Andrew Cooper writes ("Re: [Xen-devel] [PATCH for-4.10] libxl: handle NULL in libxl__enum_from_string"): > On 13/10/17 14:01, Ian Jackson wrote: > > Instead, what we have actually done so far, is annotate when a pointer > > parameter *may* be NULL, and, in that case, what that means: > > This is exactly what attribute nonnull exists for. As a bonus, using > the attribute will have the compiler complain at you if it spots a way > NULL gets passed, and UBSAN will add specific instrumentation to check.
Thanks for that excellent suggestion, which I ought to have thought of myself. I'd be quite happy with patches to add the nonnull attribute to the parameters. We already have that for a number of the *alloc* functions - git-grep libxl for "NN1". I don't mind the idea of adding that to some more functions now, even if we don't have complete coverage. Ian. _______________________________________________ Xen-devel mailing list Xen-devel@lists.xen.org https://lists.xen.org/xen-devel