New string-truncation warnings from GCC 15
Several of the buildfarm animals seem to have been updated to
GCC 15 over the past week or so. They are now moaning about
various places where we're intentionally omitting a string
terminator, eg these warnings from scorpion:
scorpion | 2025-09-16 18:39:03 | ../pgsql/src/backend/commands/copyfromparse.c:139:41: warning: initializer-string for array of 'char' truncates NUL terminator but destination lacks 'nonstring' attribute (12 chars into 11 available) [-Wunterminated-string-initialization]
scorpion | 2025-09-16 18:39:03 | ../pgsql/src/backend/commands/copyto.c:109:41: warning: initializer-string for array of 'char' truncates NUL terminator but destination lacks 'nonstring' attribute (12 chars into 11 available) [-Wunterminated-string-initialization]
scorpion | 2025-09-16 18:39:03 | ../pgsql/src/backend/utils/adt/encode.c:152:1: warning: initializer-string for array of 'char' truncates NUL terminator but destination lacks 'nonstring' attribute (513 chars into 512 available) [-Wunterminated-string-initialization]
scorpion | 2025-09-16 18:39:03 | ../pgsql/src/backend/utils/adt/numutils.c:30:1: warning: initializer-string for array of 'char' truncates NUL terminator but destination lacks 'nonstring' attribute (201 chars into 200 available) [-Wunterminated-string-initialization]
scorpion | 2025-09-16 18:39:03 | ../pgsql/contrib/fuzzystrmatch/daitch_mokotoff.c:92:20: warning: initializer-string for array of 'char' truncates NUL terminator but destination lacks 'nonstring' attribute (7 chars into 6 available) [-Wunterminated-string-initialization]
These are not bugs, but it'd be a good idea to silence the
warnings somehow.
Plan A seems to be to do what the warning suggests and add
a "nonstring" marker to these constants. I gather the syntax
is like this:
char a2nonstring[1] __attribute__((nonstring)) = "a";
It's not clear to me how well this approach will play with
non-GCC compilers.
Plan B could be to change the code so that we're not
truncating the implicit \0 characters. It doesn't look
to me like this would involve any large amount of violence
to the logic, but it's a bit less pretty.
Plan B would be a compiler-independent fix, so I mildly favor plan B.
Thoughts?
regards, tom lane
Hi,
On 2025-09-16 18:48:07 -0400, Tom Lane wrote:
Several of the buildfarm animals seem to have been updated to
GCC 15 over the past week or so. They are now moaning about
various places where we're intentionally omitting a string
terminator, eg these warnings from scorpion:scorpion | 2025-09-16 18:39:03 | ../pgsql/src/backend/commands/copyfromparse.c:139:41: warning: initializer-string for array of 'char' truncates NUL terminator but destination lacks 'nonstring' attribute (12 chars into 11 available) [-Wunterminated-string-initialization]
scorpion | 2025-09-16 18:39:03 | ../pgsql/src/backend/commands/copyto.c:109:41: warning: initializer-string for array of 'char' truncates NUL terminator but destination lacks 'nonstring' attribute (12 chars into 11 available) [-Wunterminated-string-initialization]
scorpion | 2025-09-16 18:39:03 | ../pgsql/src/backend/utils/adt/encode.c:152:1: warning: initializer-string for array of 'char' truncates NUL terminator but destination lacks 'nonstring' attribute (513 chars into 512 available) [-Wunterminated-string-initialization]
scorpion | 2025-09-16 18:39:03 | ../pgsql/src/backend/utils/adt/numutils.c:30:1: warning: initializer-string for array of 'char' truncates NUL terminator but destination lacks 'nonstring' attribute (201 chars into 200 available) [-Wunterminated-string-initialization]
scorpion | 2025-09-16 18:39:03 | ../pgsql/contrib/fuzzystrmatch/daitch_mokotoff.c:92:20: warning: initializer-string for array of 'char' truncates NUL terminator but destination lacks 'nonstring' attribute (7 chars into 6 available) [-Wunterminated-string-initialization]These are not bugs, but it'd be a good idea to silence the
warnings somehow.
I also started to see these locally, I was working up the will to do something
about it...
Plan A seems to be to do what the warning suggests and add
a "nonstring" marker to these constants. I gather the syntax
is like this:char a2nonstring[1] __attribute__((nonstring)) = "a";
It's not clear to me how well this approach will play with
non-GCC compilers.
