https://gcc.gnu.org/bugzilla/show_bug.cgi?id=121052

            Bug ID: 121052
           Summary: Audit all uses of the nonnull attribute in libstdc++
           Product: gcc
           Version: 15.1.0
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: libstdc++
          Assignee: unassigned at gcc dot gnu.org
          Reporter: redi at gcc dot gnu.org
        Depends on: 110617
  Target Milestone: ---

Many of our uses of the nonnull attribute are probably bugs, e.g.

      polymorphic_allocator(memory_resource* __r) noexcept
      __attribute__((__nonnull__))
      : _M_resource(__r)
      { _GLIBCXX_DEBUG_ASSERT(__r); }

This debug assertion never fails in optimized builds, because the nonnull
attribute tells the compiler that __r is not null, so the assertion is
optimized out as dead code.

The attribute should be removed here, even though it gives useful diagnostic in
some cases.

Some uses are OK, e.g. polymorphic_allocator::deallocate:

      void
      deallocate(_Tp* __p, size_t __n) noexcept
      __attribute__((__nonnull__))
      { _M_resource->deallocate(__p, __n * sizeof(_Tp), alignof(_Tp)); }

I don't think the attribute affects codegen here, because we do the same thing
(call a virtual function) unconditionally. So the attribute might provide
useful warnings here, and does no harm.

Likewise for polymorphic_allocator::construct and
polymorphic_allocator::destroy:

      template<typename _Up>
        __attribute__((__nonnull__))
        void
        destroy(_Up* __p)
        { __p->~_Up(); }

If we supported Clang's diagnose_if attribute we would want to replace most
uses of nonnull with that (because they we would get warnings or even errors
when the compiler can prove there's a bug, but would not remove useful
assertions when the pointer value is not a compile-time constant).


Referenced Bugs:

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=110617
[Bug 110617] RFE: Add a diagnostic-only variant of nonnull attribute

Reply via email to