[Bug c++/108646] New: nonnull attribute does not detect variables that are NULL being passed

[Bug c++/108646] New: nonnull attribute does not detect variables that are NULL being passed

[jg at jguk dot org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=108646

            Bug ID: 108646
           Summary: nonnull attribute does not detect variables that are
                    NULL being passed
           Product: gcc
           Version: 12.2.0
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: c++
          Assignee: unassigned at gcc dot gnu.org
          Reporter: jg at jguk dot org
  Target Milestone: ---

If we pass NULL directly, there is a good warning (pasted below from today on
Godblot.org latest gcc trunk)

However, there is no error if passing a variable set to NULL.
Could gcc detect this situation?



#include <cstddef>
void * mem2(void *dest) __attribute__((nonnull));
void test(void)
{
 char *dest = NULL;
 mem2(dest); 
 }



This is the warning when NULL is passed directly:

<source>: In function 'void test()':
<source>:6:6: warning: argument 1 null where non-null expected [-Wnonnull]
    6 |  mem2(NULL);
      |  ~~~~^~~~~~
<source>:2:8: note: in a call to function 'void* mem2(void*)' declared
'nonnull'
    2 | void * mem2(void *dest) __attribute__((nonnull));
      |        ^~~~
Compiler returned: 0

[Bug c++/108646] nonnull attribute does not detect variables that are NULL being passed

[pinskia at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=108646

Andrew Pinski <pinskia at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
         Resolution|---                         |DUPLICATE
             Status|UNCONFIRMED                 |RESOLVED

--- Comment #1 from Andrew Pinski <pinskia at gcc dot gnu.org> ---
Dup of bug 95515.

*** This bug has been marked as a duplicate of bug 95515 ***

[Bug c++/108646] nonnull attribute does not detect variables that are NULL being passed

[redi at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=108646

--- Comment #2 from Jonathan Wakely <redi at gcc dot gnu.org> ---
It already does detect it:

n.c: In function ‘test’:
n.c:6:2: warning: argument 1 null where non-null expected [-Wnonnull]
    6 |  mem2(dest);
      |  ^~~~~~~~~~
n.c:2:8: note: in a call to function ‘mem2’ declared ‘nonnull’
    2 | void * mem2(void *dest) __attribute__((nonnull));
      |        ^~~~

You need to enable optimization, otherwise there is no data flow analysis.

Without optimization, it detects it with -fanalyzer

n.c: In function ‘void test()’:
n.c:6:6: warning: use of NULL ‘dest’ where non-null expected [CWE-476]
[-Wanalyzer-null-argument]
    6 |  mem2(dest);
      |  ~~~~^~~~~~
  ‘void test()’: events 1-2
    |
    |    5 |  char *dest = NULL;
    |      |        ^~~~
    |      |        |
    |      |        (1) ‘dest’ is NULL
    |    6 |  mem2(dest);
    |      |  ~~~~~~~~~~
    |      |      |
    |      |      (2) argument 1 (‘dest’) NULL where non-null expected
    |
n.c:2:8: note: argument 1 of ‘void* mem2(void*)’ must be non-null
    2 | void * mem2(void *dest) __attribute__((nonnull));
      |        ^~~~


And it's also detected at runtime using -fsanitize=undefined:

n.c:6:6: runtime error: null pointer passed as argument 1, which is declared to
never be null

[Bug c++/108646] nonnull attribute does not detect variables that are NULL being passed

