https://gcc.gnu.org/bugzilla/show_bug.cgi?id=96003
Martin Sebor <msebor at gcc dot gnu.org> changed: What |Removed |Added ---------------------------------------------------------------------------- Ever confirmed|0 |1 Status|UNCONFIRMED |NEW Keywords|rejects-valid | Last reconfirmed| |2020-07-09 Blocks| |95507 Summary|Maybe a false positive for |[11 Regression] Maybe a |-Werror=nonnull |false positive for | |-Werror=nonnull --- Comment #4 from Martin Sebor <msebor at gcc dot gnu.org> --- Confirmed for the test case in comment #0. It's a warning, not an error (except with -Werror if requested), so removing rejects-valid. The warning is doing what it's designed to do. The corresponding diagnostic is emitted prior to r11-1697 for the following C code: $ cat z.c && gcc -S -Wall -fdump-tree-optimized=/dev/stdout z.c __attribute__ ((nonnull)) void f (void*); void g (void **p) { f (p ? *p : 0); } z.c: In function ‘g’: z.c:5:3: warning: argument 1 null where non-null expected [-Wnonnull] 5 | f (p ? *p : 0); | ^ z.c:1:32: note: in a call to function ‘f’ declared ‘nonnull’ 1 | __attribute__ ((nonnull)) void f (void*); | ^ Unless the warning code is removed from the front end and made to rely solely on the middle end I'm not sure what the generic front end part can do to avoid triggering. Perhaps the C++ front end could wrap the 'r != 0B ? &r->D.2352 : 0B' expression somehow to briefly hide it. The warning in the test case in comment #3 looks correct to me. The function template template <typename d> void e<d>::operator++() { d()->b(); } is instantiated as a result of the calls to e<a *> begin() and e<a *> end() emitted by the for (auto i : g) loop. With d being e*, the d() expression evaluates to a null pointer, so the call is ((e*)0)->b(). Referenced Bugs: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=95507 [Bug 95507] [meta-bug] bogus/missing -Wnonnull