https://gcc.gnu.org/bugzilla/show_bug.cgi?id=119104
--- Comment #2 from Alejandro Colomar <alx at kernel dot org> ---
(In reply to Andrew Pinski from comment #1)
> Non zero and zero are runtime values of here. Rather than compile
> characteristics of that argument.
>
> Maybe just:
> If the runtume value of the integral argument is zero, the pointer argument
> can be null; or if it is non-zero, the pointer argument must not be null.
Hi Andrew,
They are run-time properties, but the analyzer still warns about them with
[[gnu::nonnull]]. I'm worried that this new attribute might reduce the number
of diagnostics, which would be a bad thing IMO. Indeed, I have been able to
install gcc-15 from Debian experimental, and my worries seem to confirm.
alx@debian:~/tmp$ cat foo.c
#include <stdlib.h>
[[gnu::nonnull]]
void f(void *);
void g(void *);
[[gnu::nonnull_if_nonzero(1, 2)]]
void h(void *, int);
int
main(int argc, char *[])
{
void *p;
p = malloc(100);
f(p);
free(p);
p = malloc(100);
g(p);
free(p);
p = malloc(100);
h(p, argc);
free(p);
}
alx@debian:~/tmp$ gcc-15 -Wall -Wextra -fanalyzer -S foo.c
foo.c: In function ‘main’:
foo.c:15:9: warning: use of possibly-NULL ‘p’ where non-null expected [CWE-690]
[-Wanalyzer-possible-null-argument]
15 | f(p);
| ^~~~
‘main’: events 1-2
14 | p = malloc(100);
| ^~~~~~~~~~~
| |
| (1) this call could return NULL
15 | f(p);
| ~~~~
| |
| (2) ⚠️ argument 1 (‘p’) from (1) could be NULL where non-null
expected
foo.c:4:6: note: argument 1 of ‘f’ must be non-null
4 | void f(void *);
| ^
This is a regression for memcpy(3) et al. There was a diagnostic with
-fanalyzer when it was marked [[gnu::nonnull]], and we're losing that with
[[gnu::nonnull_if_nonzero]].
I've been trying to convince Joseph, Aaron, and the C Committee that it was a
terrible mistake to allow a null pointer here, precisely for this worry, and it
seems my worries were correct.
