On Wed, 2022-03-23 at 17:52 +0100, Sebastian Huber wrote: > On 23/03/2022 17:31, Martin Sebor via Gcc-patches wrote: > > > > The concern is that the constraints implied by atttributes access > > and > > nonnull are independent of each other. I would suggest to document > > that without talking about dereferencing because that's not implied > > by either of them. E.g., something like this (feel free to tweak > > it > > as you see fit): > > > > Note that the @code{access} attribute doesn't imply the same > > constraint as attribute @code{nonnull} (@pxref{Attribute > > nonnull}). > > The latter attribute should be used to annotate arguments that > > must > > never be null, regardless of the value of the size argument. > > I would not give an advice on using the nonnull attribute here. This > attribute could have pretty dangerous effects in the function > definition > (removal of null pointer checks). >
That's a fair point. Here's a v3 of the patch, which tones down the advice, and mentions that there are caveats when directing the reader to the "nonnull" attribute. How does this look? gcc/ChangeLog: * doc/extend.texi (Common Function Attributes): Document that 'access' does not imply 'nonnull'. Signed-off-by: David Malcolm <dmalc...@redhat.com> --- gcc/doc/extend.texi | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/gcc/doc/extend.texi b/gcc/doc/extend.texi index a4a25e86928..539dad7001d 100644 --- a/gcc/doc/extend.texi +++ b/gcc/doc/extend.texi @@ -2652,6 +2652,14 @@ The mode is intended to be used as a means to help validate the expected object size, for example in functions that call @code{__builtin_object_size}. @xref{Object Size Checking}. +Note that the @code{access} attribute merely specifies how an object +referenced by the pointer argument can be accessed; it does not imply that +an access @strong{will} happen. Also, the @code{access} attribute does not +imply the attribute @code{nonnull}; it may be appropriate to add both attributes +at the declaration of a function that unconditionally manipulates a buffer via +a pointer argument. See the @code{nonnull} attribute for more information and +caveats. + @item alias ("@var{target}") @cindex @code{alias} function attribute The @code{alias} attribute causes the declaration to be emitted as an alias -- 2.26.3