[-Wunterminated-string-initialization] Handle C string literals ending with explicit '\0' #143487
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…g with explicit '\0' In C, a char array needs no "nonstring" attribute, if its initializer is a string literal that 1) explicitly ends with '\0' and 2) fits in the array after a possible truncation. For example `char a[4] = "ABC\0"; // fine, needs no "nonstring" attr` rdar://152506883
ziqingluo-90
requested review from
frobtech,
AaronBallman,
shafik,
erichkeane and
Sirraide
llvmbot
added
clang
|
@llvm/pr-subscribers-clang Author: Ziqing Luo (ziqingluo-90) ChangesIn C, a char array needs no "nonstring" attribute, if its initializer is a string literal that 1) explicitly ends with '\0' and 2) fits in the array after a possible truncation. For example rdar://152506883 Full diff: https://github.com/llvm/llvm-project/pull/143487.diff 2 Files Affected:
diff --git a/clang/lib/Sema/SemaInit.cpp b/clang/lib/Sema/SemaInit.cpp
index da56225b2f926..f7592688e0327 100644
--- a/clang/lib/Sema/SemaInit.cpp
+++ b/clang/lib/Sema/SemaInit.cpp
@@ -260,6 +260,11 @@ static void CheckStringInit(Expr *Str, QualType &DeclT, const ArrayType *AT,
diag::ext_initializer_string_for_char_array_too_long)
<< Str->getSourceRange();
else if (StrLength - 1 == ArrayLen) {
+ // If the string literal is null-terminated explicitly, e.g., `char a[4] =
+ // "ABC\0"`, there should be no warn:
+ if (const auto *SL = dyn_cast<StringLiteral>(Str->IgnoreParens()))
+ if (SL->isOrdinary() && SL->getBytes().back() == 0)
+ return;
// If the entity being initialized has the nonstring attribute, then
// silence the "missing nonstring" diagnostic. If there's no entity,
// check whether we're initializing an array of arrays; if so, walk the
diff --git a/clang/test/Sema/attr-nonstring_safe.c b/clang/test/Sema/attr-nonstring_safe.c
new file mode 100644
index 0000000000000..3ea441e033dba
--- /dev/null
+++ b/clang/test/Sema/attr-nonstring_safe.c
@@ -0,0 +1,28 @@
+// RUN: %clang_cc1 -fsyntax-only -verify -Wunterminated-string-initialization %s -x c
+// RUN: %clang_cc1 -fsyntax-only -verify -Wunterminated-string-initialization %s -x c++
+
+
+// In C, the following examples are fine:
+#if __cplusplus
+char foo[3] = "fo\0"; // expected-error {{initializer-string for char array is too long, array size is 3 but initializer has size 4 (including the null terminating character)}}
+
+struct S {
+ char buf[3];
+ char fub[3];
+} s = { "ba\0", "bo\0" }; // expected-error 2{{initializer-string for char array is too long, array size is 3 but initializer has size 4 (including the null terminating character)}}
+
+signed char scfoo[3] = "fo\0"; // expected-error {{initializer-string for char array is too long, array size is 3 but initializer has size 4 (including the null terminating character)}}
+unsigned char ucfoo[3] = "fo\0"; // expected-error {{initializer-string for char array is too long, array size is 3 but initializer has size 4 (including the null terminating character)}}
+
+#else
+//expected-no-diagnostics
+char foo[3] = "fo\0";
+
+struct S {
+ char buf[3];
+ char fub[3];
+} s = { "ba\0", "bo\0" };
+
+signed char scfoo[3] = "fo\0";
+unsigned char ucfoo[3] = "fo\0";
+#endif
|
tbaederr
reviewed
Jun 10, 2025
clang/lib/Sema/SemaInit.cpp
Outdated
| @@ -260,6 +260,11 @@ static void CheckStringInit(Expr *Str, QualType &DeclT, const ArrayType *AT, | |||
| diag::ext_initializer_string_for_char_array_too_long) | |||
| << Str->getSourceRange(); | |||
| else if (StrLength - 1 == ArrayLen) { | |||
| // If the string literal is null-terminated explicitly, e.g., `char a[4] = | |||
| // "ABC\0"`, there should be no warn: | |||
| if (const auto *SL = dyn_cast<StringLiteral>(Str->IgnoreParens())) | |||
There was a problem hiding this comment.
