------- Comment #10 from pgut001 at cs dot auckland dot ac dot nz 2008-06-11 03:47 ------- >13. Unlike for C9X, the consensus at the London meeting was that there should >be no invention, without exception. Only those features that have a history >and are in common use by a commercial implementation should be considered. >Also there must be care to standardize these features in a way that would >make the Standard and the commercial implementation compatible.
Well they've done exactly that, it's perfectly compatible with VC++ (via PREfast), which is a widely-used commercial implementation :-). >Do you have a reference to the incompatible proposal? I sent N1259 a while >back warning about incompatibilities in syntax; perhaps a paper is needed on >incompatible semantics as well. I'm using N1273, which seems to be the only published statement on the use of attributes. For stdc_nonnull it describes the proposed semantics as: To be discussed[[the implementation may/it is implementation defined add assertions to ensure the runtime values of the variables are not null pointers] OTOH the gcc interpretation of this seems to be: To be discussed[[the implementation may/it is implementation defined *remove* assertions that ensure the runtime values of the variables are not null pointers] If the current gcc behaviour is regarded as correct and appropriate then maybe the docs need to be updated (which is why I originally reported this as a doc. bug, I wasn't sure which of the two was definitive). Currently the docs say something to the effect of: The compiler WILL issue warnings and MAY change its code generation when it sees this attribute. when in fact what it really does is: The compiler WILL change its code generation and MAY issue warnings when it sees this attribute. So the proposed change would be to substitute, in place of the current ... causes the compiler to check that, in calls to my_memcpy, arguments dest and src are non-null. If the compiler determines that a null pointer is passed in an argument slot marked as non-null, and the -Wnonnull option is enabled, a warning is issued. The compiler may also choose to make optimizations based on the knowledge that certain function arguments will not be null. the new text: ... causes the compiler to make optimizations based on the knowledge that certain function arguments will not be null. The compiler may also choose to check that, in calls to my_memcpy, arguments dest and src are non-null. If the compiler determines that a null pointer is passed in an argument slot marked as non-null, and the -Wnonnull option is enabled, a warning is issued. This more accurately reflects the actual behaviour of the compiler. -- http://gcc.gnu.org/bugzilla/show_bug.cgi?id=36166