[jg at jguk dot org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=108646

--- Comment #3 from Jonny Grant <jg at jguk dot org> ---
(In reply to Jonathan Wakely from comment #2)
> It already does detect it:
> 
> n.c: In function ‘test’:
> n.c:6:2: warning: argument 1 null where non-null expected [-Wnonnull]
>     6 |  mem2(dest);
>       |  ^~~~~~~~~~
> n.c:2:8: note: in a call to function ‘mem2’ declared ‘nonnull’
>     2 | void * mem2(void *dest) __attribute__((nonnull));
>       |        ^~~~
> 
> You need to enable optimization, otherwise there is no data flow analysis.
> 
> Without optimization, it detects it with -fanalyzer
> 
> n.c: In function ‘void test()’:
> n.c:6:6: warning: use of NULL ‘dest’ where non-null expected [CWE-476]
> [-Wanalyzer-null-argument]
>     6 |  mem2(dest);
>       |  ~~~~^~~~~~
>   ‘void test()’: events 1-2
>     |
>     |    5 |  char *dest = NULL;
>     |      |        ^~~~
>     |      |        |
>     |      |        (1) ‘dest’ is NULL
>     |    6 |  mem2(dest);
>     |      |  ~~~~~~~~~~
>     |      |      |
>     |      |      (2) argument 1 (‘dest’) NULL where non-null expected
>     |
> n.c:2:8: note: argument 1 of ‘void* mem2(void*)’ must be non-null
>     2 | void * mem2(void *dest) __attribute__((nonnull));
>       |        ^~~~
> 
> 
> And it's also detected at runtime using -fsanitize=undefined:
> 
> n.c:6:6: runtime error: null pointer passed as argument 1, which is declared
> to never be null


That's great it works with optimization, I should remember to always do
that.(In reply to Jonathan Wakely from comment #2)
> It already does detect it:
> 
> n.c: In function ‘test’:
> n.c:6:2: warning: argument 1 null where non-null expected [-Wnonnull]
>     6 |  mem2(dest);
>       |  ^~~~~~~~~~
> n.c:2:8: note: in a call to function ‘mem2’ declared ‘nonnull’
>     2 | void * mem2(void *dest) __attribute__((nonnull));
>       |        ^~~~
> 
> You need to enable optimization, otherwise there is no data flow analysis.
> 
> Without optimization, it detects it with -fanalyzer
> 
> n.c: In function ‘void test()’:
> n.c:6:6: warning: use of NULL ‘dest’ where non-null expected [CWE-476]
> [-Wanalyzer-null-argument]
>     6 |  mem2(dest);
>       |  ~~~~^~~~~~
>   ‘void test()’: events 1-2
>     |
>     |    5 |  char *dest = NULL;
>     |      |        ^~~~
>     |      |        |
>     |      |        (1) ‘dest’ is NULL
>     |    6 |  mem2(dest);
>     |      |  ~~~~~~~~~~
>     |      |      |
>     |      |      (2) argument 1 (‘dest’) NULL where non-null expected
>     |
> n.c:2:8: note: argument 1 of ‘void* mem2(void*)’ must be non-null
>     2 | void * mem2(void *dest) __attribute__((nonnull));
>       |        ^~~~
> 
> 
> And it's also detected at runtime using -fsanitize=undefined:
> 
> n.c:6:6: runtime error: null pointer passed as argument 1, which is declared
> to never be null


That's great. I should have remembered to add -O2

Is it worth -Wnonnull emitting a warning message that it needs optimization to
get the needed data flow analysis?

[Bug c++/108646] nonnull attribute does not detect variables that are NULL being passed

[redi at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=108646

--- Comment #4 from Jonathan Wakely <redi at gcc dot gnu.org> ---
(In reply to Jonny Grant from comment #3)
> Is it worth -Wnonnull emitting a warning message that it needs optimization
> to get the needed data flow analysis?

No, there are dozens of warnings that work poorly, or not at all, unless
optimization is enabled. It's in the manual.

"The effectiveness of some warnings depends on optimizations also being
enabled. For example -Wsuggest-final-types is more effective with link-time
optimization and some instances of other warnings may not be issued at all
unless optimization is enabled. While optimization in general improves the
efficacy of control and data flow sensitive warnings, in some cases it may also
cause false positives."

[Bug c++/108646] nonnull attribute does not detect variables that are NULL being passed

[jg at jguk dot org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=108646

--- Comment #5 from Jonny Grant <jg at jguk dot org> ---
(In reply to Jonathan Wakely from comment #4)
> (In reply to Jonny Grant from comment #3)
> > Is it worth -Wnonnull emitting a warning message that it needs optimization
> > to get the needed data flow analysis?
> 
> No, there are dozens of warnings that work poorly, or not at all, unless
> optimization is enabled. It's in the manual.
> 
> "The effectiveness of some warnings depends on optimizations also being
> enabled. For example -Wsuggest-final-types is more effective with link-time
> optimization and some instances of other warnings may not be issued at all
> unless optimization is enabled. While optimization in general improves the
> efficacy of control and data flow sensitive warnings, in some cases it may
> also cause false positives."

Ok I see. Thank you for clarifying.