From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-wm1-x32c.google.com (mail-wm1-x32c.google.com [IPv6:2a00:1450:4864:20::32c]) by sourceware.org (Postfix) with ESMTPS id 5E7F83858431 for ; Fri, 17 Mar 2023 01:27:17 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 5E7F83858431 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=gmail.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=gmail.com Received: by mail-wm1-x32c.google.com with SMTP id c8-20020a05600c0ac800b003ed2f97a63eso4234120wmr.3 for ; Thu, 16 Mar 2023 18:27:17 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; t=1679016436; h=in-reply-to:references:cc:to:from:content-language:subject :user-agent:mime-version:date:message-id:from:to:cc:subject:date :message-id:reply-to; bh=UgSRiIIyf8KO0lizoy54yJPDwZtiqUYYGtwg9xB6/Ek=; b=O5nhXgHtVRmUxX1egQ1J3gYRfeEUF7JUQrQVvD5iJLEyBIQ/lqecXXJG0g82WqTOe/ 5aehuyIXN2borWwTgs/Vg3JsCT5EKvJUGXcMYieSFeon19JAmfklwEC5WjD5Ho2yRYEP OaTV1YXIYUbvj5LxV/Ebd51v2Cu2Dgjxm0kBfGT+tBGvwqsz/p/usebUneFbOzde0aBu WgYPzh43KpnPAy/eKy++sMgBv8JhvRfxxKChBTsc+ZiEpx+33Zrw+MynWoYFwud4wgdK DT7g9KeMQaZCC/Oc0sJQZxWfQkv8YJj4fYOgk8KCsC3hZaPNVIn/hbprSd65SJnq0MUH bkFQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; t=1679016436; h=in-reply-to:references:cc:to:from:content-language:subject :user-agent:mime-version:date:message-id:x-gm-message-state:from:to :cc:subject:date:message-id:reply-to; bh=UgSRiIIyf8KO0lizoy54yJPDwZtiqUYYGtwg9xB6/Ek=; b=ZImkW5vFO9YbdnIPHrEpx+WQODY/qobsjrARZsny3EAfJKZSkxwXlpvTgTiAYLvt6d yD7kosDHsXcALJRl+MkD+W5amOacsBIGKt92Ru1gg9TazU0kGJZUlV8Auxxx6rN5oTC3 DNJxfgC9jQM2OXF6dMl2uxfvMvrcCBuv1HCpY9gPTIpCOAZ4xnz3cwnMoeXZQsWMvk8/ 0IsyJZ6kZdlKQnhFhP4CgO3F4kZLQ17CDX8Mjqr9N2W9Pw4nUB++Sx8fM5/UlrsyX0rQ Nie+3VBb9d69sE59ak/BiStIo4U6KDETIAiY74bElnj5scHgf5viA5OICKLzqh+iw/Bg a2WA== X-Gm-Message-State: AO0yUKXlTJE4BTu+Onuuajr171RvEVeP8Q28alS2Mfsvz4xksMS0BRaq Y6wCaBO3CxBSd8lr7ZJfeaQifZlQ5QI= X-Google-Smtp-Source: AK7set+93fZ0YSQThIMWQr8P3DJBoIP5+pPqlTRO6LAOyAZEqnZyBkGy+FFEIeg9v8+JzdUPy3IIKw== X-Received: by 2002:a7b:c315:0:b0:3ed:5eed:555d with SMTP id k21-20020a7bc315000000b003ed5eed555dmr3178298wmj.10.1679016435873; Thu, 16 Mar 2023 18:27:15 -0700 (PDT) Received: from [192.168.0.160] ([170.253.51.134]) by smtp.gmail.com with ESMTPSA id f20-20020a7bcd14000000b003e203681b26sm552443wmj.29.2023.03.16.18.27.14 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Thu, 16 Mar 2023 18:27:15 -0700 (PDT) Message-ID: <86c0ff29-1a1d-2b6c-ac9a-161f3602d47d@gmail.com> Date: Fri, 17 Mar 2023 02:27:06 +0100 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.8.0 Subject: Re: [PATCH] C, ObjC: Add -Wunterminated-string-initialization Content-Language: en-US From: Alejandro Colomar To: gcc@gcc.gnu.org Cc: Alejandro Colomar , Doug McIlroy , "G. Branden Robinson" , Ralph Corderoy , Dave Kemper , Larry McVoy , Andrew Pinski , Jonathan Wakely , Andrew Clayton References: <20230317011218.564190-1-alx@kernel.org> In-Reply-To: <20230317011218.564190-1-alx@kernel.org> Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="------------w2WXRqplHf7XPXprOP9R0YUk" X-Spam-Status: No, score=-10.3 required=5.0 tests=BAYES_00,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,FREEMAIL_FROM,GIT_PATCH_0,NICE_REPLY_A,RCVD_IN_DNSWL_NONE,SPF_HELO_NONE,SPF_PASS,TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --------------w2WXRqplHf7XPXprOP9R0YUk Content-Type: multipart/mixed; boundary="------------yHSCbCQxbOYm0F6a43voQCg1"; protected-headers="v1" From: Alejandro Colomar To: gcc@gcc.gnu.org Cc: Alejandro Colomar , Doug McIlroy , "G. Branden Robinson" , Ralph Corderoy , Dave Kemper , Larry McVoy , Andrew Pinski , Jonathan Wakely , Andrew Clayton Message-ID: <86c0ff29-1a1d-2b6c-ac9a-161f3602d47d@gmail.com> Subject: Re: [PATCH] C, ObjC: Add -Wunterminated-string-initialization References: <20230317011218.564190-1-alx@kernel.org> In-Reply-To: <20230317011218.564190-1-alx@kernel.org> --------------yHSCbCQxbOYm0F6a43voQCg1 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On 3/17/23 02:12, Alejandro Colomar wrote: > Warn about the following: >=20 > char s[3] =3D "foo"; >=20 > Initializing a char array with a string literal of the same length as > the size of the array is usually a mistake. Rarely is the case where > one wants to create a non-terminated character sequence from a string > literal. >=20 > In some cases, for writing faster code, one may want to use arrays > instead of pointers, since that removes the need for storing an array o= f > pointers apart from the strings themselves. >=20 > char *log_levels[] =3D { "info", "warning", "err" }; > vs. > char log_levels[][7] =3D { "info", "warning", "err" }; >=20 > This forces the programmer to specify a size, which might change if a > new entry is later added. Having no way to enforce null termination is= > very dangerous, however, so it is useful to have a warning for this, so= > that the compiler can make sure that the programmer didn't make any > mistakes. This warning catches the bug above, so that the programmer > will be able to fix it and write: >=20 > char log_levels[][8] =3D { "info", "warning", "err" }; >=20 > This warning already existed as part of -Wc++-compat, but this patch > allows enabling it separately. It is also included in -Wextra, since > it may not always be desired (when unterminated character sequences are= > wanted), but it's likely to be desired in most cases. >=20 > Link: > Link: > Link: > Acked-by: Doug McIlroy > Cc: "G. Branden Robinson" > Cc: Ralph Corderoy > Cc: Dave Kemper > Cc: Larry McVoy > Cc: Andrew Pinski > Cc: Jonathan Wakely > Cc: Andrew Clayton > Signed-off-by: Alejandro Colomar > --- >=20 > Hi! >=20 > I finally have a working patch for this warning :-) > Tested with the following code: >=20 > $ cat str.c=20 > int main(void) > { > char a[2] =3D "foo"; > char b[3] =3D "bar"; > char c[4] =3D "baz"; > char d[5] =3D "qwe"; > char