From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from xry111.site (xry111.site [IPv6:2001:470:683e::1]) by sourceware.org (Postfix) with ESMTPS id 479A23858D32 for ; Mon, 10 Jul 2023 17:27:35 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 479A23858D32 Authentication-Results: sourceware.org; dmarc=pass (p=reject dis=none) header.from=xry111.site Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=xry111.site DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=xry111.site; s=default; t=1689010053; bh=CuQTX7ZtDHonZ1EXdVP9lTAYQl9QcWQrEER3cDd3Bnc=; h=Subject:From:To:Cc:Date:In-Reply-To:References:From; b=jyhU3I/7yW79hO5uTnfe+CRiIV9WvZal6FjSHCXlQnEKMzhOX7RS8A+lp7AHPEZsp sV4OpAawuM5HXaBThONzQXiau1vUg8Q36jRgkD5mQrxbF2nrntIkHEURYJnEWQUKnb cWwUnUx+gNtZ6CXR0A0SlwzQwCHR56G9H7yFOYO8= Received: from localhost.localdomain (xry111.site [IPv6:2001:470:683e::1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature ECDSA (P-384) server-digest SHA384) (Client did not present a certificate) (Authenticated sender: xry111@xry111.site) by xry111.site (Postfix) with ESMTPSA id A77C5663F8; Mon, 10 Jul 2023 13:27:31 -0400 (EDT) Message-ID: Subject: Re: [PATCH v5] libio: Add nonnull attribute for most FILE * arguments in stdio.h From: Xi Ruoyao To: Zack Weinberg , GNU libc development Cc: Adhemerval Zanella , Carlos O'Donell , "'Alejandro Colomar (man-pages)'" , Andreas Schwab , Siddhesh Poyarekar Date: Tue, 11 Jul 2023 01:27:30 +0800 In-Reply-To: References: <20230710161300.1678172-1-xry111@xry111.site> Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable User-Agent: Evolution 3.48.4 MIME-Version: 1.0 X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,LIKELY_SPAM_FROM,SPF_HELO_PASS,SPF_PASS,TXREP,T_SCC_BODY_TEXT_LINE autolearn=no autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: On Mon, 2023-07-10 at 13:12 -0400, Zack Weinberg wrote: > On Mon, Jul 10, 2023, at 12:13 PM, Xi Ruoyao via Libc-alpha wrote: > > During the review of a GCC analyzer test case, we found most stdio > > functions accepting a FILE * argument expect it to be nonnull and just > > segfault when the argument is NULL.=C2=A0 Add nonnull attribute for the= m. >=20 > I think this patchset has a high risk of breaking application code, > because "this function will promptly crash if passed a NULL pointer" is > a very different property from "any code path that would cause this > function to be passed a NULL pointer is necessarily unreachable." >=20 > If we take it at all -- and my current gut feeling is that we > *shouldn't* -- we should do so early in a release cycle to give us the > best chance of discovering broken applications before the release. If they want to rely on "it must crash if passed a NULL pointer", they should really use -fisolate-erroneous-paths-attribute. --=20 Xi Ruoyao School of Aerospace Science and Technology, Xidian University