Suggested change
| if (const auto *SL = dyn_cast<StringLiteral>(Str->IgnoreParens())) | |
| if (const auto *SL = dyn_cast<StringLiteral>(Str->IgnoreParens()); SL && SL->isOrdinary() && SL->getBytes().back() == 0) |
zwuis
reviewed
Jun 10, 2025
|
|
||
|
|
||
| // In C, the following examples are fine: | ||
| #if __cplusplus |
There was a problem hiding this comment.
Suggested change
| #if __cplusplus | |
| #ifdef __cplusplus |
Sirraide
requested changes
Jun 10, 2025
clang/lib/Sema/SemaInit.cpp
Outdated
| @@ -260,6 +260,11 @@ static void CheckStringInit(Expr *Str, QualType &DeclT, const ArrayType *AT, | |||
| diag::ext_initializer_string_for_char_array_too_long) | |||
| << Str->getSourceRange(); | |||
| else if (StrLength - 1 == ArrayLen) { | |||
| // If the string literal is null-terminated explicitly, e.g., `char a[4] = | |||
| // "ABC\0"`, there should be no warn: | |||
There was a problem hiding this comment.
Suggested change
| // "ABC\0"`, there should be no warn: | |
| // "ABC\0"`, there should be no warning. |
erichkeane
reviewed
Jun 10, 2025
clang/lib/Sema/SemaInit.cpp
Outdated
| // If the string literal is null-terminated explicitly, e.g., `char a[4] = | ||
| // "ABC\0"`, there should be no warn: | ||
| if (const auto *SL = dyn_cast<StringLiteral>(Str->IgnoreParens())) | ||
| if (SL->isOrdinary() && SL->getBytes().back() == 0) |
There was a problem hiding this comment.
Is this encoding-aware? what about if this is a 2nd byte in a multi-byte?
There was a problem hiding this comment.
Also, this means the functionality only works for char and not other string types. I would imagine we'd want to also support: wchar_t foo[4] = { L'f', L'o', L'o', L'\0' }; and other variants.
clang/lib/Sema/SemaInit.cpp
Outdated
| // If the string literal is null-terminated explicitly, e.g., `char a[4] = | ||
| // "ABC\0"`, there should be no warn: | ||
| if (const auto *SL = dyn_cast<StringLiteral>(Str->IgnoreParens())) | ||
| if (SL->isOrdinary() && SL->getBytes().back() == 0) |
There was a problem hiding this comment.
Also, this means the functionality only works for char and not other string types. I would imagine we'd want to also support: wchar_t foo[4] = { L'f', L'o', L'o', L'\0' }; and other variants.
|
Thank you all for valuable feedbacks. I have improved the PR by
|
shafik
reviewed
Jun 11, 2025
|
@shafik, @erichkeane @AaronBallman @tbaederr @zwuis |
|
|
||
|
|
||
| #ifdef __cplusplus | ||
| // C++ is stricter so the following cases should be warned about: |
There was a problem hiding this comment.
I think we want the same test cases between C and C++, the only thing that should be different is the expected diagnostic comments. e.g.,
char foo3[3] = "fo\0"; // cxx-error {{initializer-string for char array is too long, array size is 3 but initializer has size 4 (including the null terminating character)}}
is fine in C because the diagnostic will only be checked in C++ mode.
The only code that should be in the #if would be things like the typedefs for C.
clang/lib/Sema/SemaInit.cpp
Outdated
| if (const auto *SL = dyn_cast<StringLiteral>(Str->IgnoreParens()); | ||
| SL && SL->getLength() > 0 && | ||
| SL->getCodeUnit(SL->getLength() - 1) == 0) | ||
| return; |
There was a problem hiding this comment.
