On 20/02/2023 19:35, Jonathan Wakely wrote: > > > On Mon, 20 Feb 2023, 19:21 Jonny Grant, <jg@xxxxxxxx <mailto:jg@xxxxxxxx>> wrote: > > > > On 20/02/2023 13:44, Jonathan Wakely wrote: > > On Mon, 20 Feb 2023 at 12:59, Xi Ruoyao <xry111@xxxxxxxxxxx> wrote: > >> > >> On Mon, 2023-02-20 at 11:30 +0000, Jonny Grant wrote: > >> > >>> Thank you for the suggestion, I gave that nonnull attribute a try, but > >>> it doesn't appear to warn for this example. > >>> > >>> https://godbolt.org/z/boqTj6oWE <https://godbolt.org/z/boqTj6oWE> > >> > >> Ouch... The optimizer inlined make_std_string so both -Wnonnull and - > >> fanalyzer fails to catch the issue here. > >> > >> Adding noipa attribute for make_std_string will work, but will also > >> cause the generated code stupidly slow. Maybe: > >> > >> #ifdef WANT_DIAGNOSTIC > >> #define MAKE_STD_STRING_ATTR __attribute__ ((noipa, nonnull)) > >> #else > >> #define MAKE_STD_STRING_ATTR > >> #endif > >> > >> std::string make_std_string(const char * const str) MAKE_STD_STRING_ATTR; > >> > >> It still looks very stupid though. > >> > >>> Feels useful to get build warnings if compiler knows nullptr is going > >>> to be dereferenced, as clang does. > >> > >> The problem is in this case nullptr is not dereferenced, at all. So if > >> we want a warning here we'll have to invent some new __builtin or > >> __attribute__ to give the compiler a hint. AFAIK there is no such > >> facility now. > > > > I think __attribute__((access(read_only, 1))) should do it. > > I tried here, but no luck, is this example the way you mean? gcc trunk. > > > I don't mean it does do it, I mean it should do it. Ok I see. I filed an issue with a simpler test case. https://gcc.gnu.org/bugzilla/show_bug.cgi?id=108893 Kind regards Jonny