From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <alx.manpages@gmail.com>
Received: from mail-wm1-x32b.google.com (mail-wm1-x32b.google.com
 [IPv6:2a00:1450:4864:20::32b])
 by sourceware.org (Postfix) with ESMTPS id E3C573857C42
 for <gcc@gcc.gnu.org>; Mon, 15 Nov 2021 21:09:19 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org E3C573857C42
Received: by mail-wm1-x32b.google.com with SMTP id p18so5762184wmq.5
 for <gcc@gcc.gnu.org>; Mon, 15 Nov 2021 13:09:19 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20210112;
 h=x-gm-message-state:message-id:date:mime-version:user-agent:subject
 :content-language:to:cc:references:from:in-reply-to
 :content-transfer-encoding;
 bh=pcu984GsjGeiejezmJQj/VndqsAIxmuh79gzot8+jrM=;
 b=kkEukOGSVJiSUCr+kx9RxQYeWjV2uX/UsIibqdJQUyAptFsvEBoi+xnecrKw2ljapS
 GQiHvKD3FCcSOQMYcgF2sz4+5JqjLX91ltAvmXLTRUhhIB5fJQJggZ31Q59FnBfzjM1o
 Q9o3Hf7QpEbTHKbi47EG7Ixoua4o9jeQkfS7JrHRN43q0lgkrDbz2HzC5IP76xot04Bd
 ijuJ4Z0Ruvcm2it1H9dXIDi3BfRpHAMk3li/pr7nXoDZkfRc5DySGkJOiBI9el06/sgy
 GoN7B9CZ67eHuWST/TYFyvZSxMq5Ku3C4dfZMqS78cdxUwHhQcuYyftB56iCcs9bWzj2
 /+jg==
X-Gm-Message-State: AOAM532kKnnBW1znGgDA0sP80ebv2XsGbbSDSOQo/l9phsfyFSGMUx7Z
 rBSebSbhvs7AvmWtv7p6hVc=
X-Google-Smtp-Source: ABdhPJz4InpqOQNHaVFxELKQqNYKl/kjaerhDs0uJ6jO/LocMsVy1lFE0Ez93qKC4FXFWrtufwv9bA==
X-Received: by 2002:a05:600c:3b8f:: with SMTP id
 n15mr63590856wms.180.1637010559057; 
 Mon, 15 Nov 2021 13:09:19 -0800 (PST)
Received: from [10.168.10.170] ([170.253.36.171])
 by smtp.gmail.com with ESMTPSA id r8sm19462640wrz.43.2021.11.15.13.09.18
 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);
 Mon, 15 Nov 2021 13:09:18 -0800 (PST)
Message-ID: <56a1a945-608e-0e5e-7610-c35481abb980@gmail.com>
Date: Mon, 15 Nov 2021 22:09:17 +0100
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101
 Thunderbird/91.3.0
Subject: Re: ISO C3X proposal: nonnull qualifier
Content-Language: en-US
To: Joseph Myers <joseph@codesourcery.com>
Cc: JeanHeyd Meneide <phdofthehouse@gmail.com>, gcc@gcc.gnu.org,
 cfe-dev@lists.llvm.org
References: <a0e33e64-460a-6830-69ac-a67b52734bd5@gmail.com>
 <alpine.DEB.2.22.394.2111152016210.369620@digraph.polyomino.org.uk>
From: "Alejandro Colomar (man-pages)" <alx.manpages@gmail.com>
In-Reply-To: <alpine.DEB.2.22.394.2111152016210.369620@digraph.polyomino.org.uk>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
X-Spam-Status: No, score=-6.7 required=5.0 tests=BAYES_00, DKIM_SIGNED,
 DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, FREEMAIL_FROM, NICE_REPLY_A,
 RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS,
 TXREP autolearn=ham autolearn_force=no version=3.4.4
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on
 server2.sourceware.org
X-BeenThere: gcc@gcc.gnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Gcc mailing list <gcc.gcc.gnu.org>
List-Unsubscribe: <https://gcc.gnu.org/mailman/options/gcc>,
 <mailto:gcc-request@gcc.gnu.org?subject=unsubscribe>
List-Archive: <https://gcc.gnu.org/pipermail/gcc/>
List-Post: <mailto:gcc@gcc.gnu.org>
List-Help: <mailto:gcc-request@gcc.gnu.org?subject=help>
List-Subscribe: <https://gcc.gnu.org/mailman/listinfo/gcc>,
 <mailto:gcc-request@gcc.gnu.org?subject=subscribe>
X-List-Received-Date: Mon, 15 Nov 2021 21:09:21 -0000

Hi Joseph,

On 11/15/21 21:18, Joseph Myers wrote:
> lvalue-to-rvalue conversion loses qualifiers, which makes any rules based
> on whether the RHS of an assignment was nonnull-qualified very
> problematic.  (The specification of restrict is exceedingly tricky and
> very unlikely to be a good basis for specifying any other feature.)

Hmm.
restrict was the closest thing to a
const-like level of safety that I could think of.
It would allow a compiler to keep track of nullness
of every pointer,
and issue appropriate diagnostics
probably better than what -fanalyzer already does.

How is restrict handling that problem of lvalue-to-rvalue already?

Can you think of any other way nonnull-ness could be passed
to nested function calls with language enforcement?

The other option would be to propose plain [[gnu::nonnull]],
which couldn't be enforced across nested function calls
(or I could't think of how yet).
Well, the simplest cases (i.e., not pointer-to-pointer)
could be detected by the compiler,
but other than that, it's impossible.
But if that's the only way,
it's better than nothing.

> 
> I don't think a manpage is a good form for proposing a language feature.
> Actual proposed normative wording for the C standard, showing all relevant
> changes to all relevant subclauses, is better.
> 

My intention is that the final PDF to be sent to the committee
will have those diffs.
But I have no clue of how to do that kind of things,
so for an initial draft to discuss on,
before even presenting it to the committee,
I think my "native" language for writing technical documents
will be easier.

Also,
I'm curious,
do you do those diffs usually by hand?
I mean, you can't diff(1) a PDF, can you? :)

Considering that C moves at a 10-years pace,
and we're late for C2X,
I have until around 2030 to learn how to do that :-)


Thanks!
and kind regards,
Alex


-- 
Alejandro Colomar
Linux man-pages comaintainer; http://www.kernel.org/doc/man-pages/
http://www.alejandro-colomar.es/