I'd assume we'd do something like
#if has_attribute(nonstring)
#define pg_nonstring __attribute__((nonstring))
#else
...
#define pg_nonstring
#endif
I can't really imagine that causing issues for other compilers...
Plan B could be to change the code so that we're not
truncating the implicit \0 characters. It doesn't look
to me like this would involve any large amount of violence
to the logic, but it's a bit less pretty.Plan B would be a compiler-independent fix, so I mildly favor plan B.
I very mildly prefer the attribute, since that triggers warnings when using
unsuitable string functions on such arrays... It's not a huge win or anything,
but seems mildly nice.
Greetings,
Andres Freund
Andres Freund <andres@anarazel.de> writes:
On 2025-09-16 18:48:07 -0400, Tom Lane wrote:
It's not clear to me how well this approach will play with
non-GCC compilers.
I'd assume we'd do something like
#if has_attribute(nonstring)
#define pg_nonstring __attribute__((nonstring))
#else
...
#define pg_nonstring
#endif
I can't really imagine that causing issues for other compilers...
Well, it wouldn't cause build failures, but perhaps it might fail
to silence comparable warnings from other compilers? This is
hypothetical of course, I don't know of any such case today.
regards, tom lane
On 17.09.25 00:48, Tom Lane wrote:
Several of the buildfarm animals seem to have been updated to
GCC 15 over the past week or so. They are now moaning about
various places where we're intentionally omitting a string
terminator, eg these warnings from scorpion:scorpion | 2025-09-16 18:39:03 | ../pgsql/src/backend/commands/copyfromparse.c:139:41: warning: initializer-string for array of 'char' truncates NUL terminator but destination lacks 'nonstring' attribute (12 chars into 11 available) [-Wunterminated-string-initialization]
Note that this is not a default warning option in gcc or an option put
in by PostgreSQL. This comes from -Wextra, which that buildfarm member
has added by itself. So there is also an option C in having that
buildfarm member turn off that option.
That said, I think addressing this with some attribute decoration could
be useful. But then we should also add this option explicitly to our
warning option set, so that going forward we can maintain this locally
and not via a lone buildfarm member.
Peter Eisentraut <peter@eisentraut.org> writes:
On 17.09.25 00:48, Tom Lane wrote:
Several of the buildfarm animals seem to have been updated to
GCC 15 over the past week or so. They are now moaning about
various places where we're intentionally omitting a string
terminator, eg these warnings from scorpion:scorpion | 2025-09-16 18:39:03 | ../pgsql/src/backend/commands/copyfromparse.c:139:41: warning: initializer-string for array of 'char' truncates NUL terminator but destination lacks 'nonstring' attribute (12 chars into 11 available) [-Wunterminated-string-initialization]
Note that this is not a default warning option in gcc or an option put
in by PostgreSQL. This comes from -Wextra, which that buildfarm member
has added by itself. So there is also an option C in having that
buildfarm member turn off that option.
Oh! Hmm... I am not sure that we want to commit to being -Wextra
clean across-the-board. The reason those warnings aren't in -Wall
is precisely that they are not always reasonable to suppress.
(The gcc manual used to say that in more-or-less so many words,
although I see they've removed that helpful bit of advice.)
I'm quite willing to just start ignoring
-Wunterminated-string-initialization in my warning-scraping script.
regards, tom lane
Hi,
On 2025-09-17 16:38:56 -0400, Tom Lane wrote:
Peter Eisentraut <peter@eisentraut.org> writes:
On 17.09.25 00:48, Tom Lane wrote:
Several of the buildfarm animals seem to have been updated to
GCC 15 over the past week or so. They are now moaning about
various places where we're intentionally omitting a string
terminator, eg these warnings from scorpion:scorpion | 2025-09-16 18:39:03 | ../pgsql/src/backend/commands/copyfromparse.c:139:41: warning: initializer-string for array of 'char' truncates NUL terminator but destination lacks 'nonstring' attribute (12 chars into 11 available) [-Wunterminated-string-initialization]
Note that this is not a default warning option in gcc or an option put
in by PostgreSQL. This comes from -Wextra, which that buildfarm member
has added by itself. So there is also an option C in having that
buildfarm member turn off that option.Oh! Hmm... I am not sure that we want to commit to being -Wextra
clean across-the-board.
