From patchwork Wed Jul 28 15:20:40 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Tom de Vries X-Patchwork-Id: 1510897 Return-Path: X-Original-To: incoming@patchwork.ozlabs.org Delivered-To: patchwork-incoming@bilbo.ozlabs.org Authentication-Results: ozlabs.org; spf=pass (sender SPF authorized) smtp.mailfrom=gcc.gnu.org (client-ip=2620:52:3:1:0:246e:9693:128c; helo=sourceware.org; envelope-from=gcc-patches-bounces+incoming=patchwork.ozlabs.org@gcc.gnu.org; receiver=) Authentication-Results: ozlabs.org; dkim=fail reason="signature verification failed" (1024-bit key; unprotected) header.d=suse.de header.i=@suse.de header.a=rsa-sha256 header.s=susede2_rsa header.b=iWt1iHF5; dkim=fail reason="signature verification failed" header.d=suse.de header.i=@suse.de header.a=ed25519-sha256 header.s=susede2_ed25519 header.b=9FyG8J65; dkim-atps=neutral Received: from sourceware.org (server2.sourceware.org [IPv6:2620:52:3:1:0:246e:9693:128c]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by ozlabs.org (Postfix) with ESMTPS id 4GZcn64cj8z9sV8 for ; Thu, 29 Jul 2021 01:20:57 +1000 (AEST) Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 5C04F399B45A for ; Wed, 28 Jul 2021 15:20:55 +0000 (GMT) X-Original-To: gcc-patches@gcc.gnu.org Delivered-To: gcc-patches@gcc.gnu.org Received: from smtp-out1.suse.de (smtp-out1.suse.de [195.135.220.28]) by sourceware.org (Postfix) with ESMTPS id 30A493858039; Wed, 28 Jul 2021 15:20:43 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 30A493858039 Authentication-Results: sourceware.org; dmarc=none (p=none dis=none) header.from=suse.de Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=suse.de Received: from imap1.suse-dmz.suse.de (imap1.suse-dmz.suse.de [192.168.254.73]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by smtp-out1.suse.de (Postfix) with ESMTPS id 01C3D22299; Wed, 28 Jul 2021 15:20:42 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_rsa; t=1627485642; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type; bh=90qhda2J9k0EbO1J00o306NCHyXu1i3YHqzYLhZ/xQ0=; b=iWt1iHF5qnP45rUj2Fd8RHa5LrJuNHvmpfAilzgjF/TPbsNG0u0KMo4LnDbvm+tBOVxR8R CwtauH6n2sw0DAlGQnrI0gb/fhju5SCH1bZUe8XuooB1/d3tIdiBRKz92veDGHCKwt7wQp 9ap9wU/8Z5xnLqX1Qlj0PZ3Q2im6Dec= DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/relaxed; d=suse.de; s=susede2_ed25519; t=1627485642; h=from:from:reply-to:date:date:message-id:message-id:to:to:cc:cc: mime-version:mime-version:content-type:content-type; bh=90qhda2J9k0EbO1J00o306NCHyXu1i3YHqzYLhZ/xQ0=; b=9FyG8J65Hc0eTjX/L2V6VLBYQIxrr5xV9EqVBUdkzCX7Tg/kUS1Ygc0DjfnYitRUDqlMXm mNDVF89Kw2j0gDBQ== Received: from imap1.suse-dmz.suse.de (imap1.suse-dmz.suse.de [192.168.254.73]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-521) server-digest SHA512) (No client certificate requested) by imap1.suse-dmz.suse.de (Postfix) with ESMTPS id CB06B13318; Wed, 28 Jul 2021 15:20:41 +0000 (UTC) Received: from dovecot-director2.suse.de ([192.168.254.65]) by imap1.suse-dmz.suse.de with ESMTPSA id C1maMMl1AWF8DQAAGKfGzw (envelope-from ); Wed, 28 Jul 2021 15:20:41 +0000 Date: Wed, 28 Jul 2021 17:20:40 +0200 From: Tom de Vries To: gcc-patches@gcc.gnu.org Subject: [PATCH][gcc/doc] Improve nonnull attribute documentation Message-ID: <20210728152038.GA22314@delia> MIME-Version: 1.0 Content-Disposition: inline User-Agent: Mutt/1.10.1 (2018-07-13) X-Spam-Status: No, score=-11.9 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0, SPF_HELO_NONE, SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.4 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on server2.sourceware.org X-BeenThere: gcc-patches@gcc.gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Gcc-patches mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Jakub Jelinek , Mark Wielaard , Jonathan Wakely , Richard Biener Errors-To: gcc-patches-bounces+incoming=patchwork.ozlabs.org@gcc.gnu.org Sender: "Gcc-patches" Hi, Improve nonnull attribute documentation in a number of ways: Reorganize discussion of effects into: - effects for calls to functions with nonnull-marked parameters, and - effects for function definitions with nonnull-marked parameters. This makes it clear that -fno-delete-null-pointer-checks has no effect