On Mon, 25 Mar 2019 at 11:37, Xi Ruoyao wrote: > > On 2019-03-25 12:11 +0100, Marc Glisse wrote: > > On Mon, 25 Mar 2019, Jonathan Wakely wrote: > > > On Sun, 24 Mar 2019, 13:53 Xi Ruoyao, <xry111@xxxxxxxxxxxxxxxx> wrote: > > > > Well, if you want this to be detected at compile time, maybe you can > > > > convince > > > > Jonathan to add an __attribute__((nonnull(2))) to > > > > operator<<(basic_ostream&, > > > > const char *). Then this case can be detected with "-O -Wnonnull". > > > > > > That seems like a good idea. > > > > Note that IIRC the attribute is also used for optimization purposes. > > Adding it would remove the test "if (!__s)". One could try and add the > > attribute only for user code and not while compiling the library itself, > > but that's getting complicated (_GLIBCXX_EXTERN_TEMPLATE, specializations > > for types other than char, etc). > > Oh really. I'd been misunderstanding "nonnull" as a pure diagnostic attribute > for long time :(. No, it's undefined to pass null as an argument marked with that attribute. "Unless disabled by the -fno-delete-null-pointer-checks option the compiler may also perform optimizations based on the knowledge that certain function arguments cannot be null. In addition, the -fisolate-erroneous-paths-attribute option can be specified to have GCC transform calls with null arguments to non-null functions into traps."
