https://gcc.gnu.org/bugzilla/show_bug.cgi?id=96003

Martin Sebor <msebor at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
     Ever confirmed|0                           |1
             Status|UNCONFIRMED                 |NEW
           Keywords|rejects-valid               |
   Last reconfirmed|                            |2020-07-09
             Blocks|                            |95507
            Summary|Maybe a false positive for  |[11 Regression] Maybe a
                   |-Werror=nonnull             |false positive for
                   |                            |-Werror=nonnull

--- Comment #4 from Martin Sebor <msebor at gcc dot gnu.org> ---
Confirmed for the test case in comment #0.  It's a warning, not an error
(except with -Werror if requested), so removing rejects-valid.  The warning is
doing what it's designed to do.  The corresponding diagnostic is emitted prior
to r11-1697 for the following C code:

$ cat z.c && gcc -S -Wall -fdump-tree-optimized=/dev/stdout z.c
__attribute__ ((nonnull)) void f (void*);

void g (void **p)
{
  f (p ? *p : 0);
}
z.c: In function ‘g’:
z.c:5:3: warning: argument 1 null where non-null expected [-Wnonnull]
    5 |   f (p ? *p : 0);
      |   ^
z.c:1:32: note: in a call to function ‘f’ declared ‘nonnull’
    1 | __attribute__ ((nonnull)) void f (void*);
      |                                ^

Unless the warning code is removed from the front end and made to rely solely
on the middle end I'm not sure what the generic front end part can do to avoid
triggering.  Perhaps the C++ front end could wrap the 'r != 0B ? &r->D.2352 :
0B' expression somehow to briefly hide it.

The warning in the test case in comment #3 looks correct to me.  The function
template

  template <typename d> void e<d>::operator++() { d()->b(); }

is instantiated as a result of the calls to e<a *> begin() and e<a *> end()
emitted by the for (auto i : g) loop.  With d being e*, the d() expression
evaluates to a null pointer, so the call is ((e*)0)->b().


Referenced Bugs:

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=95507
[Bug 95507] [meta-bug] bogus/missing -Wnonnull

Reply via email to