From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-il1-x133.google.com (mail-il1-x133.google.com [IPv6:2607:f8b0:4864:20::133]) by sourceware.org (Postfix) with ESMTPS id 4D7393858D20 for ; Mon, 14 Mar 2022 22:18:29 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 4D7393858D20 Received: by mail-il1-x133.google.com with SMTP id o12so12092429ilg.5 for ; Mon, 14 Mar 2022 15:18:29 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:message-id:date:mime-version:user-agent:subject :content-language:to:cc:references:from:in-reply-to :content-transfer-encoding; bh=OwT0vYJAPNgX6y8DNnxh1uG6S8Q37/4MaGT3jFzDhc0=; b=FopqlFyy7zPxEKJ9Dyy6xIb7DcWhf76uKlpvbwS5ytKqDrdBzJrPz//k3YHcDUZYVq QwMsCaJy2VC0otTlaMbkwVmtNjD5q97fGoOklXlORPRpStdpQ7nrhNpaQtm0TvTBcvPw Bx77pMMzXPvyvfmhg53fa4MBX2+8hOkNAbS2Ic6KHDPByaaoJYa0nemeRRAw283JOYjT sLgt0o3GMIkhJVgVMrG7Wr4dNyHAekvvPh1XPFoMkbr2qhpqToaRTGntic6Q9JFnpVTx Fn3oZBjR5euFc/kLDJyrTv64/gUHoB7O157ku/KAH8u8SwCmSU+DgJGYDQUtBK8jp0Vz Lm5Q== X-Gm-Message-State: AOAM530j4SxfVxW6ZYZA75THJo1Cccc78nBM03dNRdLPPCaUTt8W0g+p vcBgDdrTZ3/vNY37Fo4IGIg= X-Google-Smtp-Source: ABdhPJzCWIrDVqwIyuapioDvbWko0DQwoJjzCqHFfsF+iRNfL7YG2qrxpGRcmqbPGJA/yI0xMnqsMA== X-Received: by 2002:a92:cdad:0:b0:2c6:7b76:a086 with SMTP id g13-20020a92cdad000000b002c67b76a086mr21038142ild.5.1647296308187; Mon, 14 Mar 2022 15:18:28 -0700 (PDT) Received: from [192.168.0.41] (174-16-121-59.hlrn.qwest.net. [174.16.121.59]) by smtp.gmail.com with ESMTPSA id f4-20020a92b504000000b002c21ef70a81sm9847278ile.7.2022.03.14.15.18.27 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 14 Mar 2022 15:18:27 -0700 (PDT) Message-ID: Date: Mon, 14 Mar 2022 16:18:27 -0600 MIME-Version: 1.0 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.4.0 Subject: Re: [PATCH] Document that the 'access' and 'nonnull' attributes are independent Content-Language: en-US To: David Malcolm , Andrew Pinski Cc: GCC Mailing List References: <2b899f7a1c9d9e57e1bb165405d8e57b1c86b889.camel@redhat.com> From: Martin Sebor In-Reply-To: Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-3.4 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, FREEMAIL_FROM, KAM_SHORT, NICE_REPLY_A, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP, T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.4 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on server2.sourceware.org X-BeenThere: gcc@gcc.gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Gcc mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 14 Mar 2022 22:18:32 -0000 On 3/9/22 14:57, David Malcolm via Gcc wrote: > On Wed, 2022-03-09 at 13:30 -0800, Andrew Pinski wrote: >> On Wed, Mar 9, 2022 at 1:25 PM David Malcolm via Gcc >> wrote: >>> >>> We gained __attribute__ ((access, ...)) in GCC 10: >>> >>> https://gcc.gnu.org/onlinedocs/gcc/Common-Function-Attributes.html >>> which identifies one of the pointer/reference arguments of a >>> function >>> as being accessed according to an access-mode: read_only, >>> read_write, >>> write_only, or none. >>> >>> We also have __attribute__ ((nonnull)) to indicate that a function >>> argument (or all of them) must be non-NULL. >>> >>> There doesn't seem to be a relationship between these in the >>> implementation, but it strikes me that almost anywhere that a user >>> might use the "access" attribute, that parameter is probably going >>> to >>> be required to be nonnull - though perhaps there are cases where >>> APIs >>> check for NULL and reject them gracefully? >> >> No, I think they are separate. The access just says these access >> attributes are read only, write only, read-write or don't access what >> the pointer points to; it does not say they have to be read or >> written >> to. >> I think it is a bad idea to connect the two ideas because you could >> have some cases where an argument is optional but is only read from; >> or is only written to (there are many in GCC sources even). > > Thanks for the clarification... > >> >> Thanks, >> Andrew Pinski >> >>> >>> Might we want to somehow make __attribute__ ((access, ...)) imply >>> __attribute__ ((nonnull))?  (for non "none" access modes, perhaps?) >>> >>> If so, one place to implement this might be in tree.cc's >>> get_nonnull_args, and have it add to the bitmap any arguments that >>> have an appropriate access attribute. >>> >>> get_nonnull_args is used in various places: >>> - validating builtins >>> - in ranger_cache::block_apply_nonnull >>> - by -Wnonnull (in pass_post_ipa_warn::execute) >>> - by -Wanalyzer-possible-null-argument and -Wanalyzer-null- >>> argument; >>> I'm tracking the failure of these last two to make use of >>> __attribute__ >>> ((access)) in PR analyzer/104860. >>> >>> So do we: >>> >>> (a) leave it up to the user, requiring them to specify >>> __attribute__ >>> ((nonnull)) in addition to  __attribute__ ((access, ...)) > > ...so that's (a) then. > > I think it might be more user-friendly to be explicit about this in the > documentation, maybe something like the attached? I agree it's worth clarifying the manual. But I don't think there's a way to annotate a function to indicate that it will definitely access an object (or dereference a pointer). Attribute access just implies that it might dereference it (unless the size is zero), and attribute nonnull that the pointer must not be null, not that it will be dereferenced (or even that it must be valid, although that's implied by the language and should probably be enforced in all contexts by some other warning). The combination of access with nonzero size and nonnull only means that the pointer must be nonnull and point to an object with at least size elements. Martin > > (not yet fully tested, but seems to build) > > Dave > > > > >>> >>> (b) leave it up to the individual sites in GCC that currently make >>> use >>> of get_nonnull_args to add logic for handling   __attribute__ >>> ((access, >>> ...)) >>> >>> (c) extend get_nonnull_args >>> >>> ? >>> >>> Thoughts? >>> Dave >>> >> >