[PATCH] D11948: Add some macros to abstract marking of parameters as "not null", and use them in <cstring>

Aaron Ballman via cfe-commits cfe-commits at lists.llvm.org
Tue Aug 11 12:56:49 PDT 2015


On Tue, Aug 11, 2015 at 3:32 PM, Joerg Sonnenberger via cfe-commits
<cfe-commits at lists.llvm.org> wrote:
> joerg added a comment.
>
> No, it doesn't. It tells the compiler that it is free to make such assumptions. Take a step back from the standard. Can you think of any reasonable and efficient implementation of memcpy and friends, which fails for size 0? Adding the annotations (whether here or in string.h) effectively changes the behavior of the program. It is behavior people have been expecting for two decades, even when C90 said something else. This is completely different from the warning annotations. I'm just waiting for some of the bigger projects like PostgreSQL to start getting annoyed enough to introduce sane_memcpy for this.
> I can't speak for Linux distributions using glibc, but I find this kind of smoking gun completely unacceptable to force unconditionally on everyone.

Would you be opposed to annotations that tell the programmer they have
UB in their code, but *do not* effect the code generation?

~Aaron


More information about the cfe-commits mailing list