[Bug c++/86879] G++ should warn about redundant tests for null pointers returned from functions with __attribute__((returns_nonnull))

[Bug c++/86879] G++ should warn about redundant tests for null pointers returned from functions with __attribute__((returns_nonnull))

[msebor at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=86879

Martin Sebor <msebor at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
   Last reconfirmed|2018-08-07 00:00:00         |2021-4-8

--- Comment #2 from Martin Sebor <msebor at gcc dot gnu.org> ---
No progress in GCC 11.

Clang issues -Wpointer-bool-conversion and -Wundefined-bool-conversion:

 cat pr86879.C && clang -S -Wall pr86879.C
void* get() __attribute__((returns_nonnull));

int f() { return get() ? 0 : 1; }

int& ref();

int g()
{
  return &ref() ? 0 : 1;
}
pr86879.C:3:18: warning: nonnull function call 'get()' will evaluate to 'true'
      on first encounter [-Wpointer-bool-conversion]
int f() { return get() ? 0 : 1; }
                 ^~~~~ ~
pr86879.C:1:28: note: declared 'returns_nonnull' here
void* get() __attribute__((returns_nonnull));
                           ^
pr86879.C:9:11: warning: reference cannot be bound to dereferenced null pointer
      in well-defined C++ code; pointer may be assumed to always convert to
true
      [-Wundefined-bool-conversion]
  return &ref() ? 0 : 1;
          ^~~~~ ~
pr86879.C:5:6: note: 'ref' returns a reference
int& ref();
     ^
2 warnings generated.

[Bug c++/86879] G++ should warn about redundant tests for null pointers returned from functions with __attribute__((returns_nonnull))

[paul at crapouillou dot net]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=86879

Paul Cercueil <paul at crapouillou dot net> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |paul at crapouillou dot net

--- Comment #3 from Paul Cercueil <paul at crapouillou dot net> ---
I would also like to see a warning, and also in C code, for a different reason.

I have functions that return pointers to opaque structures. In case of an
error, instead of returning NULL and setting errno, it encodes the error code
into the pointer value.

The error code can then be retrieved with the following inline function:

static inline int is_err(const void *ptr)
{
        return (uintptr_t) ptr >= (uintptr_t) -4095 ? (int)(intptr_t) ptr : 0;
}

if is_err(ptr) returns 0, then the pointer is valid - otherwise it returns the
error code.

Note that this was inspired on the Linux kernel, which has the exact same
mechanism.

What I want to prevent (and warn on), is incorrect error-checking of the
functions using this mechanism. Most often than not, callers will do this:

struct foo *ptr = maybe_return_errptr(arg);
if (!ptr) {
   printf("Error!\n");
   return NULL;
}

To avoid this mistake, I could tag my "maybe_return_errptr()" function with
__attribute__((returns_nonnull)). However, even with that, GCC does not warn
about the NULL-check; and it'd be great if it would.