From: Xi Ruoyao <xry111@mengyan1223.wang>
To: Jonny Grant <jg@jguk.org>,
Segher Boessenkool <segher@kernel.crashing.org>
Cc: gcc-help <gcc-help@gcc.gnu.org>
Subject: Re: gcc warn when pointers not checked non-null before de-referencing.
Date: Fri, 18 Jun 2021 12:16:00 +0800 [thread overview]
Message-ID: <fa05b76faf6eb894d6752d93c7cb24ec4d8f1736.camel@mengyan1223.wang> (raw)
In-Reply-To: <ffa2f90f-e1c9-4dc7-8f42-fddd1229063b@jguk.org>
On Thu, 2021-06-17 at 21:44 +0100, Jonny Grant wrote:
>
>
> On 16/06/2021 18:59, Segher Boessenkool wrote:
> > On Wed, Jun 16, 2021 at 02:01:05PM +0100, Jonny Grant wrote:
> > > I guess a separate static analyser would do it, GCC is more
> > > focused on compilation so I shouldn't ask for it to have so many
> > > features it can't support.
> >
> > -fsanitize=undefined already catches null pointer dereferences, is
> > that
> > enough for your case?
> >
> >
> > Segher
>
> Hello
> Thank you for the suggestion, yes, I had used that before. I did just
> check, it's runtime checks. I had hoped for something at compile time.
> warning for every function that didn't check pointer for NULL before
> de-referencing.
There is no way to do this.
int foo(struct dev *dev)
{
int r = sanitize_input(dev);
if (r)
return r;
bar(&dev->id);
return dev->id->result;
}
While there is no way to know the behavior of `sanitize_input` (it may
be defined in another TU), there is no way to tell if `foo` has done "a
proper non-null check".
And this "warning" does not make any sense. It's perfectly legal for a
function to assume the input is not null and the caller should guarantee
it. Adding a non-null check in every function is just paranoid. This
really looks like a suggestion from some professors who don't program at
all, but unfortunately teach C and tell their own misconcept of
"defensive programming" everywhere.
--
Xi Ruoyao <xry111@mengyan1223.wang>
School of Aerospace Science and Technology, Xidian University
next prev parent reply other threads:[~2021-06-18 4:16 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-06-13 22:30 Jonny Grant
2021-06-14 5:15 ` Xi Ruoyao
2021-06-16 13:01 ` Jonny Grant
2021-06-16 13:36 ` Xi Ruoyao
2021-07-03 15:36 ` Jonny Grant
2021-07-06 15:39 ` Xi Ruoyao
2021-07-19 18:20 ` Jonny Grant
2021-06-16 17:59 ` Segher Boessenkool
2021-06-17 20:44 ` Jonny Grant
2021-06-18 4:16 ` Xi Ruoyao [this message]
2021-07-03 14:14 ` Jonny Grant
2021-07-03 16:22 ` Segher Boessenkool
2021-07-06 10:33 ` Jonny Grant
2021-06-18 8:38 ` Liu Hao
2021-06-18 14:53 ` Segher Boessenkool
2021-06-14 15:19 ` Martin Sebor
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=fa05b76faf6eb894d6752d93c7cb24ec4d8f1736.camel@mengyan1223.wang \
--to=xry111@mengyan1223.wang \
--cc=gcc-help@gcc.gnu.org \
--cc=jg@jguk.org \
--cc=segher@kernel.crashing.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).