[cfe-dev] incomplete checking for nullability qualifiers
Aaron Ballman via cfe-dev
cfe-dev at lists.llvm.org
Wed Sep 15 04:19:19 PDT 2021
On Tue, Sep 14, 2021 at 6:44 PM Richard Smith via cfe-dev
<cfe-dev at lists.llvm.org> wrote:
>
> Hi,
>
> We appear to perform significantly incomplete checking for assigning a null pointer value to a _Nonnull pointer. In particular, pointer initialization and assignment is not checked:
>
> // No warning on static initialization to zero
> struct A {
> int *_Nonnull p;
> } a;
> int *_Nonnull b[3];
>
> void g() {
> // No warning on initialization
> int *_Nonnull p = 0;
> // No warning on assignment
> p = 0;
> // No warning on assignment to member
> a.p = 0;
> // No warning on assignment to array element
> b[0] = 0;
> }
>
> Would it be reasonable to start warning on these cases? Are people relying on the existing behavior? (Note, I'm not suggesting we start warning on conversion from a _Nullable or _Null_unspecified pointer to a _Nonnull pointer, only when initializing or assigning to a _Nonnull pointer from a null pointer value.)
I think it would be quite valuable to warn on these cases; I'm
surprised we don't already. I'd expect we would also want to warn on:
int * _Nonnull ptr = nullptr; // Don't currently warn
ptr = (int*)0; // Don't currently warn
~Aaron
>
> Regards,
> Richard
> _______________________________________________
> cfe-dev mailing list
> cfe-dev at lists.llvm.org
> https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-dev
More information about the cfe-dev
mailing list