From: Gabriel Ravier <gabravier@gmail.com>
To: Segher Boessenkool <segher@kernel.crashing.org>,
Marc Glisse via Gcc-help <gcc-help@gcc.gnu.org>
Cc: Marc Glisse <marc.glisse@inria.fr>,
Xi Ruoyao <xry111@xry111.site>,
Jonathan Wakely <jwakely.gcc@gmail.com>,
Jonny Grant <jg@jguk.org>
Subject: Re: std::string add nullptr attribute
Date: Mon, 20 Feb 2023 15:50:21 +0100 [thread overview]
Message-ID: <d9d2f8c0-b42f-21ff-5162-1736c87a8dc1@gmail.com> (raw)
In-Reply-To: <20230220112838.GO25951@gate.crashing.org>
On 2/20/23 12:28, Segher Boessenkool wrote:
> On Mon, Feb 20, 2023 at 12:18:36PM +0100, Marc Glisse via Gcc-help wrote:
>> On Mon, 20 Feb 2023, Gabriel Ravier via Gcc-help wrote:
>>
>>> This is the kind of thing that makes me wonder why there isn't some kind
>>> of `__builtin_unreachable_do_not_optimize()` builtin that allows one to
>>> mark places in code that should never be reached and should thus be warned
>>> about if such a thing happens while at the same time never doing any
>>> optimization on the basis of the presence of the call.
>> -fsanitize=unreachable -fsanitize=null and others prevent the kind of
>> optimization you are worried about.
> Or even just __builtin_trap(), or abort(), or similar. Just a printf()
> thing if you really want to just warn.
>
> "Never doing any optimisation" based on <anything> is of course not a
> reasonable expectation; but you *can* ask for reachable code not to be
> optimised away. This is the default, just don't mark reachable code as
> unreachable :-)
>
>
> Segher
What I mean is that it would be nice to have a builtin that has the same
effect as a `*(char *)0 = 0` in that the compiler will warn you if it
thinks code execution will reach it, except that it should do do nothing
else. `*(char *)0 = 0` is a really bad solution in that regard because
while it will result in the compiler emitting a warning, it will also
result in actual undefined behavior that can crash the program or get
optimized out. `__builtin_trap` and `abort` are also equally bad in that
they result in visible behavior at runtime, which is equivalently bad if
you solely want a warning and nothing else (also, as far as I know, GCC
will not emit a warning on the basis that they are reached either, so
they're completely useless if one's goal is to get a build-time warning).
Something that seems instead quite useful would be some kind of builtin
that would result in a warning if GCC thinks code execution will reach
it, while having absolutely no other effect on code generation or
execution (i.e. no optimization, no trap, no abort, no nothing), which
neither deliberate UB nor calls to functions like `abort` or
`__builtin_trap` will result in.
next prev parent reply other threads:[~2023-02-20 14:52 UTC|newest]
Thread overview: 36+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-02-09 13:26 Jonny Grant
2023-02-09 14:56 ` Jonathan Wakely
2023-02-09 16:30 ` Xi Ruoyao
2023-02-09 17:52 ` Jonathan Wakely
2023-02-10 21:30 ` Jonny Grant
2023-02-10 22:03 ` Jonathan Wakely
2023-02-10 22:38 ` Jonny Grant
2023-02-11 0:32 ` Jonathan Wakely
2023-02-13 22:02 ` Jonny Grant
2023-02-19 20:43 ` Jonny Grant
2023-02-19 21:33 ` Jonny Grant
2023-02-20 10:26 ` Xi Ruoyao
2023-02-20 10:37 ` Jonathan Wakely
2023-02-20 10:54 ` Xi Ruoyao
2023-02-20 11:10 ` Gabriel Ravier
2023-02-20 11:18 ` Marc Glisse
2023-02-20 11:28 ` Segher Boessenkool
2023-02-20 12:00 ` Jonny Grant
2023-02-20 14:50 ` Gabriel Ravier [this message]
2023-02-20 11:44 ` Jonny Grant
2023-02-21 15:02 ` Jonny Grant
2023-02-20 11:38 ` Jonny Grant
2023-02-20 11:30 ` Jonny Grant
2023-02-20 12:59 ` Xi Ruoyao
2023-02-20 13:44 ` Jonathan Wakely
2023-02-20 19:21 ` Jonny Grant
2023-02-20 19:35 ` Jonathan Wakely
2023-02-20 19:39 ` Jonny Grant
2023-02-22 20:27 ` Jonny Grant
2023-02-21 15:04 ` Jonny Grant
2023-02-21 22:48 ` Jonny Grant
2023-03-04 15:00 ` Jonny Grant
2023-02-20 11:25 ` Jonny Grant
2023-03-12 22:10 ` Jonny Grant
2023-03-13 10:10 ` Jonathan Wakely
2023-03-13 19:55 ` Jonny Grant
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=d9d2f8c0-b42f-21ff-5162-1736c87a8dc1@gmail.com \
--to=gabravier@gmail.com \
--cc=gcc-help@gcc.gnu.org \
--cc=jg@jguk.org \
--cc=jwakely.gcc@gmail.com \
--cc=marc.glisse@inria.fr \
--cc=segher@kernel.crashing.org \
--cc=xry111@xry111.site \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).