https://gcc.gnu.org/bugzilla/show_bug.cgi?id=121052
Bug ID: 121052 Summary: Audit all uses of the nonnull attribute in libstdc++ Product: gcc Version: 15.1.0 Status: UNCONFIRMED Severity: normal Priority: P3 Component: libstdc++ Assignee: unassigned at gcc dot gnu.org Reporter: redi at gcc dot gnu.org Depends on: 110617 Target Milestone: --- Many of our uses of the nonnull attribute are probably bugs, e.g. polymorphic_allocator(memory_resource* __r) noexcept __attribute__((__nonnull__)) : _M_resource(__r) { _GLIBCXX_DEBUG_ASSERT(__r); } This debug assertion never fails in optimized builds, because the nonnull attribute tells the compiler that __r is not null, so the assertion is optimized out as dead code. The attribute should be removed here, even though it gives useful diagnostic in some cases. Some uses are OK, e.g. polymorphic_allocator::deallocate: void deallocate(_Tp* __p, size_t __n) noexcept __attribute__((__nonnull__)) { _M_resource->deallocate(__p, __n * sizeof(_Tp), alignof(_Tp)); } I don't think the attribute affects codegen here, because we do the same thing (call a virtual function) unconditionally. So the attribute might provide useful warnings here, and does no harm. Likewise for polymorphic_allocator::construct and polymorphic_allocator::destroy: template<typename _Up> __attribute__((__nonnull__)) void destroy(_Up* __p) { __p->~_Up(); } If we supported Clang's diagnose_if attribute we would want to replace most uses of nonnull with that (because they we would get warnings or even errors when the compiler can prove there's a bug, but would not remove useful assertions when the pointer value is not a compile-time constant). Referenced Bugs: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=110617 [Bug 110617] RFE: Add a diagnostic-only variant of nonnull attribute