I've again seen some code like this: sprintf(buf, "%s-%s", buf, to_add); and gcc doesn't complain, even though the declaration of sprintf is extern int sprintf (char *__restrict __s, __const char *__restrict __format, ...); Wouldn't it be possible for gcc to check the enforcement of restricted pointer, at least in the trivial cases like this one?
Confirmed.
I've also run into this. Perhaps the machinery which tracks strict aliasing (and generates best-effort warnings) could be used here? ... adding this comment instead of filing a duplicate :P
Author: prathamesh3492 Date: Sun Nov 13 19:38:36 2016 New Revision: 242366 URL: https://gcc.gnu.org/viewcvs?rev=242366&root=gcc&view=rev Log: 2016-11-13 Prathamesh Kulkarni <prathamesh.kulkarni@linaro.org> PR c/35503 * doc/invoke.texi: Document Wrestrict. * pretty-print.c (pp_format): Add case for "Z" specifier. (test_pp_format): Test "Z" specifier. c-family/ * c-common.h (warn_for_restrict): Declare. * c-warn.c: Include gcc-rich-location.h. (warn_for_restrict): New function. * c-format.c (gcc_tdiag_char_table): Add entry for "Z" specifier. (gcc_cdiag_char_table): Likewise. (gcc_cxxdiag_char_table): Likewise. * c.opt (Wrestrict): New option. c/ * c-parser.c (c_parser_postfix_expression_after_primary): Call warn_for_restrict. cp/ * parser.c (cp_parser_postfix_pexpression): Call warn_for_restrict. testsuite/ * c-c++-common/pr35503-1.c: New test. * c-c++-common/pr35503-2.c: Likewise. * c-c++-common/pr35503-3.c: Likewise. * gcc.dg/format/gcc_diag-1.c: Add tests for "Z" specifier. Added: trunk/gcc/testsuite/c-c++-common/pr35503-1.c trunk/gcc/testsuite/c-c++-common/pr35503-2.c trunk/gcc/testsuite/c-c++-common/pr35503-3.c Modified: trunk/gcc/ChangeLog trunk/gcc/c-family/c-common.h trunk/gcc/c-family/c-format.c trunk/gcc/c-family/c-warn.c trunk/gcc/c-family/c.opt trunk/gcc/c/c-parser.c trunk/gcc/cp/parser.c trunk/gcc/doc/invoke.texi trunk/gcc/pretty-print.c trunk/gcc/testsuite/ChangeLog trunk/gcc/testsuite/gcc.dg/format/gcc_diag-1.c
*** Bug 29465 has been marked as a duplicate of this bug. ***
Can we close this PR as resolved?
Well, yes and no: -Wrestrict does indeed warn about this in gcc 7 now, but -Wall -Wextra does not contain -Wrestrict, so that makes it almost useless. Is there a reason for not including -Wrestrict in at least -Wextra (I'd even argue for -Wall because it's really sure that there is a bug in code doing this)
I don't think the current implementation of the warning is prone to false positives so it seems that it could safely be included it in -Wall. Unfortunately, the overly simplistic implementation makes it prone to many false negatives (in fact, the warning detects only the most basic cases where the pointer arguments are the same), making it useful for not much more than demos. To make it suitable for more than that it will need to be moved from the front-end to the middle-end. The request should probably also not be considered fully resolved until the motivating example comment #0 (printf(buf, "%s-%s", buf, to_add)) is diagnosed. I think that should actually be fairly easily doable in the gimple-ssa-sprintf.c pass.
I'm testing a patch for the sprintf case.
sprintf -Wrestrict enhancement for review: https://gcc.gnu.org/ml/gcc-patches/2017-07/msg00036.html
Well, the fact that there are a lot of false negative is not an argument for not including it in -Wall :) The current implementation does catch the issues I have seen in existing code, so it is already useful to raise it.
The following patch (submitted under bug 78918) extends -Wrestrict to the middle-end letting the warning detect more involved aliasing violations. It also includes -Wrestrict in -Wall. https://gcc.gnu.org/ml/gcc-patches/2017-07/msg00917.html
Patch committed in r255755.
Author: msebor Date: Tue Nov 12 17:18:37 2019 New Revision: 278098 URL: https://gcc.gnu.org/viewcvs?rev=278098&root=gcc&view=rev Log: PR middle-end/83688 - check if buffers may overlap when copying strings using sprintf gcc/ChangeLog: PR middle-end/83688 * gimple-ssa-sprintf.c (format_result::alias_info): New struct. (directive::argno): New member. (format_result::aliases, format_result::alias_count): New data members. (format_result::append_alias): New member function. (fmtresult::dst_offset): New data member. (pass_sprintf_length::call_info::dst_origin): New data member. (pass_sprintf_length::call_info::dst_field, dst_offset): Same. (char_type_p, array_elt_at_offset, field_at_offset): New functions. (get_origin_and_offset): Same. (format_string): Call it. (format_directive): Call append_alias and set directive argument number. (maybe_warn_overlap): New function. (pass_sprintf_length::compute_format_length): Call it. (pass_sprintf_length::handle_gimple_call): Initialize new members. * gcc/tree-ssa-strlen.c (): Also enable when -Wrestrict is on. gcc/testsuite/ChangeLog: PR tree-optimization/35503 * gcc.dg/tree-ssa/builtin-sprintf-warn-23.c: New test. Added: trunk/gcc/testsuite/gcc.dg/tree-ssa/builtin-sprintf-warn-23.c Modified: trunk/gcc/ChangeLog trunk/gcc/gimple-ssa-sprintf.c trunk/gcc/testsuite/ChangeLog trunk/gcc/tree-ssa-strlen.c