On 06/19/2017 08:26 AM, Eduardo Habkost wrote: >> Is gcc's __attribute__((nonnull)) any better? It seems to apply >> to the whole function prototype rather than an individual argument >> though so probably not :-( > > It's possible to specify which arguments are non-null with > nonnull(<arg-index>, ...). It's harder to use, but probably more > Coccinelle-friendly.
Libvirt uses it, wrapped in a macro; for example:
int ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2)
virCPUDefCopyModel(virCPUDefPtr dst,
const virCPUDef *src,
bool resetPolicy)
{ ...
and at least Coverity is able to use that information (libvirt had
problems in the past where older gcc _silently_ mis-optimized a program
that used the attribute, and ended up having our macro defined only
during Coverity and not during normal compilation; but I think that's
finally been resolved now that newer gcc is saner in its behavior). I
don't know how much smarts Coccinelle has for coming up with the right
parameter number in an automated conversion patch, though.
--
Eric Blake, Principal Software Engineer
Red Hat, Inc. +1-919-301-3266
Virtualization: qemu.org | libvirt.org
signature.asc
Description: OpenPGP digital signature
