[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[or-cvs] r15804: Stop using __attribute__((nonnull)): It gets us occcasional (in tor/branches/tor-0_2_0-patches: . src/common)
Author: nickm
Date: 2008-07-09 11:23:35 -0400 (Wed, 09 Jul 2008)
New Revision: 15804
Modified:
tor/branches/tor-0_2_0-patches/ChangeLog
tor/branches/tor-0_2_0-patches/src/common/compat.h
Log:
Stop using __attribute__((nonnull)): It gets us occcasional warnings when we do something so foolish it can be detected without dataflow analysis, but it also eliminates some of our error checking code. Suggested by Peter Gutmann.
Modified: tor/branches/tor-0_2_0-patches/ChangeLog
===================================================================
--- tor/branches/tor-0_2_0-patches/ChangeLog 2008-07-09 15:23:23 UTC (rev 15803)
+++ tor/branches/tor-0_2_0-patches/ChangeLog 2008-07-09 15:23:35 UTC (rev 15804)
@@ -36,6 +36,9 @@
- Correctly detect transparent proxy support on Linux hosts that
require in.h to be included before netfilter_ipv4.h. Patch
from coderman.
+ - Stop using __attribute__((nonnull)) with GCC: it can give us useful
+ warnings (occasionally), but it can also cause the compiler to
+ eliminate error-checking code. Suggested by Peter Gutmann.
Changes in version 0.2.0.28-rc - 2008-06-13
Modified: tor/branches/tor-0_2_0-patches/src/common/compat.h
===================================================================
--- tor/branches/tor-0_2_0-patches/src/common/compat.h 2008-07-09 15:23:23 UTC (rev 15803)
+++ tor/branches/tor-0_2_0-patches/src/common/compat.h 2008-07-09 15:23:35 UTC (rev 15804)
@@ -122,7 +122,17 @@
#define ATTR_CONST __attribute__((const))
#define ATTR_MALLOC __attribute__((malloc))
#define ATTR_NORETURN __attribute__((noreturn))
-#define ATTR_NONNULL(x) __attribute__((nonnull x))
+/* Alas, nonnull is not at present a good idea for us. We'd like to get
+ * warnings when we pass NULL where we shouldn't (which nonnull does, albeit
+ * spottily), but we don't want to tell the compiler to make optimizations
+ * with the assumption that the argument can't be NULL (since this would make
+ * many of our checks go away, and make our code less robust against
+ * programming errors). Unfortunately, nonnull currently does both of these
+ * things, and there's no good way to split them up.
+ *
+ * #define ATTR_NONNULL(x) __attribute__((nonnull x)) */
+#define ATTR_NONNULL(x)
+
/** Macro: Evaluates to <b>exp</b> and hints the compiler that the value
* of <b>exp</b> will probably be true. */
#define PREDICT_LIKELY(exp) __builtin_expect((exp), 1)