On 13/03/2023 10:10, Jonathan Wakely wrote: > On Sun, 12 Mar 2023 at 22:10, Jonny Grant wrote: >> >> >> >> On 09/02/2023 17:52, Jonathan Wakely wrote: >>> On Thu, 9 Feb 2023 at 16:30, Xi Ruoyao wrote: >>>> >>>> On Thu, 2023-02-09 at 14:56 +0000, Jonathan Wakely via Gcc-help wrote: >>>>>> Note, my code isn't like this, it is just an example to suggest >>>>>> adding the nullptr attribute, as its clearly already rejected at >>>>>> runtime. >>>>> >>>>> I assume you mean the nonnull attribute. That was added in 2020 and >>>>> then reverted because it broke some things: >>>> >>>> I remember I'd once made the same mistake when I suggested to add >>>> nonnull for ostream::operator<<(const string &) and I was lectured: >>>> nonnull is not only a diagnostic attribute, it also allows the compiler >>>> to assume the parameter is never null and rendering std::string(nullptr) >>>> an undefined behavior. >>> >>> Yes, I think that's what might have happened with the std::string change. >> >> How about adding a method that is called by these operators that has the __attribute__ ((nonnull)) ? >> >> example: >> https://godbolt.org/z/bqW86PP34 >> >>>> Then the example may just silently continue to run, instead of throwing >>>> an exception. It would be an ironic example: an attempt to improve >>>> diagnostic finally made diagnostic more difficult. >>> >>> Indeed. >>> >>> Maybe we can add __attribute__((access(read, 1))) instead, which says >>> that we will read from the pointer, which also implies it must be >>> non-null. >>> >>> N.B. in C++23 string(nullptr) produces an error, although >>> string((const char*)nullptr) doesn't, so in practice it only prevents >>> the dumbest calls with a literal 'nullptr' token, and not the more >>> realistic problems where you have a pointer that happens to be null. >> >> There is a way to generate a build error for even string((const char*)nullptr) >> >> I made another example that detects nullptr being passed around (should such stupid code occur) at build time providing optimizer is on. With -O0 it just gives the error always; so I put in an __OPTIMIZE__ check. This example doesn't need -fanalyzer. >> >> https://godbolt.org/z/TdGnno4K5 >> >> #if __OPTIMIZE__ >> void nullptr_compile_abort() __attribute__((error("nullptr compile error"))); >> #endif >> >> static void f2(const char * str) >> { >> #if __OPTIMIZE__ >> if (str == nullptr) nullptr_compile_abort(); >> #endif >> } >> >> int main() >> { >> f2((const char *)nullptr); >> } > > This causes compilation to fail for code which is never executed at > run-time, which is not permitted by the standard. > > You can use __attribute__((warning(""))) instead, but that is broken^W > inconvenient for inline functions. You need a non-inline definition of > the function, which means exporting a new function from the shared > library just for this diagnostic. > > All these techniques you're rediscovering have been tried before :-) Is there any link you can refer me to for these techniques? Regards, Jonny
