https://gcc.gnu.org/bugzilla/show_bug.cgi?id=79310
Bug ID: 79310
Summary: -Wnonnull false positive on strlen after strstr
Product: gcc
Version: 7.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: middle-end
Assignee: unassigned at gcc dot gnu.org
Reporter: msebor at gcc dot gnu.org
Target Milestone: ---
The following test case reduced from bootstrap-ubsan warnings seen in adaint.c
(see bug 79309) shows that GCC makes the assumption that if strstr(s, "")
returns null it must be because s is null. But since calling strstr with a
null argument is undefined (and the function is appropriately declared with
attribute nonnull), the argument can be assumed to be non-null, the if
statement not reachable, and the -Wnonnull warning therefore viewed as a false
positive (or at least confusing).
I think it would be better if GCC removed the whole if statement as unreachable
in this case and other like it (perhaps also issuing a warning pointing it out
when doing so).
$ cat t.c && gcc -O2 -S -Wall -fdump-tree-post_ipa_warn=/dev/stdout t.c
int g (const char *s)
{
if (!__builtin_strstr (s, ""))
return __builtin_strlen (s);
return 0;
}
;; Function g (g, funcdef_no=0, decl_uid=1795, cgraph_uid=0, symbol_order=0)
t.c: In function ‘g’:
t.c:4:12: warning: argument 1 null where non-null expected [-Wnonnull]
return __builtin_strlen (s);
^~~~~~~~~~~~~~~~~~~~
t.c:4:12: note: in a call to built-in function ‘__builtin_strlen’
g (const char * s)
{
long unsigned int _1;
int _2;
int _5;
<bb 2> [100.00%]:
if (s_3(D) == 0B)
goto <bb 3>; [33.47%]
else
goto <bb 4>; [66.53%]
<bb 3> [33.47%]:
_1 = __builtin_strlen (0B);
_5 = (int) _1;
<bb 4> [100.00%]:
# _2 = PHI <_5(3), 0(2)>
return _2;
}
