Hi, Sorry for Clang people, when I started this thread, I wasn't subscribed to your list, and some messages are not on your list. You can find the complete thread on the GCC list: <https://gcc.gnu.org/pipermail/gcc/2021-November/237743.html>
I have a few questions for you. See below, please. On 11/16/21 13:34, Alejandro Colomar (man-pages) wrote:
$ cat _Nonnull.c #include <stdlib.h> int *_Nonnull f(int *_Nullable p) { if (!p) exit(1); return p; } - I get a warning from f(). Ideally, a programmer should not need to cast (casts are dangerous), to convert a nullable pointer to a _Nonnull pointer. For that, appropriate checks should be in the preceeding code. Otherwise, a diagnostic should be issued. To be on the safe side, if a compiler has doubts, it should diagnose. There's some Clang document that talks about something similar. I don't know its validity, or if it was a draft before _Nonnull qualifiers. <https://clang.llvm.org/docs/analyzer/developer-docs/nullability.html>
That document suggests that I shouldn't get a diagnostic from f(). Why did I get a diagnostic? (I tried clang 11, 13 & 14(experimental)) Is it talking about a different nonnull attribute/qualifier? Was it about a proposal prior to the current _Nonnull? Why is it not in use? Was it too difficult to implement? Do you think Clang could be improved to not warn on f()? Thanks, Alex