On Mon, Oct 12, 2015 at 17:19:18 +0200, Michal Privoznik wrote:
On 12.10.2015 17:06, Laine Stump wrote:
On 10/12/2015 10:41 AM, Michal Privoznik wrote:
...
(I have a fairly low opinion of ATTRIBUTE_NONNULL - at first glance it *appears* that it should be doing something to guarantee that passed args are non-null, but instead it is really just a hint to the compiler's optimizer (and to static checkers like coverity) that the programmer *thinks* there are no instances of NULL being passed in this argument. This can result in useful checks (at runtime and during a coverity run) being skipped. I don't remember the details, but have a vague memory of a bug I was having trouble tracking down, and it ended up being due to an ATTRIBUTE_NONNULL placed on an arg that *wasn't* always non-NULL.)
Yes, that was my recollection too when writing the commit message, but was just too lazy to dig out the commit you're talking about. Nevertheless, ATTRIBUTE_NONNULL over an attribute will make compiler skip check for NULL, i.e. if (!var) reportError(); will be totally dropped during compilation.
That's the exact reason why ATTRIBUTE_NONNULL was macroed out as a no-op if you don't do static analysis builds. Peter