[Bug middle-end/110617] RFE: Add a diagnostic-only variant of nonnull attribute

Tue, 11 Jul 2023 01:59:41 -0700 

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=110617

--- Comment #7 from Alejandro Colomar <alx at kernel dot org> ---
Hi Xi, Richard!

On 2023-07-11 10:34, xry111 at gcc dot gnu.org wrote:
> https://gcc.gnu.org/bugzilla/show_bug.cgi?id=110617
>
> --- Comment #6 from Xi Ruoyao <xry111 at gcc dot gnu.org> ---
> Anyway I'm already too frustrated about this so I'll not continue
> working on nonnull within Glibc headers.  If you don't like this just close it
> as WONTFIX.
>

I understand your frustration.  I'll continue your work, if you
don't mind.

On 2023-07-11 09:46, rguenth at gcc dot gnu.org wrote:
> https://gcc.gnu.org/bugzilla/show_bug.cgi?id=110617
>
> --- Comment #5 from Richard Biener <rguenth at gcc dot gnu.org> ---
> I think a -f... option to disable the code generation effects would make more
> sense than adding another attribute kind.
>

The idea of a -f... option makes sense.  However, I'm skeptical
about being able to reach null correctness via an attribute.  I
think a qualifier, similar to restrict or const, would be better
qualified (pun not intended 😄 for this task.

Clang's _Nonnull (and _Nullable, and friends) are such qualifiers,
similar to restrict.  I think they are better designed for the
goal of having diagnostics if null correctness is breached.

However, they have issues as qualifiers, since the standard says
they should be dropped in lvalue to rvalue conversions (restrict
shares this same issue).  There's been a suggestion in an LLVM
forum to add an _Optional qualifier to the pointee, which would
workaround the issue that qualifiers are dropped.  I'll put both
alternatives next to each other for comparison:

#pragma clang assume_nonnull begin

        int i;
        int *p;
        int *_Nullable q;
        _Optional int *r;

        p = NULL;  // warn
        q = NULL;  // Ok
        r = NULL;  // Ok

        p = &i;  // Ok
        q = &i;  // Ok
        r = &i;  // Ok

        p = r;  // warn: '_Optional' qualifier is discarded in assignment
        q = p;  // Ok
        r = p;  // Ok

#pragma clang assume_nonnull end

Cheers,
Alex

-- 
<http://www.alejandro-colomar.es/>
GPG key fingerprint: A9348594CE31283A826FBDD8D57633D441E25BB5

Reply via email to