too long" } */
+char a3[2] = "a";
-- 
2.43.0


[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 833 bytes --]