[cfe-dev] ISO C3X proposal: nonnull qualifier
Alejandro Colomar (man-pages) via cfe-dev
cfe-dev at lists.llvm.org
Wed Dec 1 14:46:28 PST 2021
Hi Joerg,
On 12/1/21 23:24, Joerg Sonnenberger via cfe-dev wrote:
> On Wed, Dec 01, 2021 at 10:57:51PM +0100, Alejandro Colomar (man-pages) via cfe-dev wrote:
>> (2): I'm not sure I understand this one. I also didn't find the LKML
>> thread. My idea is that if the compiler enforces nonnull-ness as it
>> does currently with const, it will be possible to guarantee that sanity
>> checks are unnecessary, and therefore they can be safely omitted (by the
>> user, not the compiler).
>
> The original "bug" boils down to something like this:
>
> int f(int *p) {
> int x = *p;
> if (!p)
> return -1;
> return x;
> }
>
> GCC sees the *p, and drops the if condition. Replace that with a call to
> a function that has a nonnull attribute and you get the same problem.
>
If I add [[gnu::nonnull]], I get a warning (-Wnonnull-compare, implied
by -Wall) with GCC, even with -O3:
nonnull.c: In function ‘f’:
nonnull.c:5:10: warning: ‘nonnull’ argument ‘p’ compared to NULL
[-Wnonnull-compare]
5 | if (!p)
| ^
This warning should be mandatory by the standard IMO (if _Nonnull is
added), since there's no valid point in comparing a nonnull pointer to
NULL, but could also be non-mandatory, since it's not a dangerous thing.
Having it in -Wall would be fine too.
--
About when nonnull is _not_ specified:
GCC detects some broken code, and optimizes it.
What GCC should do IMO is warn about some broken code in the begining.
Clang produces the exact same code that GCC produces;
both optimize the (!p) branch entirely.
This is something to be reported to both of the compilers as bugs.
Broken code should be warned, not optimized, and that code is broken.
Thanks,
Alex
More information about the cfe-dev
mailing list