[Bug c++/95354] New: GCC misuse "nonnull-attribute" option and can not detect it as UB as well

[Bug c++/95354] New: GCC misuse "nonnull-attribute" option and can not detect it as UB as well

[haoxintu at gmail dot com]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=95354

            Bug ID: 95354
           Summary: GCC misuse "nonnull-attribute" option and can not
                    detect it as UB as well
           Product: gcc
           Version: 11.0
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: c++
          Assignee: unassigned at gcc dot gnu.org
          Reporter: haoxintu at gmail dot com
  Target Milestone: ---

This case test.cc

#include<iostream>
#include<cstddef>
void has_nonnull_argument(__attribute__((nonnull)) int *p) { 
     ; 
}
int main () {
    has_nonnull_argument(NULL);
    std::cout << "ok" << std::endl;
    return 0;
}

in GCC-trunk

$./g++ -fsanitize=undefined test.cc ; ./a.out 
test.cc:3:57: warning: ‘nonnull’ attribute only applies to function types
[-Wattributes]
    3 | void has_nonnull_argument(__attribute__((nonnull)) int *p) {
      |                                                         ^
ok

$./g++ -fsanitize=nonull-attribute test.cc ; ./a.out 
test.cc:3:57: warning: ‘nonnull’ attribute only applies to function types
[-Wattributes]
    3 | void has_nonnull_argument(__attribute__((nonnull)) int *p) {
      |                                                         ^
ok

in Clang-trunk

$clang++ -fsanitize=nonnull-attribute test.cc ; ./a.out 
est.cc:7:30: warning: null passed to a callee that requires a non-null argument
[-Wnonnull]
    has_nonnull_argument(NULL);
                         ~~~~^
1 warning generated.
test.cc:7:26: runtime error: null pointer passed as argument 1, which is
declared to never be null
test.cc:3:42: note: nonnull attribute specified here
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior test.cc:7:26 in 
ok

According to the description in
https://gcc.gnu.org/onlinedocs/gcc/Instrumentation-Options.html#Instrumentation-Options
for "-fsanitize=nonull-attribute", it says "This option enables instrumentation
of calls, checking whether null values are not passed to arguments marked as
requiring a non-null value by the nonnull function attribute." 

I guess the warning message by GCC may also incorrect, the correct one should
look like in Clang produced.

I have tested them in recent GCC versions including GCC-8, GCC-9, and GCC-10,
they have the same symptom as well.

My GCC version is
$g++ --version
g++ (GCC) 11.0.0 20200526 (experimental)
Copyright (C) 2020 Free Software Foundation, Inc.
This is free software; see the source for copying conditions.  There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

[Bug c++/95354] GCC misuse "nonnull-attribute" option and can not detect it as UB as well

[pinskia at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=95354

Andrew Pinski <pinskia at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
         Resolution|---                         |INVALID
             Status|UNCONFIRMED                 |RESOLVED

--- Comment #1 from Andrew Pinski <pinskia at gcc dot gnu.org> ---
No,
The place where nonnull attribute is not on the argument itself but rather on
the function.

See the document at:
https://gcc.gnu.org/onlinedocs/gcc-10.1.0/gcc/Common-Function-Attributes.html#index-nonnull-function-attribute

THIS IS WHY GCC Is warning on that pointer and all.

[Bug c++/95354] GCC misuse "nonnull-attribute" option and can not detect it as UB as well

[redi at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=95354

--- Comment #2 from Jonathan Wakely <redi at gcc dot gnu.org> ---
Allowing the attribute on individual parameters might be nice though.

I hate the fact that for C++ member functions the first parameter is the
implicit 'this' pointer which always has to be non-null anyway.

[Bug c++/95354] GCC misuse "nonnull-attribute" option and can not detect it as UB as well

[haoxintu at gmail dot com]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=95354

--- Comment #3 from Haoxin Tu <haoxintu at gmail dot com> ---
I see. Are there any cases that can trigger the UB of nonnull-attribute? I
doubt the usage of “-fsanitize=nonnull-attribute” in GCC...

[Bug c++/95354] GCC misuse "nonnull-attribute" option and can not detect it as UB as well

[redi at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=95354

--- Comment #4 from Jonathan Wakely <redi at gcc dot gnu.org> ---
(In reply to Haoxin Tu from comment #3)
> I see. Are there any cases that can trigger the UB of nonnull-attribute? I
> doubt the usage of “-fsanitize=nonnull-attribute” in GCC...

Yes, just use the attribute correctly.

Using:

__attribute__((nonnull)) void has_nonnull_argument(int *p) { 
     ; 
}

will cause UBsan to diagnose it:

nn.cc:7:25: runtime error: null pointer passed as argument 1, which is declared
to never be null

[Bug c++/95354] GCC misuse "nonnull-attribute" option and can not detect it as UB as well

[haoxintu at gmail dot com]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=95354

--- Comment #5 from Haoxin Tu <haoxintu at gmail dot com> ---
(In reply to Jonathan Wakely from comment #4)
> (In reply to Haoxin Tu from comment #3)
> > I see. Are there any cases that can trigger the UB of nonnull-attribute? I
> > doubt the usage of “-fsanitize=nonnull-attribute” in GCC...
> 
> Yes, just use the attribute correctly.
> 
> Using:
> 
> __attribute__((nonnull)) void has_nonnull_argument(int *p) { 
>      ; 
> }
> 
> will cause UBsan to diagnose it:
> 
> nn.cc:7:25: runtime error: null pointer passed as argument 1, which is
> declared to never be null

Thanks, Jonathan, Got it ~