From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <msebor@gmail.com>
Received: from mail-il1-x12c.google.com (mail-il1-x12c.google.com
 [IPv6:2607:f8b0:4864:20::12c])
 by sourceware.org (Postfix) with ESMTPS id 48A303857404;
 Fri, 25 Mar 2022 20:38:38 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 48A303857404
Received: by mail-il1-x12c.google.com with SMTP id l3so1573620ilh.7;
 Fri, 25 Mar 2022 13:38:38 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20210112;
 h=x-gm-message-state:message-id:date:mime-version:user-agent:subject
 :content-language:to:references:from:in-reply-to
 :content-transfer-encoding;
 bh=btB7KY1n1MTmqbeMNDj1Y8vtgLqn+Dssl6+g9aywNjM=;
 b=kSWy4857RbcsjpBPEMhwJac8c2UvRL8irOpd5aG7onCZYpIVu58d8fDq6/02guJCZY
 thz2NMqQTBM6H6hbcro0lWKPPc9om8raMcJWoVAoTt6EPIIvv5u02yo3C5BNeblNAp2E
 49ohODVuS3yb+8SbbjfMODJt6VPA6KWRPRr1KdwwdxF41rw3DSkC3Va3T2hpmch1bwkT
 ppqWJdUkPgpTVRwCibpL7sLeWtDtcWmyWLSAGj2AXhJZWWmrDpIm2N2iWsTxsWbZz+eB
 MTfm4A5EPkI0C9284W9+aQ88Kkw7oVMrG0DVL4D7kqqIGihsOzCQah+AsbCUE+4t6wfK
 oQ1g==
X-Gm-Message-State: AOAM530gBSAyvMJL8nHexmrfSFl7hywmzdIN66UFGZyKc7CuWteQqKYt
 pDcN5RV4XhxWLoQ0uAwiuxo=
X-Google-Smtp-Source: ABdhPJxcOJUBFHU+RdGGeHXkr6ubxP/RQlIIGJHKD0kxV5QDgVrEpcEPwKyIVnUfMK1sSlwtkOAn1w==
X-Received: by 2002:a05:6e02:1c09:b0:2c7:9382:e322 with SMTP id
 l9-20020a056e021c0900b002c79382e322mr284962ilh.140.1648240716494; 
 Fri, 25 Mar 2022 13:38:36 -0700 (PDT)
Received: from [192.168.0.41] (174-16-121-59.hlrn.qwest.net. [174.16.121.59])
 by smtp.gmail.com with ESMTPSA id
 l13-20020a92d94d000000b002c86662a286sm3440869ilq.22.2022.03.25.13.38.35
 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128);
 Fri, 25 Mar 2022 13:38:36 -0700 (PDT)
Message-ID: <d23fff3a-785f-5faf-0375-9e1781547a74@gmail.com>
Date: Fri, 25 Mar 2022 14:38:35 -0600
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101
 Thunderbird/91.4.0
Subject: Re: [PATCH v3] Document that the 'access' and 'nonnull' attributes
 are independent
Content-Language: en-US
To: David Malcolm <dmalcolm@redhat.com>,
 Sebastian Huber <sebastian.huber@embedded-brains.de>,
 gcc-patches@gcc.gnu.org, gcc@gcc.gnu.org
References: <e8dcb924-226c-db55-229d-ebe9b2e58486@embedded-brains.de>
 <20220325184502.761115-1-dmalcolm@redhat.com>
From: Martin Sebor <msebor@gmail.com>
In-Reply-To: <20220325184502.761115-1-dmalcolm@redhat.com>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
X-Spam-Status: No, score=-9.9 required=5.0 tests=BAYES_00, DKIM_SIGNED,
 DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, FREEMAIL_FROM, GIT_PATCH_0,
 NICE_REPLY_A, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP,
 T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.4
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on
 server2.sourceware.org
X-BeenThere: gcc@gcc.gnu.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Gcc mailing list <gcc.gcc.gnu.org>
List-Unsubscribe: <https://gcc.gnu.org/mailman/options/gcc>,
 <mailto:gcc-request@gcc.gnu.org?subject=unsubscribe>
List-Archive: <https://gcc.gnu.org/pipermail/gcc/>
List-Post: <mailto:gcc@gcc.gnu.org>
List-Help: <mailto:gcc-request@gcc.gnu.org?subject=help>
List-Subscribe: <https://gcc.gnu.org/mailman/listinfo/gcc>,
 <mailto:gcc-request@gcc.gnu.org?subject=subscribe>
X-List-Received-Date: Fri, 25 Mar 2022 20:38:42 -0000

On 3/25/22 12:45, David Malcolm wrote:
> On Wed, 2022-03-23 at 17:52 +0100, Sebastian Huber wrote:
>> On 23/03/2022 17:31, Martin Sebor via Gcc-patches wrote:
>>>
>>> The concern is that the constraints implied by atttributes access
>>> and
>>> nonnull are independent of each other.  I would suggest to document
>>> that without talking about dereferencing because that's not implied
>>> by either of them.  E.g., something like this (feel free to tweak
>>> it
>>> as you see fit):
>>>
>>>     Note that the @code{access} attribute doesn't imply the same
>>>     constraint as attribute @code{nonnull} (@pxref{Attribute
>>> nonnull}).
>>>     The latter attribute should be used to annotate arguments that
>>> must
>>>     never be null, regardless of the value of the size argument.
>>
>> I would not give an advice on using the nonnull attribute here. This
>> attribute could have pretty dangerous effects in the function
>> definition
>> (removal of null pointer checks).
>>
> 
> That's a fair point.
> 
> Here's a v3 of the patch, which tones down the advice, and mentions that
> there are caveats when directing the reader to the "nonnull" attribute.
> 
> How does this look?

This version looks good to me.

Thanks
Martin

> 
> gcc/ChangeLog:
> 	* doc/extend.texi (Common Function Attributes): Document that
> 	'access' does not imply 'nonnull'.
> 
> Signed-off-by: David Malcolm <dmalcolm@redhat.com>
> ---
>   gcc/doc/extend.texi | 8 ++++++++
>   1 file changed, 8 insertions(+)
> 
> diff --git a/gcc/doc/extend.texi b/gcc/doc/extend.texi
> index a4a25e86928..539dad7001d 100644
> --- a/gcc/doc/extend.texi
> +++ b/gcc/doc/extend.texi
> @@ -2652,6 +2652,14 @@ The mode is intended to be used as a means to help validate the expected
>   object size, for example in functions that call @code{__builtin_object_size}.
>   @xref{Object Size Checking}.
>   
> +Note that the @code{access} attribute merely specifies how an object
> +referenced by the pointer argument can be accessed; it does not imply that
> +an access @strong{will} happen.  Also, the @code{access} attribute does not
> +imply the attribute @code{nonnull}; it may be appropriate to add both attributes
> +at the declaration of a function that unconditionally manipulates a buffer via
> +a pointer argument.  See the @code{nonnull} attribute for more information and
> +caveats.
> +
>   @item alias ("@var{target}")
>   @cindex @code{alias} function attribute
>   The @code{alias} attribute causes the declaration to be emitted as an alias