On Fri, 10 Feb 2023 at 22:38, Jonny Grant <jg@xxxxxxxx> wrote: > > > > On 10/02/2023 22:03, Jonathan Wakely wrote: > > On Fri, 10 Feb 2023 at 21:30, Jonny Grant <jg@xxxxxxxx> wrote: > >> > >> > >> > >> On 09/02/2023 17:52, Jonathan Wakely wrote: > >>> On Thu, 9 Feb 2023 at 16:30, Xi Ruoyao wrote: > >>>> > >>>> On Thu, 2023-02-09 at 14:56 +0000, Jonathan Wakely via Gcc-help wrote: > >>>>>> Note, my code isn't like this, it is just an example to suggest > >>>>>> adding the nullptr attribute, as its clearly already rejected at > >>>>>> runtime. > >>>>> > >>>>> I assume you mean the nonnull attribute. That was added in 2020 and > >>>>> then reverted because it broke some things: > >>>> > >>>> I remember I'd once made the same mistake when I suggested to add > >>>> nonnull for ostream::operator<<(const string &) and I was lectured: > >>>> nonnull is not only a diagnostic attribute, it also allows the compiler > >>>> to assume the parameter is never null and rendering std::string(nullptr) > >>>> an undefined behavior. > >>> > >>> Yes, I think that's what might have happened with the std::string change. > >> > >> My apologies, Jonathan, Xi, yes it is the __attribute__((nonnull)); I was mistaken to type as nullptr. > >> > >> I re-read, and it does seem nonnull is really an optimization that as a side effect may give some warnings. So I'm going to stop using it. > >> https://gcc.gnu.org/onlinedocs/gcc/Common-Function-Attributes.html#Common-Function-Attributes > >> > >> (there is a typo in that manual section saying "nonnul" - I don't know if you have a moment to make a change in git? I didn't get replies on gcc-patches to my patches...) > >> > >> I searched and see like someone investigated this problem and saw it removed NULL checks http://www.rkoucha.fr/tech_corner/nonnull_gcc_attribute.html > >> > >> I saw wget2 removed the nonnull attribute due to the optimizer removing checks against NULL too > >> https://gitlab.com/gnuwget/wget2/-/issues/200 > >> > >>>> Then the example may just silently continue to run, instead of throwing > >>>> an exception. It would be an ironic example: an attempt to improve > >>>> diagnostic finally made diagnostic more difficult. > >>> > >>> Indeed. > >>> > >>> Maybe we can add __attribute__((access(read, 1))) instead, which says > >>> that we will read from the pointer, which also implies it must be > >>> non-null. > >> > >> I tried this with gcc 12, as read_only, but it didn't stop when compiling. Maybe you have an example that demonstrates please? > >> > >> void f(const char * p) __attribute__((access(read_only, 1))); > >> > >>> > >>> N.B. in C++23 string(nullptr) produces an error, although > >>> string((const char*)nullptr) doesn't, so in practice it only prevents > >>> the dumbest calls with a literal 'nullptr' token, and not the more > >>> realistic problems where you have a pointer that happens to be null. > >> > >> That's good it stops compiling, the error is not that clear "use of deleted function" for me though. > >> > >> string.cpp: In function ‘int main()’: > >> string.cpp:13:26: error: use of deleted function ‘std::__cxx11::basic_string<_CharT, _Traits, _Alloc>::basic_string(std::nullptr_t) [with _CharT = char; _Traits = std::char_traits<char>; _Alloc = std::allocator<char>; std::nullptr_t = std::nullptr_t]’ > >> 13 | std::string c(nullptr); > >> > >> > >> > >> > >> I made my own test class str_string which stops the build a different way. It only works if the dumbest calls with 'nullptr' as you found in your test. > >> > >> void nullptr_compile_abort() __attribute__((error("nullptr compile error"))); > >> > >> str_string(nullptr_t) { nullptr_compile_abort(); } > > > > This doesn't work because std::is_constructible_v<std::string, > > std::nullptr_t> would be true, and we want it to be false. > > Hmm, for me, this output is 0. > std::cout << std::is_constructible_v<std::string,std::nullptr_t> << "\n"; For C++23, yes, but if you add a constructor like your str_string(nullptr_t) it would become 1. Using a deleted function is observably different to using a constructor that then produces an error when called.
