Обсуждение: New string-truncation warnings from GCC 15
Several of the buildfarm animals seem to have been updated to
GCC 15 over the past week or so. They are now moaning about
various places where we're intentionally omitting a string
terminator, eg these warnings from scorpion:
scorpion | 2025-09-16 18:39:03 | ../pgsql/src/backend/commands/copyfromparse.c:139:41: warning:
initializer-stringfor array of 'char' truncates NUL terminator but destination lacks 'nonstring' attribute (12 chars
into11 available) [-Wunterminated-string-initialization]
scorpion | 2025-09-16 18:39:03 | ../pgsql/src/backend/commands/copyto.c:109:41: warning: initializer-string for
arrayof 'char' truncates NUL terminator but destination lacks 'nonstring' attribute (12 chars into 11 available)
[-Wunterminated-string-initialization]
scorpion | 2025-09-16 18:39:03 | ../pgsql/src/backend/utils/adt/encode.c:152:1: warning: initializer-string for
arrayof 'char' truncates NUL terminator but destination lacks 'nonstring' attribute (513 chars into 512 available)
[-Wunterminated-string-initialization]
scorpion | 2025-09-16 18:39:03 | ../pgsql/src/backend/utils/adt/numutils.c:30:1: warning: initializer-string for
arrayof 'char' truncates NUL terminator but destination lacks 'nonstring' attribute (201 chars into 200 available)
[-Wunterminated-string-initialization]
scorpion | 2025-09-16 18:39:03 | ../pgsql/contrib/fuzzystrmatch/daitch_mokotoff.c:92:20: warning:
initializer-stringfor array of 'char' truncates NUL terminator but destination lacks 'nonstring' attribute (7 chars
into6 available) [-Wunterminated-string-initialization]
These are not bugs, but it'd be a good idea to silence the
warnings somehow.
Plan A seems to be to do what the warning suggests and add
a "nonstring" marker to these constants. I gather the syntax
is like this:
char a2nonstring[1] __attribute__((nonstring)) = "a";
It's not clear to me how well this approach will play with
non-GCC compilers.
Plan B could be to change the code so that we're not
truncating the implicit \0 characters. It doesn't look
to me like this would involve any large amount of violence
to the logic, but it's a bit less pretty.
Plan B would be a compiler-independent fix, so I mildly favor plan B.
Thoughts?
regards, tom lane
Hi, On 2025-09-16 18:48:07 -0400, Tom Lane wrote: > Several of the buildfarm animals seem to have been updated to > GCC 15 over the past week or so. They are now moaning about > various places where we're intentionally omitting a string > terminator, eg these warnings from scorpion: > > scorpion | 2025-09-16 18:39:03 | ../pgsql/src/backend/commands/copyfromparse.c:139:41: warning: initializer-stringfor array of 'char' truncates NUL terminator but destination lacks 'nonstring' attribute (12 chars into11 available) [-Wunterminated-string-initialization] > scorpion | 2025-09-16 18:39:03 | ../pgsql/src/backend/commands/copyto.c:109:41: warning: initializer-string for arrayof 'char' truncates NUL terminator but destination lacks 'nonstring' attribute (12 chars into 11 available) [-Wunterminated-string-initialization] > scorpion | 2025-09-16 18:39:03 | ../pgsql/src/backend/utils/adt/encode.c:152:1: warning: initializer-string for arrayof 'char' truncates NUL terminator but destination lacks 'nonstring' attribute (513 chars into 512 available) [-Wunterminated-string-initialization] > scorpion | 2025-09-16 18:39:03 | ../pgsql/src/backend/utils/adt/numutils.c:30:1: warning: initializer-string forarray of 'char' truncates NUL terminator but destination lacks 'nonstring' attribute (201 chars into 200 available) [-Wunterminated-string-initialization] > scorpion | 2025-09-16 18:39:03 | ../pgsql/contrib/fuzzystrmatch/daitch_mokotoff.c:92:20: warning: initializer-stringfor array of 'char' truncates NUL terminator but destination lacks 'nonstring' attribute (7 chars into6 available) [-Wunterminated-string-initialization] > > These are not bugs, but it'd be a good idea to silence the > warnings somehow. I also started to see these locally, I was working up the will to do something about it... > Plan A seems to be to do what the warning suggests and add > a "nonstring" marker to these constants. I gather the syntax > is like this: > > char a2nonstring[1] __attribute__((nonstring)) = "a"; > > It's not clear to me how well this approach will play with > non-GCC compilers. I'd assume we'd do something like #if has_attribute(nonstring) #define pg_nonstring __attribute__((nonstring)) #else ... #define pg_nonstring #endif I can't really imagine that causing issues for other compilers... > Plan B could be to change the code so that we're not > truncating the implicit \0 characters. It doesn't look > to me like this would involve any large amount of violence > to the logic, but it's a bit less pretty. > > Plan B would be a compiler-independent fix, so I mildly favor plan B. I very mildly prefer the attribute, since that triggers warnings when using unsuitable string functions on such arrays... It's not a huge win or anything, but seems mildly nice. Greetings, Andres Freund
Andres Freund <andres@anarazel.de> writes:
> On 2025-09-16 18:48:07 -0400, Tom Lane wrote:
>> It's not clear to me how well this approach will play with
>> non-GCC compilers.