for optimizations based on nonnull-marked parameters in function definitions (see PR100404). Mention -Wnonnull-compare. Mention workaround from PR100404 comment 7. The workaround can be used for this scenario. Say we have a test.c: ... #include extern int isnull (char *ptr) __attribute__ ((nonnull)); int isnull (char *ptr) { if (ptr == 0) return 1; return 0; } int main (void) { char *ptr = NULL; if (isnull (ptr)) __builtin_abort (); return 0; } ... The test-case contains a mistake: ptr == NULL, and we want to detect the mistake using an abort: ... $ gcc test.c $ ./a.out Aborted (core dumped) ... At -O2 however, the mistake is not detected: ... $ gcc test.c -O2 $ ./a.out ... which is what -Wnonnull-compare (not show here) warns about. The easiest way to fix this is by dropping the nonnull attribute. But that also disables -Wnonnull, which would detect something like: ... if (isnull (NULL)) __builtin_abort (); ... at compile time. Using this workaround: ... int isnull (char *ptr) { + asm ("" : "+r"(ptr)); if (ptr == 0) return 1; return 0; } ... we still manage to detect the problem at runtime with -O2: ... $ ~/gcc_versions/devel/install/bin/gcc test.c -O2 $ ./a.out Aborted (core dumped) ... while keeping the possibility to detect "isnull (NULL)" at compile time. OK for trunk? Thanks, - Tom [gcc/doc] Improve nonnull attribute documentation gcc/ChangeLog: 2021-07-28 Tom de Vries * doc/extend.texi (nonnull attribute): Improve documentation. --- gcc/doc/extend.texi | 51 ++++++++++++++++++++++++++++++++++++++++----------- 1 file changed, 40 insertions(+), 11 deletions(-) diff --git a/gcc/doc/extend.texi b/gcc/doc/extend.texi index b83cd4919bb..3389effd70c 100644 --- a/gcc/doc/extend.texi +++ b/gcc/doc/extend.texi @@ -3488,17 +3488,46 @@ my_memcpy (void *dest, const void *src, size_t len) @end smallexample @noindent -causes the compiler to check that, in calls to @code{my_memcpy}, -arguments @var{dest} and @var{src} are non-null. If the compiler -determines that a null pointer is passed in an argument slot marked -as non-null, and the @option{-Wnonnull} option is enabled, a warning -is issued. @xref{Warning Options}. Unless disabled by -the @option{-fno-delete-null-pointer-checks} option the compiler may -also perform optimizations based on the knowledge that certain function -arguments cannot be null. In addition, -the @option{-fisolate-erroneous-paths-attribute} option can be specified -to have GCC transform calls with null arguments to non-null functions -into traps. @xref{Optimize Options}. +informs the compiler that, in calls to @code{my_memcpy}, arguments +@var{dest} and @var{src} must be non-null. + +The attribute has effect both for functions calls and function definitions. + +For function calls: +@itemize @bullet +@item If the compiler determines that a null pointer is +passed in an argument slot marked as non-null, and the +@option{-Wnonnull} option is enabled, a warning is issued. +@xref{Warning Options}. +@item The @option{-fisolate-erroneous-paths-attribute} option can be +specified to have GCC transform calls with null arguments to non-null +functions into traps. @xref{Optimize Options}. +@item The compiler may also perform optimizations based on the +knowledge that certain function arguments cannot be null. These +optimizations can be disabled by the +@option{-fno-delete-null-pointer-checks} option. @xref{Optimize Options}. +@end itemize + +For function definitions: +@itemize @bullet +@item If the compiler determines that a function parameter that is +marked with non-null is compared with null, and +@option{-Wnonnull-compare} option is enabled, a warning is issued. +@xref{Warning Options}. +@item The compiler may also perform optimizations based on the +knowledge that certain function parameters cannot be null. This can +be disabled by hiding the nonnullness using an inline assembly statement: + +@smallexample +extern int isnull (char *ptr) __attribute__((nonnull)); +int isnull (char *ptr) @{ + asm ("" : "+r"(ptr)); + if (ptr == 0) + return 1; + return 0; +@} +@end smallexample +@end itemize If no @var{arg-index} is given to the @code{nonnull} attribute, all pointer arguments are marked as non-null. To illustrate, the