public inbox for gcc-help@gcc.gnu.org
 help / color / mirror / Atom feed
From: Xi Ruoyao <xry111@xry111.site>
To: Jonny Grant <jg@jguk.org>, Jonathan Wakely <jwakely.gcc@gmail.com>
Cc: gcc-help <gcc-help@gcc.gnu.org>
Subject: Re: std::string add nullptr attribute
Date: Mon, 20 Feb 2023 20:59:37 +0800	[thread overview]
Message-ID: <d0a81d2e2035ebb98845d03f257f0c40fa0411dc.camel@xry111.site> (raw)
In-Reply-To: <163945d9-6c24-d4e1-7029-980b988bd634@jguk.org>

On Mon, 2023-02-20 at 11:30 +0000, Jonny Grant wrote:

> Thank you for the suggestion, I gave that nonnull attribute a try, but
> it doesn't appear to warn for this example.
> 
> https://godbolt.org/z/boqTj6oWE

Ouch... The optimizer inlined make_std_string so both -Wnonnull and -
fanalyzer fails to catch the issue here.

Adding noipa attribute for make_std_string will work, but will also
cause the generated code stupidly slow.  Maybe:

#ifdef WANT_DIAGNOSTIC
#define MAKE_STD_STRING_ATTR __attribute__ ((noipa, nonnull))
#else
#define MAKE_STD_STRING_ATTR
#endif

std::string make_std_string(const char * const str) MAKE_STD_STRING_ATTR;

It still looks very stupid though.

> Feels useful to get build warnings if compiler knows nullptr is going
> to be dereferenced, as clang does.

The problem is in this case nullptr is not dereferenced, at all.  So if
we want a warning here we'll have to invent some new __builtin or
__attribute__ to give the compiler a hint.  AFAIK there is no such
facility now.

And you cannot simply justifying to add a new facility because "I feel
it useful".  Generally you need to show the benefit will be at least
equally great than the maintenance burden introduced into the GCC code
base.  And unfortunately usually we can only measure the burden after
really writing all the code...  So it's not easy to convince someone to
develop such a new feature.

> Personally I feel runtime should equally handle possible nullptr by
> constructing strings in a try catch block so any exceptions are
> handled or logged at least...

A portable runtime should not assume std::string(NULL) will raise an
exception because other C++ standard libraries may behave differently. 
The portable solution is to make a wrapper around std::string
constructor and check if the parameter is NULL.

> Personally I would be pleased if GCC had a warning I could enable to
> report any logic_error exceptions it knew would execute.

Or maybe when a program will definitely raise an uncatched exception. 
But is the feature really useful?  This will not happen for anything
other than simple toy programs.

-- 
Xi Ruoyao <xry111@xry111.site>
School of Aerospace Science and Technology, Xidian University

  reply	other threads:[~2023-02-20 12:59 UTC|newest]

Thread overview: 36+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-02-09 13:26 Jonny Grant
2023-02-09 14:56 ` Jonathan Wakely
2023-02-09 16:30   ` Xi Ruoyao
2023-02-09 17:52     ` Jonathan Wakely
2023-02-10 21:30       ` Jonny Grant
2023-02-10 22:03         ` Jonathan Wakely
2023-02-10 22:38           ` Jonny Grant
2023-02-11  0:32             ` Jonathan Wakely
2023-02-13 22:02               ` Jonny Grant
2023-02-19 20:43               ` Jonny Grant
2023-02-19 21:33                 ` Jonny Grant
2023-02-20 10:26                   ` Xi Ruoyao
2023-02-20 10:37                     ` Jonathan Wakely
2023-02-20 10:54                       ` Xi Ruoyao
2023-02-20 11:10                         ` Gabriel Ravier
2023-02-20 11:18                           ` Marc Glisse
2023-02-20 11:28                             ` Segher Boessenkool
2023-02-20 12:00                               ` Jonny Grant
2023-02-20 14:50                               ` Gabriel Ravier
2023-02-20 11:44                             ` Jonny Grant
2023-02-21 15:02                             ` Jonny Grant
2023-02-20 11:38                           ` Jonny Grant
2023-02-20 11:30                       ` Jonny Grant
2023-02-20 12:59                         ` Xi Ruoyao [this message]
2023-02-20 13:44                           ` Jonathan Wakely
2023-02-20 19:21                             ` Jonny Grant
2023-02-20 19:35                               ` Jonathan Wakely
2023-02-20 19:39                                 ` Jonny Grant
2023-02-22 20:27                                 ` Jonny Grant
2023-02-21 15:04                           ` Jonny Grant
2023-02-21 22:48                           ` Jonny Grant
2023-03-04 15:00                           ` Jonny Grant
2023-02-20 11:25                     ` Jonny Grant
2023-03-12 22:10       ` Jonny Grant
2023-03-13 10:10         ` Jonathan Wakely
2023-03-13 19:55           ` Jonny Grant

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=d0a81d2e2035ebb98845d03f257f0c40fa0411dc.camel@xry111.site \
    --to=xry111@xry111.site \
    --cc=gcc-help@gcc.gnu.org \
    --cc=jg@jguk.org \
    --cc=jwakely.gcc@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body. 
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).