Ticket #105 (NULL checks)

Joshua Juran jjuran at gmail.com
Wed Dec 31 21:40:14 UTC 2008


On Dec 31, 2008, at 12:26 PM, Andy Dougherty wrote:

> On Wed, 31 Dec 2008, chromatic wrote:
>
>> On Wednesday 31 December 2008 08:03:31 Mark Glines wrote:
>>
>>> Ok, I've gone and read through RT #49316 and RT #50684.  It  
>>> sounds an
>>> awful lot like attribute_nonnull is an optimization, not a  
>>> constraint as
>>> I had originally thought.
>>
>> If we use -Wnonnull (implied by -Wall), we'll get compile warnings  
>> when we
>> pass potentially null parameters to functions which require non-null
>> parameters.  There may be optimization possibilities there, but I  
>> believe the
>> primary purpose was to get these warnings.
>
> Except gcc can't always detect if the pointers are "potentially null".
> The problem arises when pointers that are not supposed to be null  
> end up
> being null due to a bug elsewhere in the program.  In those cases, the
> attribute_nonnull actually gets in the way by allowing gcc to optimize
> away checks for such buggy pointers.

If you're declaring the function both with and without the nonnull  
attribute in different places, then this is a bug no different than  
any other case of inconsistent prototypes.  But if gcc considers  
nonnull a guarantee (on which it can base optimizations) but doesn't  
deliver on this same guarantee (i.e. forbidding you to pass unchecked  
pointers as nonnull arguments) then that is either a bug in the  
nonnull implementation or the design itself is flawed.

If const was used only as a basis for optimizations but didn't  
actually enforce a contract, it would be equally problematic.

Josh




More information about the parrot-dev mailing list