Martin Uecker wrote:
> nonnull is not part of the C23 standard. And even if GCC implemented
> this (I complained that it should do this before), it would take years
> until every GCC user can rely on it. If we put the attribute into the next
> C standard, it will be more like a decade.
The situation is not as bad as you think: It is commonplace that developers
use new syntactic features only with compilers that support it. For instance,
I put this into the config.h of my libraries:
/* For annotating the parameters of functions in function declarations. */
#if __clang_major__ >= 4
# define nullable _Nullable
# define nonnull _Nonnull
#else
/* Other syntaxes for declaring a non-null argument exist:
- [static 1], see https://stackoverflow.com/questions/60029927/
- Gnulib's ATTRIBUTE_NONNULL, attached to the function.
But they require a different syntax. */
# define nullable
# define nonnull
#endif
If GCC supports it too, I would change the line
#if __clang_major__ >= 4
to
#if __clang_major__ >= 4 || __GNUC__ >= 17
If an ISO C standards support it too, I would change it to
#if __clang_major__ >= 4 || __STDC_VERSION__ >= 202708L
Because for development (as opposed to for building on various old platforms)
the developer can choose the newest compiler version. When GCC 15 was released,
it did not take us (Paul, me, and others) more than a week until we switched
our development environments to use GCC 15 as our default compiler.
> > I'd prefer Clang's _Nullable keyword, if we're going to do that.
>
> I prefer _Optional, because this works correctly.
But the syntax for _Optional is broken: While one can write (in clang)
int *_Nonnull x;
int *_Nullable y;
the n3422 proposal wants us to write
_Optional int *y;
with the twisted logic of "Let’s reframe the 'may be null' property as
a quality of the pointed-to object, rather than the pointer" !!!
Bruno
