[Bug c/30043] __attribute__((nonull(...))) and silent optimizations

2008-12-23 Thread thutt at vmware dot com 


--- Comment #9 from thutt at vmware dot com  2008-12-23 15:44 ---
(In reply to comment #1)
 The compiler may also choose to make optimizations based on
 the knowledge that certain function arguments will not be null. 
 
 Witeness the last sentence.

If this is the case, then might it not be better for the diagnostic to 
be an error rather than a warning?  If it's a warning that is not even 
printed at the standard level of warnings, then it could be easily argued
that the compiler is generating bad code.  In other words, if a parameter
does not meet a required precondition, then the compiler should 
issue an error always.


-- 


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=30043

[Bug c/30043] __attribute__((nonull(...))) and silent optimizations

2008-04-25 Thread pinskia at gcc dot gnu dot org 


--- Comment #8 from pinskia at gcc dot gnu dot org  2008-04-25 20:52 ---


*** This bug has been marked as a duplicate of 17308 ***


-- 

pinskia at gcc dot gnu dot org changed:

   What|Removed |Added

 Status|UNCONFIRMED |RESOLVED
 Resolution||DUPLICATE


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=30043

[Bug c/30043] __attribute__((nonull(...))) and silent optimizations

2006-12-01 Thread pinskia at gcc dot gnu dot org 


--- Comment #1 from pinskia at gcc dot gnu dot org  2006-12-01 22:01 ---
nonnull attribute to the function says the function's argument is non null at
the time we enter the function so assuming that is correct.
Also this is documented this way:

nonnull (arg-index, ...)
The nonnull attribute specifies that some function parameters should be
non-null pointers. For instance, the declaration:

  extern void *
  my_memcpy (void *dest, const void *src, size_t len)
__attribute__((nonnull (1, 2)));


causes the compiler to check that, in calls to my_memcpy, arguments dest
and src are non-null. If the compiler determines that a null pointer is passed
in an argument slot marked as non-null, and the -Wnonnull option is enabled, a
warning is issued. The compiler may also choose to make optimizations based on
the knowledge that certain function arguments will not be null. 

Witeness the last sentence.


-- 

pinskia at gcc dot gnu dot org changed:

   What|Removed |Added

 Status|UNCONFIRMED |RESOLVED
 Resolution||INVALID


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=30043

[Bug c/30043] __attribute__((nonull(...))) and silent optimizations

2006-12-01 Thread madcoder at debian dot org 


--- Comment #2 from madcoder at debian dot org  2006-12-01 22:45 ---
Please, I'm not telling the behaviour is crazy, it's indeed correct.

I'm just asking for a smallish warning that I may be shooting myself in the
foot when I do sth like my 'foo' function from the bug report.

When you do :

  size_t i;

  // ...

  if (i = 0) { ...
  if (i  0) { ...

gcc issues a warning to tell me that I'm doing a test that will always be true
(or always be false). I'd just like to have the same when I've specified that a
parameter is nonnull and that I nontheless tries to see if it's NULL or not.

You're not answering to what I ask, I've read the documentation, and I've
already acknowledged that gcc optimizations in presence of the nonnull
attribute are legitimate.


-- 

madcoder at debian dot org changed:

   What|Removed |Added

 Status|RESOLVED|UNCONFIRMED
 Resolution|INVALID |


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=30043

[Bug c/30043] __attribute__((nonull(...))) and silent optimizations

2006-12-01 Thread pinskia at gcc dot gnu dot org 


--- Comment #3 from pinskia at gcc dot gnu dot org  2006-12-01 22:49 ---
(In reply to comment #2)
 Please, I'm not telling the behaviour is crazy, it's indeed correct.
 
 I'm just asking for a smallish warning that I may be shooting myself in the
 foot when I do sth like my 'foo' function from the bug report.
 
 When you do :
 
   size_t i;
 
   // ...
 
   if (i = 0) { ...
   if (i  0) { ...

And this optimization happens way after we are done parsing so ...
I don't think a warning is the right thing in this case because the developer
should have read the documention and it is harder to give a warning in this
case really as this optimization is done currently only in the VRP so we don't
know if it is from 
*a = 1;
if (!a)
 ...

of just
from nonnull.


-- 

pinskia at gcc dot gnu dot org changed:

   What|Removed |Added

 Status|UNCONFIRMED |RESOLVED
 Resolution||WONTFIX


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=30043

[Bug c/30043] __attribute__((nonull(...))) and silent optimizations

2006-12-01 Thread zackw at panix dot com 


--- Comment #4 from zackw at panix dot com  2006-12-02 05:19 ---
Andrew, please don't close enhancement requests WONTFIX because you think
they're too hard to implement.  There is no harm in leaving them open in case
someone decides that it's not too hard and they're going to code it.

Also, please don't insult our users by implying they didn't read the
documentation, especially when the immediately previous message demonstrates
beyond question that they did.  Actually, just quit insulting the users. OK?


-- 

zackw at panix dot com changed:

   What|Removed |Added

 CC||zackw at panix dot com
 Status|RESOLVED|UNCONFIRMED
 Resolution|WONTFIX |


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=30043

[Bug c/30043] __attribute__((nonull(...))) and silent optimizations

2006-12-01 Thread pinskia at gcc dot gnu dot org 


--- Comment #5 from pinskia at gcc dot gnu dot org  2006-12-02 05:52 ---
The main issue I have emitting a warning here is that it will produce a bunch
of false positives for an example:

static int f(int *a)
{
  if (a)
return *a;
  return -1;
}

int g(int *a, int c) __attribute__((nonnull(1) ));

int g(int *a, int c)
{
  if (c)
return f(a);
  return -1; 
}

int h(int *a, int c)
{
  if (c)
return f(a);
  return -1; 
}

Or even f is a define:

#define f(a) ({int *b_ = a;  int t = -1; if(b_) t = *b_; t;})

Also we don't want to warn for:

int g(int *a, int c) __attribute__((nonnull(1) ));
int *x;
int g(int *a, int c)
{
  if (!c) a = x
  if (a)  return *a;
  return c;
}

This shows how very fragile this warning will have to be to be able to not to
warn in those cases.  The unsigned warning is very fragile when it comes to
macros (and templates) also but it is not as fragile as this warning as it is
not flow sensative.


-- 


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=30043

[Bug c/30043] __attribute__((nonull(...))) and silent optimizations

2006-12-01 Thread zackw at panix dot com 


--- Comment #6 from zackw at panix dot com  2006-12-02 06:00 ---
Subject: Re:  __attribute__((nonull(...))) and silent optimizations

Well, it's just like 'may be used uninitialized' false positives,
isn't it?  The warning shouldn't issue from the VRP pass, we should
have some kind of data-flow-dependent warning pass that operates
really, really early (though still on language-independent IL) so that
we can have nice predictable rules about what it will and will not
catch...  Anyway that's how I'd do it.  Which I am not volunteering to
do, mind.


-- 


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=30043

[Bug c/30043] __attribute__((nonull(...))) and silent optimizations

2006-12-01 Thread zackw at panix dot com 


--- Comment #7 from zackw at panix dot com  2006-12-02 06:04 ---
Subject: Re:  __attribute__((nonull(...))) and silent optimizations

Also: my main concern here is not the technical details of the feature
but my dislike for your tendency to blow off bug reports that you
think are bogus and insult the users who reported them.  That's not
the public face the project should present.


-- 


http://gcc.gnu.org/bugzilla/show_bug.cgi?id=30043