log_levels[][N] =3D { // -DN=3D7 > "info", > "warning", > "err" > }; > return *a + *b + *c + *d + log_levels[0][0]; > } >=20 > One thing which doesn't make me fully happy about this warning is that > the message is a bit worse than the one in C++. See: >=20 > $ /opt/local/gnu/gcc/wusi/1/bin/gcc str.c \ > -Wall -Wunterminated-string-initialization -DN=3D8 > str.c: In function =E2=80=98main=E2=80=99: > str.c:4:21: warning: initializer-string for array of =E2=80=98char=E2=80= =99 is too long > 4 | char a[2] =3D "foo"; > | ^~~~~ > str.c:5:21: warning: initializer-string for array of =E2=80=98char=E2=80= =99 is too long for C++ [-Wunterminated-string-initialization] You may notice that these messages still have the "for C++" thingy. I removed that after testing, but since it's just text I didn't test agai= n. > 5 | char b[3] =3D "bar"; > | ^~~~~ > $ /opt/local/gnu/gcc/wusi/1/bin/g++ str.c \ > -Wall -Wunterminated-string-initialization -DN=3D8 > str.c: In function =E2=80=98int main()=E2=80=99: > str.c:4:21: error: initializer-string for =E2=80=98char [2]=E2=80=99 i= s too long [-fpermissive] > 4 | char a[2] =3D "foo"; > | ^~~~~ > str.c:5:21: error: initializer-string for =E2=80=98char [3]=E2=80=99 i= s too long [-fpermissive] > 5 | char b[3] =3D "bar"; > | ^~~~~ >=20 > In C++ we see the complete type in the error message, which is more > informative than "array of 'char'". This is especially relevant for > multiline definitions, where the shown line may not contain the type, > but only the string. However, that was already the case previously wit= h > -Wc++-compat, so a fix for that might be better as a different patch. >=20 > $ /opt/local/gnu/gcc/wusi/1/bin/gcc str.c \ > -Wall -Wunterminated-string-initialization -DN=3D7 > str.c: In function =E2=80=98main=E2=80=99: > str.c:4:21: warning: initializer-string for array of =E2=80=98char=E2=80= =99 is too long > 4 | char a[2] =3D "foo"; > | ^~~~~ > str.c:5:21: warning: initializer-string for array of =E2=80=98char=E2=80= =99 is too long for C++ [-Wunterminated-string-initialization] > 5 | char b[3] =3D "bar"; > | ^~~~~ > str.c:10:17: warning: initializer-string for array of =E2=80=98char=E2= =80=99 is too long for C++ [-Wunterminated-string-initialization] > 10 | "warning", > | ^~~~~~~~~ > $ /opt/local/gnu/gcc/wusi/1/bin/g++ str.c \ > -Wall -Wunterminated-string-initialization -DN=3D7 > str.c: In function =E2=80=98int main()=E2=80=99: > str.c:4:21: error: initializer-string for =E2=80=98char [2]=E2=80=99 i= s too long [-fpermissive] > 4 | char a[2] =3D "foo"; > | ^~~~~ > str.c:5:21: error: initializer-string for =E2=80=98char [3]=E2=80=99 i= s too long [-fpermissive] > 5 | char b[3] =3D "bar"; > | ^~~~~ > str.c:10:17: error: initializer-string for =E2=80=98char [7]=E2=80=99 = is too long [-fpermissive] > 10 | "warning", > | ^~~~~~~~~ >=20 >=20 > BTW, I only tested C; not ObjC. I never in my life used Objective C, s= o > I don't even know how relevant this