[or-cvs] r15804: Stop using __attribute__((nonnull)): It gets us occcasional (in tor/branches/tor-0_2_0-patches: . src/common)

nickm at seul.org nickm at seul.org
Wed Jul 9 15:23:36 UTC 2008 

Author: nickm
Date: 2008-07-09 11:23:35 -0400 (Wed, 09 Jul 2008)
New Revision: 15804

Modified:
   tor/branches/tor-0_2_0-patches/ChangeLog
   tor/branches/tor-0_2_0-patches/src/common/compat.h
Log:
Stop using __attribute__((nonnull)): It gets us occcasional warnings when we do something so foolish it can be detected without dataflow analysis, but it also eliminates some of our error checking code.  Suggested by Peter Gutmann.

Modified: tor/branches/tor-0_2_0-patches/ChangeLog
===================================================================
--- tor/branches/tor-0_2_0-patches/ChangeLog	2008-07-09 15:23:23 UTC (rev 15803)
+++ tor/branches/tor-0_2_0-patches/ChangeLog	2008-07-09 15:23:35 UTC (rev 15804)
@@ -36,6 +36,9 @@
     - Correctly detect transparent proxy support on Linux hosts that
       require in.h to be included before netfilter_ipv4.h.  Patch
       from coderman.
+    - Stop using __attribute__((nonnull)) with GCC: it can give us useful
+      warnings (occasionally), but it can also cause the compiler to
+      eliminate error-checking code.  Suggested by Peter Gutmann.
 
 
 Changes in version 0.2.0.28-rc - 2008-06-13

Modified: tor/branches/tor-0_2_0-patches/src/common/compat.h
===================================================================
--- tor/branches/tor-0_2_0-patches/src/common/compat.h	2008-07-09 15:23:23 UTC (rev 15803)
+++ tor/branches/tor-0_2_0-patches/src/common/compat.h	2008-07-09 15:23:35 UTC (rev 15804)
@@ -122,7 +122,17 @@
 #define ATTR_CONST __attribute__((const))
 #define ATTR_MALLOC __attribute__((malloc))
 #define ATTR_NORETURN __attribute__((noreturn))
-#define ATTR_NONNULL(x) __attribute__((nonnull x))
+/* Alas, nonnull is not at present a good idea for us.  We'd like to get
+ * warnings when we pass NULL where we shouldn't (which nonnull does, albeit
+ * spottily), but we don't want to tell the compiler to make optimizations
+ * with the assumption that the argument can't be NULL (since this would make
+ * many of our checks go away, and make our code less robust against
+ * programming errors).  Unfortunately, nonnull currently does both of these
+ * things, and there's no good way to split them up.
+ *
+ * #define ATTR_NONNULL(x) __attribute__((nonnull x)) */
+#define ATTR_NONNULL(x)
+
 /** Macro: Evaluates to <b>exp</b> and hints the compiler that the value
  * of <b>exp</b> will probably be true. */
 #define PREDICT_LIKELY(exp) __builtin_expect((exp), 1)

More information about the tor-commits mailing list