https://gcc.gnu.org/bugzilla/show_bug.cgi?id=61236
--- Comment #14 from Mukund Sivaraman <muks at banu dot com> ---
(In reply to Jakub Jelinek from comment #10)
> But the compiler doesn't know there that x is NULL. The compiler sees a
See comment #3. It generates 2 codepaths, one where (nalloc == 0) and another
where (nalloc != 0). For the former, it deletes the if statement and
isc_mem_put() call at the free_rdatas label completely:
free_rdatas:
if (x != NULL)
isc_mem_put(mctx, x, nalloc * sizeof(struct xrdata));
return (result);
}
and instead reduces free_rdata's definition to:
free_rdatas:
return (result);
}
How does the compiler do that if it has not inferred that x is NULL there?
OTOH, you're the compiler developers, so if you say it doesn't know that x is
NULL, then that is that. :) Maybe the part of compiler code that does this
doesn't know it.
Note that despite all this discussion of correctness, this optimization is
counter intuitive and will bite developers. There should at least be warnings
where they could be generated.
The point about correctness with C standards is taken and agreed.
See what is happening from a programmer's point of view: an explicit NULL check
is deleted. There are no warnings about qsort() used with NULL arguments where
it seems the compiler could warn (see above). Also consider the use of notnull
as an API annotation change by 3rd party libraries, which can make caller code
buggy without any way to notice it.
At the very least, if it is possible to detect that the pointer is NULL by
static analysis and it is being passed to a function that has the notnull
attribute, please warn mentioning inferences being made.
