Diego Novillo wrote:
From a user's perspective I see the obvious drawback that you've just
forced me to edit a potentially large number of source files just to add
the __attribute__((never_null)).
I'm clearly not explaining myself ...
Of course I'm not proposing that. My point was that my proposal
*allows* explicit setting of the __attribute__((never_null)). But
more likely it's the *compiler* (optimizer) that sets the attribute.
The other approach just needs a single
__attribute__ in the function declaration.
You missed this
> int *this_never_returns_NULL(void) __attribute__((never_returns_null));
> could be viewed as syntactic sugar for:
> (int __attribute__((never_null)) *) this_never_returns_NULL(void);
I.e. just a single attribute in the function declaration.
The phrase "syntactic sugar" means that people can write the former,
and it's equivalent to the latter.
Another problem I would have as a user is if you suddenly make 'int *' and
'int * __attribute__((non_null))' different/incompatible types. If I have
a function that takes 'int *' as argument, I don't want to start adding
tons of type casts to get around compiler warnings/errors.
Bad example. The 'int *' type is more general than
'int*__attribute__((non_null))', so assigning an expression that
has type 'int*__attribute__((non_null))' to a variable or parameter
that has type 'int*' is always safe, and shouldn't warn.
As to the other way round, that is a user interface issue, orthognal to
the semantic issue. But if a variable is explicitly declared
'int * __attribute__((non_null))' and you pass it an 'int *' expression
then a warning is probably in order, since you're doing something dangerous.
One more point: If someone writes:
int *x = this_never_returns_NULL();
Then the type of x is 'int *' and that of this_never_returns_NULL()
is 'int __attribute__((never_null)) *'. This is fine and safe.
However, ideally the compiler should realize that x actually has
the more specific type 'int __attribute__((never_null)) *', and
should use that information to generate better code. It seems
this should be straightforward using SSA, as I sketched in my
previous message.
--
--Per Bothner
[EMAIL PROTECTED] http://per.bothner.com/
