https://gcc.gnu.org/bugzilla/show_bug.cgi?id=117023
--- Comment #9 from GCC Commits <cvs-commit at gcc dot gnu.org> --- The master branch has been updated by Jakub Jelinek <ja...@gcc.gnu.org>: https://gcc.gnu.org/g:0d590d21586edbb9c62ce3db92794d93faf7ed34 commit r15-7683-g0d590d21586edbb9c62ce3db92794d93faf7ed34 Author: Jakub Jelinek <ja...@redhat.com> Date: Mon Feb 24 09:20:47 2025 +0100 Use nonnull_if_nonzero attribute rather than nonnull on various builtins [PR117023] On top of the https://gcc.gnu.org/pipermail/gcc-patches/2024-November/668554.html https://gcc.gnu.org/pipermail/gcc-patches/2024-November/668699.html https://gcc.gnu.org/pipermail/gcc-patches/2024-November/668700.html patches the following patch adds nonnull_if_nonzero attribute(s) to various builtins instead of or in addition to nonnull attribute. The patch adjusts builtins (when we have them) corresponding to the APIs mentioned in the C2Y N3322 paper: 1) strndup and memset get one nonnull_if_nonzero attribute instead of nonnull 2) memcpy, memmove, strncpy, memcmp, strncmp get two nonnull_if_nonzero attributes instead of nonnull 3) strncat has nonnull without argument changed to nonnull (1) and gets one nonnull_if_nonzero for the src argument (maybe it needs to be clarified in C2Y, but I really think first argument to strncat and wcsncat shouldn't be NULL even for n == 0, because NULL doesn't point to NULL terminated string and one can't append anything to it; and various implementations in the wild including glibc will crash with NULL first argument (x86_64 avx+ doesn't though) Such changes are done also to the _chk suffixed counterparts of the builtins. Furthermore I've changed a couple of builtins for POSIX functions which aren't covered by ISO C, but I'd expect if/when POSIX incorporates C2Y it would do the same changes. In particular 4) strnlen gets one nonnull_if_nonzero instead of nonnull 5) mempcpy and stpncpy get two nonnull_if_nonzero instead of nonnull and lose returns_nonnull attribute; this is kind of unfortunate but I think in the spirit of N3322 mempcpy (NULL, src, 0) should return NULL (i.e. dest + n aka NULL + 0, now valid) and it is hard to express returns non-NULL if first argument is non-NULL or third argument is non-zero I'm not really sure about fread/fwrite, N3322 doesn't mention those, can the first argument be NULL if third argument is 0? What about if second argument is 0? Can the fourth argument be NULL in such cases? And of course, when not using builtins the glibc headers will affect stuff too, so we'll need to wait for N3322 implementation there too (possibly by dropping the nonnull attributes and perhaps conditionally replacing them with this new one if the compiler supports them). 2025-02-24 Jakub Jelinek <ja...@redhat.com> PR c/117023 gcc/ * builtin-attrs.def (ATTR_NONNULL_IF_NONZERO): New DEF_ATTR_IDENT. (ATTR_NOTHROW_NONNULL_IF12_LEAF, ATTR_NOTHROW_NONNULL_IF13_LEAF, ATTR_NOTHROW_NONNULL_IF123_LEAF, ATTR_NOTHROW_NONNULL_IF23_LEAF, ATTR_NOTHROW_NONNULL_1_IF23_LEAF, ATTR_PURE_NOTHROW_NONNULL_IF12_LEAF, ATTR_PURE_NOTHROW_NONNULL_IF13_LEAF, ATTR_PURE_NOTHROW_NONNULL_IF123_LEAF, ATTR_WARN_UNUSED_RESULT_NOTHROW_NONNULL_IF12_LEAF, ATTR_MALLOC_WARN_UNUSED_RESULT_NOTHROW_NONNULL_IF12_LEAF): New DEF_ATTR_TREE_LIST. * builtins.def (BUILT_IN_STRNDUP): Use ATTR_MALLOC_WARN_UNUSED_RESULT_NOTHROW_NONNULL_IF12_LEAF instead of ATTR_MALLOC_WARN_UNUSED_RESULT_NOTHROW_NONNULL_LEAF. (BUILT_IN_STRNCAT, BUILT_IN_STRNCAT_CHK): Use ATTR_NOTHROW_NONNULL_1_IF23_LEAF instead of ATTR_NOTHROW_NONNULL_LEAF. (BUILT_IN_BCOPY, BUILT_IN_MEMCPY, BUILT_IN_MEMCPY_CHK, BUILT_IN_MEMMOVE, BUILT_IN_MEMMOVE_CHK, BUILT_IN_STRNCPY, BUILT_IN_STRNCPY_CHK): Use ATTR_NOTHROW_NONNULL_IF123_LEAF instead of ATTR_NOTHROW_NONNULL_LEAF. (BUILT_IN_MEMPCPY, BUILT_IN_MEMPCPY_CHK, BUILT_IN_STPNCPY, BUILT_IN_STPNCPY_CHK): Use ATTR_NOTHROW_NONNULL_IF123_LEAF instead of ATTR_RETNONNULL_NOTHROW_LEAF. (BUILT_IN_BZERO, BUILT_IN_MEMSET, BUILT_IN_MEMSET_CHK): Use ATTR_NOTHROW_NONNULL_IF13_LEAF instead of ATTR_NOTHROW_NONNULL_LEAF. (BUILT_IN_BCMP, BUILT_IN_MEMCMP, BUILT_IN_STRNCASECMP, BUILT_IN_STRNCMP): Use ATTR_PURE_NOTHROW_NONNULL_IF123_LEAF instead of ATTR_PURE_NOTHROW_NONNULL_LEAF. (BUILT_IN_STRNLEN): Use ATTR_PURE_NOTHROW_NONNULL_IF12_LEAF instead of ATTR_PURE_NOTHROW_NONNULL_LEAF. (BUILT_IN_MEMCHR): Use ATTR_PURE_NOTHROW_NONNULL_IF13_LEAF instead of ATTR_PURE_NOTHROW_NONNULL_LEAF. gcc/testsuite/ * gcc.dg/builtins-nonnull.c (test_memfuncs, test_memfuncs_chk, test_strfuncs, test_strfuncs_chk): Add if (n == 0) return; at the start of the functions. * gcc.dg/Wnonnull-2.c: Copy __builtin_* call statements where appropriate 3 times, once with 0 length, once with n and once with non-zero constant and expect warning only in the third case. Formatting fixes. * gcc.dg/Wnonnull-3.c: Copy __builtin_* call statements where appropriate 3 times, once with 0 length, once with n and once with n guarded with n != 0 and expect warning only in the third case. Formatting fixes. * gcc.dg/nonnull-3.c (foo): Use 16 instead of 0 in the calls added for PR80936. * gcc.dg/nonnull-11.c: New test. * c-c++-common/ubsan/nonnull-1.c: Don't expect runtime diagnostics for the __builtin_memcpy call. * gcc.dg/tree-ssa/pr78154.c (f): Add dn argument and return early if it is NULL. Duplicate cases of builtins which have the first argument changed from nonnull to nonnull_if_nonzero except stpncpy, once with dn as first argument instead of d and once with constant non-zero count rather than n. Disable the stpncpy non-null check. * gcc.dg/Wbuiltin-declaration-mismatch-14.c (test_builtin_calls): Triplicate the strncmp calls, once with 1 last argument and expect warning, once with n last argument and don't expect warning and once with 0 last argument and don't expect warning. * gcc.dg/Wbuiltin-declaration-mismatch-15.c (test_builtin_calls_fe): Likewise.
