Alejandro Colomar wrote:
> You could ask GCC to implement Clang's [[gnu::nonnull]] which goes
> inside the parameter list. That would remove the error-prone concerns.
>
> #define NONNULL [[gnu::nonnull]]
>
> int foo(int n, NONNULL char buf[n]);
>
> I'm pretty sure you wouldn't call that ugly or error-prone.
I definitely agree with you here, Alejandro. I find
extern nullable expression_t
create_literal_expression (nonnull literal_t literal,
nullable annotation_t annotation,
size_t nattributes,
nonnull attribute_t
attributes[/*nattributes*/]);
easier to read and understand than
extern expression_t
create_literal_expression (literal_t literal,
annotation_t annotation,
size_t nattributes,
attribute_t attributes[/*nattributes*/])
__attribute__ ((__nonnull__ (1, 4)));
While I understand that GCC's __attribute__ syntax, attached to the entire
function
declaration, is more powerful when it comes to describing constraints between
parameters
(such as with the memcpy() function after n3322), in the vast majority of the
uses
of 'nonnull' the attribute describes a single parameter or independent
parameters,
and for these it is a 500% win in legibility to be able to put it _into_ the
parameter list.
Bruno
