[PATCH] D11948: Add some macros to abstract marking of parameters as "not null", and use them in <cstring>
Dan Albert via cfe-commits
cfe-commits at lists.llvm.org
Tue Aug 11 13:34:01 PDT 2015
Yeah, those sound like exactly what we want. Helping people find UB is
good, but optimizing assuming we've fixed all of the UB isn't something we
can do. Our bugs end up being rather permanent so we need to be defensive.
On Tue, Aug 11, 2015 at 1:18 PM, Aaron Ballman <aaron at aaronballman.com>
wrote:
> On Tue, Aug 11, 2015 at 4:10 PM, Dan Albert <danalbert at google.com> wrote:
> >> Would you be opposed to annotations that tell the programmer they have
> >> UB in their code, but *do not* effect the code generation?
> >
> >
> > Not on our end. This would be great.
>
> I ask because the new nullability attributes do not affect codegen
> (that I'm aware of), and so they might be a reasonable tradeoff
> between warning users that they've done something with UB, without
> triggering aggressive optimizations, if we didn't want to have some
> sort of flag for this.
>
> That being said, the user's code does have UB if it passes in a null
> pointer for these APIs and relying on the compiler to not optimize
> that is asking for trouble. Warning them about the UB is very
> important. Not optimizing on the UB is far less so, IMO.
>
> ~Aaron
>
> >
> > On Tue, Aug 11, 2015 at 12:56 PM, Aaron Ballman via cfe-commits
> > <cfe-commits at lists.llvm.org> wrote:
> >>
> >> On Tue, Aug 11, 2015 at 3:32 PM, Joerg Sonnenberger via cfe-commits
> >> <cfe-commits at lists.llvm.org> wrote:
> >> > joerg added a comment.
> >> >
> >> > No, it doesn't. It tells the compiler that it is free to make such
> >> > assumptions. Take a step back from the standard. Can you think of any
> >> > reasonable and efficient implementation of memcpy and friends, which
> fails
> >> > for size 0? Adding the annotations (whether here or in string.h)
> effectively
> >> > changes the behavior of the program. It is behavior people have been
> >> > expecting for two decades, even when C90 said something else. This is
> >> > completely different from the warning annotations. I'm just waiting
> for some
> >> > of the bigger projects like PostgreSQL to start getting annoyed
> enough to
> >> > introduce sane_memcpy for this.
> >> > I can't speak for Linux distributions using glibc, but I find this
> kind
> >> > of smoking gun completely unacceptable to force unconditionally on
> everyone.
> >>
> >> Would you be opposed to annotations that tell the programmer they have
> >> UB in their code, but *do not* effect the code generation?
> >>
> >> ~Aaron
> >> _______________________________________________
> >> cfe-commits mailing list
> >> cfe-commits at lists.llvm.org
> >> http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
> >
> >
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/cfe-commits/attachments/20150811/9bfcd137/attachment.html>
More information about the cfe-commits
mailing list