Am Friday 07 September 2012 schrieb Niels Möller:
Tim Ruehsen tim.ruehsen@gmx.de writes:
Some things I fixed, when having a look at the sources.
Thanks.
I'm going to a reply to one or a few issues at a time. Feel free to remind me if some things are still left unaddressed in a few weeks.
#define NONNULL(...) __attribute__ ((nonnull(__VA_ARGS__))) is contains a C99 feature (...), but there are also C99 long long constants somewhere in the code (if you mind C89 compliancy).
I intend to stick to C89, except that I'll happily use features which have been widely available for a long time even though not standardized. Maybe the use of long long constants (where?) are of that type?
So I don't want to use __VA_ARGS__. In this particular case, shouldn't it work fine with
#define NONNULL(args) __attribute__ ((nonnull args))
Yes, functions with several non-null args than need several NONNULL(x) occurrences. That isn't too ugly. Just change it as you like.
to be used as, e.g., NONNULL((1)) ?
About __attribute__ nonnull, I have some questions.
- Does it give any significant benefit, in terms of significant optimizations (I don't think I understand what optimizations it should make possible) or real bugs catched?
The idea of nonnull is to enable the compiler detecting possible NULL arguments where they must not be. E.g. char *s=NULL; strlen(s); would let the compiler print a warning. Especially static analyzers can make use of nonnull attributes
Of course there is a BUT: Gcc (IMHO, upto the 4.8) has a problem in detecting indirectly used NULL values. At the same time, when optimizing a function with a nonnull argument, gcc optimizes away checks against NULL for the appropriate variables. see http://gcc.gnu.org/bugzilla/show_bug.cgi?id=17308
Example: void f(char *arg) NONNULL(1) { if (arg) *arg=0; }
would be optimized to void f(char *arg) NONNULL(1) { *arg=0; }
Since gcc can't detect indirect NULL values, the function may crash the process.
I am not shure, but maybe something like #if defined(__clang__) # define NONNULL(args) __attribute__ ((nonnull args)) #endif
to make use of NONNULL at least for clang analyzing.
Different projects handle nonnull in different ways. I, personally, wouldn't miss that feature...
- Since when (release and year) is it supported by gcc?
I found it to be for gcc >= 3.3, see http://ohse.de/uwe/articles/gcc-attributes.html#func-nonnull
- To really make use of it, we should add it to a lot of prototypes in the installed headers. That makes things a bit more complicated, since those headers can't use config.h.
The more functions we add nonnull to, the more segfaults the compiler should catch (see 1.). The reason I used nonnull were several compiler warnings. The current libc6 header files seem to use nonnull by default (gcc 4.7.1, libc6 2.13). Maybe there should be -std=c89 in den CFLAGS to prevent that ?
Regards, /Niels
Regards, Tim