<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<p><br>
</p>
<div class="moz-cite-prefix">On 01/04/2017 11:43 AM, James Y Knight
via cfe-dev wrote:<br>
</div>
<blockquote
cite="mid:CAA2zVHqYOeUxfexAhBsovGCRT9MwU+9aOM_GUn24psdp55kB-w@mail.gmail.com"
type="cite">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<div dir="ltr">
<div class="gmail_extra">
<div class="gmail_quote">On Wed, Jan 4, 2017 at 11:12 AM,
Aaron Ballman via cfe-dev <span dir="ltr"><<a
moz-do-not-send="true"
href="mailto:cfe-dev@lists.llvm.org" target="_blank">cfe-dev@lists.llvm.org</a>></span>
wrote:<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px
0.8ex;border-left:1px solid
rgb(204,204,204);padding-left:1ex">
<div class="gmail-HOEnZb">
<div class="gmail-h5">So I would be opposed to ignoring
those attributes in<br>
</div>
</div>
</blockquote>
<blockquote class="gmail_quote" style="margin:0px 0px 0px
0.8ex;border-left:1px solid
rgb(204,204,204);padding-left:1ex">
Sema (I think we should still warn when users do
nonportable things),<br>
but in favor of not changing the optimizer to capitalize
on this<br>
"opportunity."<br>
</blockquote>
<div><br>
</div>
<div>I'd be opposed to ignoring the attributes only in some
places and not in others. It should be ignored totally, as
if it wasn't present on those functions. Doing anything
else sends the wrong message -- that libc authors should
continue to use nonnull on these functions because they
might be helpful, and won't do anything bad.</div>
</div>
</div>
</div>
</blockquote>
<br>
I think that we have a responsibility to our users to continue to
warn (statically, in ubsan, etc.) on non-portable behavior, which
this is and will continue to be in practice for at least a decade or
two, regardless of the message we'd like to send libc authors. We
cannot undo history here and this will be relevant to production
systems for at least a decade. We can talk to libc developers
directly -- they're a much smaller set -- and we can pursue change
at the standards level while still providing the most useful set of
tools to our users in the mean time.<br>
<br>
-Hal<br>
<br>
<blockquote
cite="mid:CAA2zVHqYOeUxfexAhBsovGCRT9MwU+9aOM_GUn24psdp55kB-w@mail.gmail.com"
type="cite">
<div dir="ltr">
<div class="gmail_extra">
<div class="gmail_quote">
<div><br>
</div>
<div>But that should not be the message. The message to libc
authors should be straightforward: please remove nonnull
from these functions, because it's wrong.</div>
<div><br>
</div>
<div>E.g.</div>
<div>"Yes, the standard currently says you can't call e.g.
memcpy(NULL, NULL, 0), but -- real user programs DO, and
always have depended on being able to do so. And your
library implementation is even careful to support that in
its definitions of the functions. So, you should not tell
the compiler that NULL is forbidden, because it would use
that information to *mis*optimize people's code that is
using the effectively-universal extension to the standard
of allowing NULL with a zero length. In order to avoid
breaking code before fixed headers are deployed
everywhere, Clang has added a hack to ignore the nonnull
attribute on these functions, but we'd like to be able to
remove that hack in the future."<br>
</div>
<div><br>
</div>
<div><br>
</div>
</div>
</div>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">_______________________________________________
cfe-dev mailing list
<a class="moz-txt-link-abbreviated" href="mailto:cfe-dev@lists.llvm.org">cfe-dev@lists.llvm.org</a>
<a class="moz-txt-link-freetext" href="http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-dev">http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-dev</a>
</pre>
</blockquote>
<br>
<pre class="moz-signature" cols="72">--
Hal Finkel
Lead, Compiler Technology and Programming Languages
Leadership Computing Facility
Argonne National Laboratory</pre>
</body>
</html>