From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <SRS0=Fh6a=6Q=xry111.site=xry111@sourceware.org>
Received: from xry111.site (xry111.site [89.208.246.23])
	by sourceware.org (Postfix) with ESMTPS id 7A36B3858002
	for <gcc-help@gcc.gnu.org>; Mon, 20 Feb 2023 12:59:56 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 7A36B3858002
Authentication-Results: sourceware.org; dmarc=pass (p=reject dis=none) header.from=xry111.site
Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=xry111.site
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=xry111.site;
	s=default; t=1676897995;
	bh=sQH+Cnm2esCEil8k7h7bjS7mUEoqUWQO3t4VtHdDzOg=;
	h=Subject:From:To:Cc:Date:In-Reply-To:References:From;
	b=iNzu6TtCAaTN8Me0l3lgS62iNjpqez8HqDYBBI8X6Jys5a5QybSKaAszUwNqAszl2
	 crF/AgEQsVyGFcJJFulu8EtBYOqKIvvQ7yplvbIX1R539hwT4anXoX9GoaolGqL7ny
	 ef32WMRgrymCG2zjVPWQ0JLH6GJP+5Qtit7Xh9lc=
Received: from [IPv6:240e:358:11cb:bb00:dc73:854d:832e:6] (unknown [IPv6:240e:358:11cb:bb00:dc73:854d:832e:6])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange ECDHE (P-256) server-signature ECDSA (P-384) server-digest SHA384)
	(Client did not present a certificate)
	(Authenticated sender: xry111@xry111.site)
	by xry111.site (Postfix) with ESMTPSA id B5CE066998;
	Mon, 20 Feb 2023 07:59:53 -0500 (EST)
Message-ID: <d0a81d2e2035ebb98845d03f257f0c40fa0411dc.camel@xry111.site>
Subject: Re: std::string add nullptr attribute
From: Xi Ruoyao <xry111@xry111.site>
To: Jonny Grant <jg@jguk.org>, Jonathan Wakely <jwakely.gcc@gmail.com>
Cc: gcc-help <gcc-help@gcc.gnu.org>
Date: Mon, 20 Feb 2023 20:59:37 +0800
In-Reply-To: <163945d9-6c24-d4e1-7029-980b988bd634@jguk.org>
References: <7e6e3bbf-0dac-0632-0e8f-372bd32a6923@jguk.org>
	 <CAH6eHdQes6i40QxByJ8NvzQnB9+Be+EwJs8t-jv+0+axeUzd3g@mail.gmail.com>
	 <6e30ed8e6c6f08407a5b8259e73fd18a492376b5.camel@xry111.site>
	 <CAH6eHdR23=FG+a72JKdvFEd6ynR8XaR9kaNS5GouX5d=2J+s6Q@mail.gmail.com>
	 <8cfbab8b-07e8-7dab-c829-6de77cc8cf39@jguk.org>
	 <CAH6eHdQbYTRSQ4c0oKcxaa0+_LbiMXYGyU2cjFtTD7pC3M2kCA@mail.gmail.com>
	 <6b530d67-723a-a0c9-15bc-12b7341653a7@jguk.org>
	 <CAH6eHdRocyiTmhs_WKg1n2zewecM6isQFdiLU5b8SbQ8_sYGfA@mail.gmail.com>
	 <be04c262-3f75-8530-2ad1-54d262c71836@jguk.org>
	 <f37fcf2a-430c-93e2-ed45-3110d83ce4dd@jguk.org>
	 <96f99315a6ffd3dd3919b23a4ade2597747a580a.camel@xry111.site>
	 <CAH6eHdTZvEr4z7XRAEAVLyvUzR3+J08gKZSqYzVztNb+NZ5-yg@mail.gmail.com>
	 <163945d9-6c24-d4e1-7029-980b988bd634@jguk.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
User-Agent: Evolution 3.46.4 
MIME-Version: 1.0
X-Spam-Status: No, score=-1.1 required=5.0 tests=BAYES_00,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,LIKELY_SPAM_FROM,SPF_HELO_PASS,SPF_PASS,TXREP autolearn=no autolearn_force=no version=3.4.6
X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org
List-Id: <gcc-help.gcc.gnu.org>

On Mon, 2023-02-20 at 11:30 +0000, Jonny Grant wrote:

> Thank you for the suggestion, I gave that nonnull attribute a try, but
> it doesn't appear to warn for this example.
>=20
> https://godbolt.org/z/boqTj6oWE

Ouch... The optimizer inlined make_std_string so both -Wnonnull and -
fanalyzer fails to catch the issue here.

Adding noipa attribute for make_std_string will work, but will also
cause the generated code stupidly slow.  Maybe:

#ifdef WANT_DIAGNOSTIC
#define MAKE_STD_STRING_ATTR __attribute__ ((noipa, nonnull))
#else
#define MAKE_STD_STRING_ATTR
#endif

std::string make_std_string(const char * const str) MAKE_STD_STRING_ATTR;

It still looks very stupid though.

> Feels useful to get build warnings if compiler knows nullptr is going
> to be dereferenced, as clang does.

The problem is in this case nullptr is not dereferenced, at all.  So if
we want a warning here we'll have to invent some new __builtin or
__attribute__ to give the compiler a hint.  AFAIK there is no such
facility now.

And you cannot simply justifying to add a new facility because "I feel
it useful".  Generally you need to show the benefit will be at least
equally great than the maintenance burden introduced into the GCC code
base.  And unfortunately usually we can only measure the burden after
really writing all the code...  So it's not easy to convince someone to
develop such a new feature.

> Personally I feel runtime should equally handle possible nullptr by
> constructing strings in a try catch block so any exceptions are
> handled or logged at least...

A portable runtime should not assume std::string(NULL) will raise an
exception because other C++ standard libraries may behave differently.=20
The portable solution is to make a wrapper around std::string
constructor and check if the parameter is NULL.

> Personally I would be pleased if GCC had a warning I could enable to
> report any logic_error exceptions it knew would execute.

Or maybe when a program will definitely raise an uncatched exception.=20
But is the feature really useful?  This will not happen for anything
other than simple toy programs.

--=20
Xi Ruoyao <xry111@xry111.site>
School of Aerospace Science and Technology, Xidian University