is for that language. I just found= > that it has -Wc++-compat, and so I guessed that this warning would also= > trigger in that language, so I did the same as for C. I hope that's > correct. >=20 > Cheers, >=20 > Alex >=20 > gcc/c-family/c.opt | 4 ++++ > gcc/c/c-typeck.cc | 6 +++--- > 2 files changed, 7 insertions(+), 3 deletions(-) >=20 > diff --git a/gcc/c-family/c.opt b/gcc/c-family/c.opt > index 3333cddeece..7f1fccfe02b 100644 > --- a/gcc/c-family/c.opt > +++ b/gcc/c-family/c.opt > @@ -1382,6 +1382,10 @@ Wunsuffixed-float-constants > C ObjC Var(warn_unsuffixed_float_constants) Warning > Warn about unsuffixed float constants. > =20 > +Wunterminated-string-initialization > +C ObjC Var(warn_unterminated_string_initialization) Warning LangEnable= dBy(C ObjC,Wextra || Wc++-compat) > +Warn about character arrays initialized as unterminated character sequ= ences by a string literal. > + > Wunused > C ObjC C++ ObjC++ LangEnabledBy(C ObjC C++ ObjC++,Wall) > ; documented in common.opt > diff --git a/gcc/c/c-typeck.cc b/gcc/c/c-typeck.cc > index 45bacc06c47..ce2750f98bb 100644 > --- a/gcc/c/c-typeck.cc > +++ b/gcc/c/c-typeck.cc > @@ -8420,11 +8420,11 @@ digest_init (location_t init_loc, tree type, tr= ee init, tree origtype, > pedwarn_init (init_loc, 0, > ("initializer-string for array of %qT " > "is too long"), typ1); > - else if (warn_cxx_compat > + else if (warn_unterminated_string_initialization > && compare_tree_int (TYPE_SIZE_UNIT (type), len) < 0) > - warning_at (init_loc, OPT_Wc___compat, > + warning_at (init_loc, OPT_Wunterminated_string_initialization, > ("initializer-string for array of %qT " > - "is too long for C++"), typ1); > + "is too long"), typ1); > if (compare_tree_int (TYPE_SIZE_UNIT (type), len) < 0) > { > unsigned HOST_WIDE_INT size --=20 GPG key fingerprint: A9348594CE31283A826FBDD8D57633D441E25BB5 --------------yHSCbCQxbOYm0F6a43voQCg1-- --------------w2WXRqplHf7XPXprOP9R0YUk Content-Type: application/pgp-signature; name="OpenPGP_signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="OpenPGP_signature" -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE6jqH8KTroDDkXfJAnowa+77/2zIFAmQTweoACgkQnowa+77/ 2zKrDg/7BBwXiw3d+lrGwp+z0g9uujbXsYttr36GTK2eXHWConi+YDEU5VNU1TVg RyLZjnDUlpV67IWlqlu1erLh/XKWb865KNABYqLymsRwGb/dfVjKlJ4F43kMnPHr gM/aSbuO2mYcZVreieKr7oAPC36aS5OcQWGPhxKXOYs5eQbrgtBgiknxpcxXn8BK i8lc1D52R9RMz63iZP3s6072+qMRT7L2aPTbfO7QTo+eJs39ubkN1uA64bWQ3C+z eVkVV30PgNdctYm+EJQIdfLc1GkVYKnnvb31JEOU6gytR6SnO966QXNNtjORs8OG QEMob+qflowddMOo1dq7tYBg99oYAUG4SEbM+S38QO187qhQLBSu7GyRqY5A47dd Q0VHaWaHcZUNN5/tSjaxzIelsmlyC0U2YX7C+jVqouFZSJwNVurMwuezbM5ILHoA kxA99IBuKkw0gWO2LI0hZDeorKI7Yq0DUdAXwYkQold+3YK90BqCUWLEfQMunAVz Ljv7hNf9cmFtii3EOfsG9kiW4sgImtpNyqDTBj/zF6/hda8gLNDqjQTgE2yngiU6 eqNfg3lFQfZH8rzILDJYwA75KZ10wh3ooXx/buozAjW5nzkxnfi6rDvX2kCUrQ2U FGXei6vXNVOwna0Yd+aA9kHu9t+tdHTQXJPVoKoJfE2JJiOQiM4= =cx4M -----END PGP SIGNATURE----- --------------w2WXRqplHf7XPXprOP9R0YUk--