We've been -Wextra clean for years, with a few temporary exceptions. IME a lot
of warnings added to -Wextra in one year, get promoted to -Wall a few releases
later. I found plenty mistakes with -Wextra stuff, so I'd be sad if we decided
we're not trying to fix them...
Greetings,
Andres Freund
Andres Freund <andres@anarazel.de> writes:
On 2025-09-17 16:38:56 -0400, Tom Lane wrote:
Oh! Hmm... I am not sure that we want to commit to being -Wextra
clean across-the-board.
We've been -Wextra clean for years, with a few temporary exceptions. IME a lot
of warnings added to -Wextra in one year, get promoted to -Wall a few releases
later. I found plenty mistakes with -Wextra stuff, so I'd be sad if we decided
we're not trying to fix them...
Well, we should either commit to it (and put -Wextra into our
standard switches) or not.
regards, tom lane
On 2025-09-17 17:00:42 -0400, Tom Lane wrote:
Andres Freund <andres@anarazel.de> writes:
On 2025-09-17 16:38:56 -0400, Tom Lane wrote:
Oh! Hmm... I am not sure that we want to commit to being -Wextra
clean across-the-board.We've been -Wextra clean for years, with a few temporary exceptions. IME a lot
of warnings added to -Wextra in one year, get promoted to -Wall a few releases
later. I found plenty mistakes with -Wextra stuff, so I'd be sad if we decided
we're not trying to fix them...Well, we should either commit to it (and put -Wextra into our
standard switches) or not.
I'd be mildly worried about -Wextra in older compilers (and clang, but just
because I don't regularly track -Wextra with clang). But I'd be up for trying
it out.
A slightly more targeted approach would be to add -Wstringop-truncation to our
explicitly enabled warnings...
Greetings,
Andres Freund
Andres Freund <andres@anarazel.de> writes:
On 2025-09-17 17:00:42 -0400, Tom Lane wrote:
Well, we should either commit to it (and put -Wextra into our
standard switches) or not.
I'd be mildly worried about -Wextra in older compilers (and clang, but just
because I don't regularly track -Wextra with clang). But I'd be up for trying
it out.
Yeah, I was imagining a trial in master only to see how noisy the
buildfarm gets ... we can either back it out or work at cleaning
up the warnings, depending on what we see.
regards, tom lane
Hi,
On 2025-09-17 17:26:50 -0400, Tom Lane wrote:
Andres Freund <andres@anarazel.de> writes:
On 2025-09-17 17:00:42 -0400, Tom Lane wrote:
Well, we should either commit to it (and put -Wextra into our
standard switches) or not.I'd be mildly worried about -Wextra in older compilers (and clang, but just
because I don't regularly track -Wextra with clang). But I'd be up for trying
it out.Yeah, I was imagining a trial in master only to see how noisy the
buildfarm gets ... we can either back it out or work at cleaning
up the warnings, depending on what we see.
It turns out -Wextra works for me because I use some extra option to disable
stupid parts of -Wextra. I forgot about that because it's just part of my
scripts / my shared buildfarm animal configuration.
gcc-14 with
-Wextra -Wno-unused-parameter -Wno-sign-compare -Wno-clobbered -Wno-missing-field-initializers
gcc-15 with
-Wextra -Wno-unused-parameter -Wno-sign-compare -Wno-clobbered -Wno-missing-field-initializers -Wno-unterminated-string-initialization
clang-19 with
-Wextra -Wno-unused-parameter -Wno-sign-compare -Wno-missing-field-initializers
clang-21 with
-Wextra -Wno-unused-parameter -Wno-sign-compare -Wno-missing-field-initializers -Wno-unterminated-string-initialization
compile without warnings.
Note that clang-21 (or 20) also got support for nonstring:
../../home/andres/src/postgresql/src/backend/utils/adt/encode.c:152:1: warning: initializer-string for character array is too long, array size is 512 but initializer has size 513 (including the null terminating character); did you mean to use the 'nonstring' attribute? [-Wunterminated-string-initialization]
I guess due to the extra disabling arguments I feel less sure about adding
-Wextra to the default arguments. OTOH, the set of arguments to disable has
stayed fairly stable over the last few years (until
-Wno-unterminated-string-initialization).
Greetings,
Andres Freund