On Tue, Jun 27, 2017 at 03:12:25PM -0500, Eric Blake wrote:
> On 06/19/2017 08:26 AM, Eduardo Habkost wrote:
>
> >> Is gcc's __attribute__((nonnull)) any better? It seems to apply
> >> to the whole function prototype rather than an individual argument
> >> though so probably not :-(
> >
> > It's possible to specify which arguments are non-null with
> > nonnull(<arg-index>, ...). It's harder to use, but probably more
> > Coccinelle-friendly.
>
> Libvirt uses it, wrapped in a macro; for example:
>
> int ATTRIBUTE_NONNULL(1) ATTRIBUTE_NONNULL(2)
> virCPUDefCopyModel(virCPUDefPtr dst,
> const virCPUDef *src,
> bool resetPolicy)
> { ...
>
> and at least Coverity is able to use that information (libvirt had
> problems in the past where older gcc _silently_ mis-optimized a program
> that used the attribute, and ended up having our macro defined only
> during Coverity and not during normal compilation; but I think that's
> finally been resolved now that newer gcc is saner in its behavior). I
> don't know how much smarts Coccinelle has for coming up with the right
> parameter number in an automated conversion patch, though.
In the worst case, the script could have a dozen transformations, one
transformation for each possible number of function arguments.
However, I hit this Coccinelle bug when trying to implement that:
https://github.com/coccinelle/coccinelle/issues/107
--
Eduardo