> I'd assume we'd do something like
> #if has_attribute(nonstring)
> #define pg_nonstring __attribute__((nonstring))
> #else
> ...
> #define pg_nonstring
> #endif
> I can't really imagine that causing issues for other compilers...
Well, it wouldn't cause build failures, but perhaps it might fail
to silence comparable warnings from other compilers? This is
hypothetical of course, I don't know of any such case today.
regards, tom lane
On 17.09.25 00:48, Tom Lane wrote: > Several of the buildfarm animals seem to have been updated to > GCC 15 over the past week or so. They are now moaning about > various places where we're intentionally omitting a string > terminator, eg these warnings from scorpion: > > scorpion | 2025-09-16 18:39:03 | ../pgsql/src/backend/commands/copyfromparse.c:139:41: warning: initializer-stringfor array of 'char' truncates NUL terminator but destination lacks 'nonstring' attribute (12 chars into11 available) [-Wunterminated-string-initialization] Note that this is not a default warning option in gcc or an option put in by PostgreSQL. This comes from -Wextra, which that buildfarm member has added by itself. So there is also an option C in having that buildfarm member turn off that option. That said, I think addressing this with some attribute decoration could be useful. But then we should also add this option explicitly to our warning option set, so that going forward we can maintain this locally and not via a lone buildfarm member.
Peter Eisentraut <peter@eisentraut.org> writes:
> On 17.09.25 00:48, Tom Lane wrote:
>> Several of the buildfarm animals seem to have been updated to
>> GCC 15 over the past week or so. They are now moaning about
>> various places where we're intentionally omitting a string
>> terminator, eg these warnings from scorpion:
>>
>> scorpion | 2025-09-16 18:39:03 | ../pgsql/src/backend/commands/copyfromparse.c:139:41: warning:
initializer-stringfor array of 'char' truncates NUL terminator but destination lacks 'nonstring' attribute (12 chars
into11 available) [-Wunterminated-string-initialization]
> Note that this is not a default warning option in gcc or an option put
> in by PostgreSQL. This comes from -Wextra, which that buildfarm member
> has added by itself. So there is also an option C in having that
> buildfarm member turn off that option.
Oh! Hmm... I am not sure that we want to commit to being -Wextra
clean across-the-board. The reason those warnings aren't in -Wall
is precisely that they are not always reasonable to suppress.
(The gcc manual used to say that in more-or-less so many words,
although I see they've removed that helpful bit of advice.)
I'm quite willing to just start ignoring
-Wunterminated-string-initialization in my warning-scraping script.
regards, tom lane
Hi, On 2025-09-17 16:38:56 -0400, Tom Lane wrote: > Peter Eisentraut <peter@eisentraut.org> writes: > > On 17.09.25 00:48, Tom Lane wrote: > >> Several of the buildfarm animals seem to have been updated to > >> GCC 15 over the past week or so. They are now moaning about > >> various places where we're intentionally omitting a string > >> terminator, eg these warnings from scorpion: > >> > >> scorpion | 2025-09-16 18:39:03 | ../pgsql/src/backend/commands/copyfromparse.c:139:41: warning: initializer-stringfor array of 'char' truncates NUL terminator but destination lacks 'nonstring' attribute (12 chars into11 available) [-Wunterminated-string-initialization] > > > Note that this is not a default warning option in gcc or an option put > > in by PostgreSQL. This comes from -Wextra, which that buildfarm member > > has added by itself. So there is also an option C in having that > > buildfarm member turn off that option. > > Oh! Hmm... I am not sure that we want to commit to being -Wextra > clean across-the-board. We've been -Wextra clean for years, with a few temporary exceptions. IME a lot of warnings added to -Wextra in one year, get promoted to -Wall a few releases later. I found plenty mistakes with -Wextra stuff, so I'd be sad if we decided we're not trying to fix them... Greetings, Andres Freund
Andres Freund <andres@anarazel.de> writes:
> On 2025-09-17 16:38:56 -0400, Tom Lane wrote:
>> Oh! Hmm... I am not sure that we want to commit to being -Wextra
>> clean across-the-board.
