https://gcc.gnu.org/bugzilla/show_bug.cgi?id=121052
Bug ID: 121052
Summary: Audit all uses of the nonnull attribute in libstdc++
Product: gcc
Version: 15.1.0
Status: UNCONFIRMED
Severity: normal
Priority: P3
Component: libstdc++
Assignee: unassigned at gcc dot gnu.org
Reporter: redi at gcc dot gnu.org
Depends on: 110617
Target Milestone: ---
Many of our uses of the nonnull attribute are probably bugs, e.g.
polymorphic_allocator(memory_resource* __r) noexcept
__attribute__((__nonnull__))
: _M_resource(__r)
{ _GLIBCXX_DEBUG_ASSERT(__r); }
This debug assertion never fails in optimized builds, because the nonnull
attribute tells the compiler that __r is not null, so the assertion is
optimized out as dead code.
The attribute should be removed here, even though it gives useful diagnostic in
some cases.
Some uses are OK, e.g. polymorphic_allocator::deallocate:
void
deallocate(_Tp* __p, size_t __n) noexcept
__attribute__((__nonnull__))
{ _M_resource->deallocate(__p, __n * sizeof(_Tp), alignof(_Tp)); }
I don't think the attribute affects codegen here, because we do the same thing
(call a virtual function) unconditionally. So the attribute might provide
useful warnings here, and does no harm.
Likewise for polymorphic_allocator::construct and
polymorphic_allocator::destroy:
template<typename _Up>
__attribute__((__nonnull__))
void
destroy(_Up* __p)
{ __p->~_Up(); }
If we supported Clang's diagnose_if attribute we would want to replace most
uses of nonnull with that (because they we would get warnings or even errors
when the compiler can prove there's a bug, but would not remove useful
assertions when the pointer value is not a compile-time constant).
Referenced Bugs:
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=110617
[Bug 110617] RFE: Add a diagnostic-only variant of nonnull attribute
