On 11/02/2023 00:32, Jonathan Wakely wrote: > On Fri, 10 Feb 2023 at 22:38, Jonny Grant <jg@xxxxxxxx> wrote: >> >> >> >> On 10/02/2023 22:03, Jonathan Wakely wrote: >>> On Fri, 10 Feb 2023 at 21:30, Jonny Grant <jg@xxxxxxxx> wrote: >>>> >>>> >>>> >>>> On 09/02/2023 17:52, Jonathan Wakely wrote: >>>>> On Thu, 9 Feb 2023 at 16:30, Xi Ruoyao wrote: >>>>>> >>>>>> On Thu, 2023-02-09 at 14:56 +0000, Jonathan Wakely via Gcc-help wrote: >>>>>>>> Note, my code isn't like this, it is just an example to suggest >>>>>>>> adding the nullptr attribute, as its clearly already rejected at >>>>>>>> runtime. >>>>>>> >>>>>>> I assume you mean the nonnull attribute. That was added in 2020 and >>>>>>> then reverted because it broke some things: >>>>>> >>>>>> I remember I'd once made the same mistake when I suggested to add >>>>>> nonnull for ostream::operator<<(const string &) and I was lectured: >>>>>> nonnull is not only a diagnostic attribute, it also allows the compiler >>>>>> to assume the parameter is never null and rendering std::string(nullptr) >>>>>> an undefined behavior. >>>>> >>>>> Yes, I think that's what might have happened with the std::string change. >>>> >>>> My apologies, Jonathan, Xi, yes it is the __attribute__((nonnull)); I was mistaken to type as nullptr. >>>> >>>> I re-read, and it does seem nonnull is really an optimization that as a side effect may give some warnings. So I'm going to stop using it. >>>> https://gcc.gnu.org/onlinedocs/gcc/Common-Function-Attributes.html#Common-Function-Attributes >>>> >>>> (there is a typo in that manual section saying "nonnul" - I don't know if you have a moment to make a change in git? I didn't get replies on gcc-patches to my patches...) >>>> >>>> I searched and see like someone investigated this problem and saw it removed NULL checks http://www.rkoucha.fr/tech_corner/nonnull_gcc_attribute.html >>>> >>>> I saw wget2 removed the nonnull attribute due to the optimizer removing checks against NULL too >>>> https://gitlab.com/gnuwget/wget2/-/issues/200 >>>> >>>>>> Then the example may just silently continue to run, instead of throwing >>>>>> an exception. It would be an ironic example: an attempt to improve >>>>>> diagnostic finally made diagnostic more difficult. >>>>> >>>>> Indeed. >>>>> >>>>> Maybe we can add __attribute__((access(read, 1))) instead, which says >>>>> that we will read from the pointer, which also implies it must be >>>>> non-null. >>>> >>>> I tried this with gcc 12, as read_only, but it didn't stop when compiling. Maybe you have an example that demonstrates please? >>>> >>>> void f(const char * p) __attribute__((access(read_only, 1))); >>>> >>>>> >>>>> N.B. in C++23 string(nullptr) produces an error, although >>>>> string((const char*)nullptr) doesn't, so in practice it only prevents >>>>> the dumbest calls with a literal 'nullptr' token, and not the more >>>>> realistic problems where you have a pointer that happens to be null. >>>> >>>> That's good it stops compiling, the error is not that clear "use of deleted function" for me though. >>>> >>>> string.cpp: In function ‘int main()’: >>>> string.cpp:13:26: error: use of deleted function ‘std::__cxx11::basic_string<_CharT, _Traits, _Alloc>::basic_string(std::nullptr_t) [with _CharT = char; _Traits = std::char_traits<char>; _Alloc = std::allocator<char>; std::nullptr_t = std::nullptr_t]’ >>>> 13 | std::string c(nullptr); >>>> >>>> >>>> >>>> >>>> I made my own test class str_string which stops the build a different way. It only works if the dumbest calls with 'nullptr' as you found in your test. >>>> >>>> void nullptr_compile_abort() __attribute__((error("nullptr compile error"))); >>>> >>>> str_string(nullptr_t) { nullptr_compile_abort(); } >>> >>> This doesn't work because std::is_constructible_v<std::string, >>> std::nullptr_t> would be true, and we want it to be false. >> >> Hmm, for me, this output is 0. >> std::cout << std::is_constructible_v<std::string,std::nullptr_t> << "\n"; > > For C++23, yes, but if you add a constructor like your > str_string(nullptr_t) it would become 1. > > Using a deleted function is observably different to using a > constructor that then produces an error when called. Indeed. May I ask if you found a way to get the read_only attribute to trigger a build warning for nullptr? It seems like only runtime checks can catch most of them for the moment. Jonny
