https://gcc.gnu.org/bugzilla/show_bug.cgi?id=95727
Bug ID: 95727
Summary: Add [[gnu::poison]] attribute
Product: gcc
Version: 10.0
Status: UNCONFIRMED
Severity: enhancement
Priority: P3
Component: c++
Assignee: unassigned at gcc dot gnu.org
Reporter: redi at gcc dot gnu.org
Target Milestone: ---
GCC supports a pragma for poisoning a variable, but it doesn't respect scope.
It seems useful to be able to poison a variable for the remainder of a scope
(maybe because it's been moved and any further use would be an error), or it's
a pointer that has been invalidated by delete).
This seems to be a good fit for an attribute, because in a program which
doesn't use the variable again after that point it would make no difference
whether the compiler supports the attribute or ignores it.
void f(int*);
void g()
{
int* p = new int();
f(p);
[[poison]] p;
{
void* p; // ok, not the same p
}
int i = *p; // error, variable was poisoned
}
It would need to be OK for an implicit destructor to run for poisoned
variables, it should only affect explicit uses of the name in the user code.
I'm not sure if it makes sense to allow poisoning non-local variables in a
given scope ... it could do. Limiting it to local variables (including function
parameters) seems reasonable initially.
A related idea is to mark a variable as read-only from a certain point, so that
it can't be written to, can't have non-const member functions called on it, and
can't have non-const references bound to it.