> We've been -Wextra clean for years, with a few temporary exceptions. IME a lot
> of warnings added to -Wextra in one year, get promoted to -Wall a few releases
> later. I found plenty mistakes with -Wextra stuff, so I'd be sad if we decided
> we're not trying to fix them...
Well, we should either commit to it (and put -Wextra into our
standard switches) or not.
regards, tom lane
On 2025-09-17 17:00:42 -0400, Tom Lane wrote: > Andres Freund <andres@anarazel.de> writes: > > On 2025-09-17 16:38:56 -0400, Tom Lane wrote: > >> Oh! Hmm... I am not sure that we want to commit to being -Wextra > >> clean across-the-board. > > > We've been -Wextra clean for years, with a few temporary exceptions. IME a lot > > of warnings added to -Wextra in one year, get promoted to -Wall a few releases > > later. I found plenty mistakes with -Wextra stuff, so I'd be sad if we decided > > we're not trying to fix them... > > Well, we should either commit to it (and put -Wextra into our > standard switches) or not. I'd be mildly worried about -Wextra in older compilers (and clang, but just because I don't regularly track -Wextra with clang). But I'd be up for trying it out. A slightly more targeted approach would be to add -Wstringop-truncation to our explicitly enabled warnings... Greetings, Andres Freund
Andres Freund <andres@anarazel.de> writes:
> On 2025-09-17 17:00:42 -0400, Tom Lane wrote:
>> Well, we should either commit to it (and put -Wextra into our
>> standard switches) or not.
> I'd be mildly worried about -Wextra in older compilers (and clang, but just
> because I don't regularly track -Wextra with clang). But I'd be up for trying
> it out.
Yeah, I was imagining a trial in master only to see how noisy the
buildfarm gets ... we can either back it out or work at cleaning
up the warnings, depending on what we see.
regards, tom lane
Hi,
On 2025-09-17 17:26:50 -0400, Tom Lane wrote:
> Andres Freund <andres@anarazel.de> writes:
> > On 2025-09-17 17:00:42 -0400, Tom Lane wrote:
> >> Well, we should either commit to it (and put -Wextra into our
> >> standard switches) or not.
>
> > I'd be mildly worried about -Wextra in older compilers (and clang, but just
> > because I don't regularly track -Wextra with clang). But I'd be up for trying
> > it out.
>
> Yeah, I was imagining a trial in master only to see how noisy the
> buildfarm gets ... we can either back it out or work at cleaning
> up the warnings, depending on what we see.
It turns out -Wextra works for me because I use some extra option to disable
stupid parts of -Wextra. I forgot about that because it's just part of my
scripts / my shared buildfarm animal configuration.
gcc-14 with
-Wextra -Wno-unused-parameter -Wno-sign-compare -Wno-clobbered -Wno-missing-field-initializers
gcc-15 with
-Wextra -Wno-unused-parameter -Wno-sign-compare -Wno-clobbered -Wno-missing-field-initializers
-Wno-unterminated-string-initialization
clang-19 with
-Wextra -Wno-unused-parameter -Wno-sign-compare -Wno-missing-field-initializers
clang-21 with
-Wextra -Wno-unused-parameter -Wno-sign-compare -Wno-missing-field-initializers
-Wno-unterminated-string-initialization
compile without warnings.
Note that clang-21 (or 20) also got support for nonstring:
../../home/andres/src/postgresql/src/backend/utils/adt/encode.c:152:1: warning: initializer-string for character array
istoo long, array size is 512 but initializer has size 513 (including the null terminating character); did you mean to
usethe 'nonstring' attribute? [-Wunterminated-string-initialization]
I guess due to the extra disabling arguments I feel less sure about adding
-Wextra to the default arguments. OTOH, the set of arguments to disable has
stayed fairly stable over the last few years (until
-Wno-unterminated-string-initialization).
Greetings,
Andres Freund