I think the early return suppresses warn_initializer_string_for_char_array_too_long_for_cpp warnings?
|
LLVM Buildbot has detected a new failure on builder Full details are available at: https://lab.llvm.org/buildbot/#/builders/144/builds/28591 Here is the relevant piece of the build log for the reference |
|
@ziqingluo-90 Hello and greetings form the UK! Are you aware that this change caused the following build bot failure? : Are you looking into a fix? The bot has been red for some time now. If a quick fix is not possible please consider reverting the change until one can be found. Thanks in advance, |
TomWeaver18
pushed a commit
that referenced
this pull request
Jun 26, 2025
…ls ending with explicit '\0' (#143487)" This reverts commit 9903c19. Caused the following buildbot failure: https://lab.llvm.org/buildbot/#/builders/144/builds/28591 Please fix before recommitting.
|
My apologies but I've had to revert this change to get the build bot green again. Reverted in 30de98c |
anthonyhatran
pushed a commit
to anthonyhatran/llvm-project
that referenced
this pull request
Jun 26, 2025
…g with explicit '\0' (llvm#143487) In C, a char array needs no "nonstring" attribute, if its initializer is a string literal that 1) explicitly ends with '\0' and 2) fits in the array after a possible truncation. For example `char a[4] = "ABC\0"; // fine, needs no "nonstring" attr` rdar://152506883
anthonyhatran
pushed a commit
to anthonyhatran/llvm-project
that referenced
this pull request
Jun 26, 2025
…ls ending with explicit '\0' (llvm#143487)" This reverts commit 9903c19. Caused the following buildbot failure: https://lab.llvm.org/buildbot/#/builders/144/builds/28591 Please fix before recommitting.
ziqingluo-90
added a commit
that referenced
this pull request
Jun 27, 2025
…als ending with explicit '\0' (#143487)" In C, a char array needs no "nonstring" attribute, if its initializer is a string literal that 1) explicitly ends with '\0' and 2) fits in the array after a possible truncation. For example `char a[4] = "ABC\0"; // fine, needs no "nonstring" attr` rdar://152506883 This reland disables the test for linux so that it will not block the buildbot: https://lab.llvm.org/buildbot/#/builders/144/builds/28591.
|
LLVM Buildbot has detected a new failure on builder Full details are available at: https://lab.llvm.org/buildbot/#/builders/60/builds/31310 Here is the relevant piece of the build log for the reference |
I don't think the failure is relevant. |
rlavaee
pushed a commit
to rlavaee/llvm-project
that referenced
this pull request
Jul 1, 2025
…g with explicit '\0' (llvm#143487) In C, a char array needs no "nonstring" attribute, if its initializer is a string literal that 1) explicitly ends with '\0' and 2) fits in the array after a possible truncation. For example `char a[4] = "ABC\0"; // fine, needs no "nonstring" attr` rdar://152506883
rlavaee
pushed a commit
to rlavaee/llvm-project
that referenced
this pull request
Jul 1, 2025
…ls ending with explicit '\0' (llvm#143487)" This reverts commit 9903c19. Caused the following buildbot failure: https://lab.llvm.org/buildbot/#/builders/144/builds/28591 Please fix before recommitting.
rlavaee
pushed a commit
to rlavaee/llvm-project
that referenced
this pull request
Jul 1, 2025
…als ending with explicit '\0' (llvm#143487)" In C, a char array needs no "nonstring" attribute, if its initializer is a string literal that 1) explicitly ends with '\0' and 2) fits in the array after a possible truncation. For example `char a[4] = "ABC\0"; // fine, needs no "nonstring" attr` rdar://152506883 This reland disables the test for linux so that it will not block the buildbot: https://lab.llvm.org/buildbot/#/builders/144/builds/28591.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
In C, a char array needs no "nonstring" attribute, if its initializer is a string literal that 1) explicitly ends with '\0' and 2) fits in the array after a possible truncation.
For example
char a[4] = "ABC\0"; // fine, needs no "nonstring" attrrdar://152506883