Re: Patch: New null_terminated attribute for C/C++

[Andrew Pinski <pinskia at physics dot uc dot edu>]

How is different from openbsd's attribute called sentinel in their 
2.95.3:

http://www.openbsd.org/cgi-bin/cvsweb/src/gnu/egcs/gcc/c-common.c

Thanks,
Andrew Pinski

On Sunday, Oct 13, 2002, at 15:53 US/Pacific, Tom Tromey wrote:

> This patch adds support for a new `null_terminated' attribute, and
> -Wnull-termination option to gcc.
>
> Some functions, like execl, require a trailing NULL argument.  Here
> the null argument must have pointer type, so in C++ this requires a
> cast.  It is easy to forget to leave off the terminating NULL.  Also,
> apparently there are cases where the user writes `0' instead of `NULL'
> in C code, leading to a problem when moving to a machine where
> sizeof(int)!=sizeof(void*).
>
> Built on x86 Red Hat Linux 7.3.  I tested it using various
> permutations of a program like this:
>
>     #include <stdio.h>
>     #include <stdarg.h>
>
>     extern int doit (char *program, ...) __attribute__ 
> ((null_terminated));
>
>     int main (int argc, char **argv)
>     {
>       doit ("foo");
>     }
>
> In particular I tested both C and C++, where the final argument is
> NULL, an ordinary char* value, or 0.  I also tested that you get a
> warning if the attribute is applied to something other than a function
> decl.
>
> Ok to commit?
>
> Tom
>
> Index: cp/ChangeLog
> from  Tom Tromey  <tromey@redhat.com>
>
> 	* typeck.c (build_function_call_real): Check for null
> 	termination of arguments.
>
> Index: ChangeLog
> from  Tom Tromey  <tromey@redhat.com>
>
> 	* doc/invoke.texi (Option Summary): Added -Wnull-termination.
> 	(Warning Options): Document -Wnull-termination.
> 	* doc/extend.texi (Function Attributes): Document null_terminated
> 	attribute.
> 	* c-opts.c (c_common_decode_option): Handle -Wnull-termination.
> 	(COMMAND_LINE_OPTIONS): Added -Wnull-termination.
> 	* c-common.h (warn_null_termination): Declare.
> 	(check_function_null_termination): Likewise.
> 	* c-common.c (warn_null_termination): Define.
> 	(check_function_null_termination): New function.
> 	(c_common_attribute_table): Added null_terminated.
> 	(handle_null_terminated_attribute): New function.
>
> Index: c-common.c
> ===================================================================
> RCS file: /cvs/gcc/gcc/gcc/c-common.c,v
> retrieving revision 1.387
> diff -u -r1.387 c-common.c
> --- c-common.c 9 Oct 2002 00:13:56 -0000 1.387
> +++ c-common.c 13 Oct 2002 22:39:07 -0000
> @@ -1,5 +1,5 @@
>  /* Subroutines shared by all languages that are variants of C.
> -   Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000,
> +   Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 
> 2000, 2002,
>     2001, 2002 Free Software Foundation, Inc.
>
>  This file is part of GCC.
> @@ -411,6 +411,11 @@
>
>  int warn_nonnull;
>
> +/* Warn when a function requiring a NULL-terminated vararg list is not
> +   passed a terminating NULL.  */
> +
> +int warn_null_termination;
> +
>
>  /* ObjC language option variables.  */
>
> @@ -764,6 +769,8 @@
>  						 bool *));
>  static tree handle_vector_size_attribute PARAMS ((tree *, tree, tree, 
> int,
>  						  bool *));
> +static tree handle_null_terminated_attribute PARAMS ((tree *, tree, 
> tree, int,
> +						      bool *));
>  static tree handle_nonnull_attribute	PARAMS ((tree *, tree, tree, int,
>  						 bool *));
>  static tree handle_nothrow_attribute	PARAMS ((tree *, tree, tree, int,
> @@ -851,6 +858,8 @@
>  			      handle_visibility_attribute },
>    { "tls_model",	      1, 1, true,  false, false,
>  			      handle_tls_model_attribute },
> +  { "null_terminated",        0, 0, true, false, false,
> +			      handle_null_terminated_attribute },
>    { "nonnull",                0, -1, false, true, true,
>  			      handle_nonnull_attribute },
>    { "nothrow",                0, 0, true,  false, false,
> @@ -6305,6 +6314,49 @@
>    TREE_THIS_VOLATILE (outer) = TREE_THIS_VOLATILE (type);
>
>    return outer;
> +}
> +
> +/* Handle the "null_terminated" attribute.  */
> +
> +static tree
> +handle_null_terminated_attribute (node, name, args, flags, 
> no_add_attrs)
> +     tree *node;
> +     tree name;
> +     tree args ATTRIBUTE_UNUSED;
> +     int flags ATTRIBUTE_UNUSED;
> +     bool *no_add_attrs;
> +{
> +  if (TREE_CODE (*node) != FUNCTION_DECL)
> +    {
> +      warning ("`%s' attribute ignored", IDENTIFIER_POINTER (name));
> +      *no_add_attrs = true;
> +    }
> +  return NULL_TREE;
> +}
> +
> +/* Check the argument list for a execl-like function to make sure the
> +   final argument is NULL.  */
> +
> +void
> +check_function_null_termination (attrs, params)
> +     tree attrs, params;
> +{
> +  tree a, param;
> +
> +  if (!warn_null_termination || !lookup_attribute ("null_terminated", 
> attrs))
> +    return;
> +
> +  /* Find the last argument.  */
> +  for (param = params; param && TREE_CHAIN (param);
> +       param = TREE_CHAIN (param))
> +    ;
> +
> +  if (param)
> +    param = TREE_VALUE (param);
> +
> +  if (!param || TREE_CODE (TREE_TYPE (param)) != POINTER_TYPE
> +      || !integer_zerop (param))
> +    warning ("non-null argument terminator");
>  }
>
>  /* Handle the "nonnull" attribute.  */
> Index: c-common.h
> ===================================================================
> RCS file: /cvs/gcc/gcc/gcc/c-common.h,v
> retrieving revision 1.163
> diff -u -r1.163 c-common.h
> --- c-common.h 26 Sep 2002 22:25:12 -0000 1.163
> +++ c-common.h 13 Oct 2002 22:39:10 -0000
> @@ -1,5 +1,5 @@
>  /* Definitions for c-common.c.
> -   Copyright (C) 1987, 1993, 1994, 1995, 1997, 1998,
> +   Copyright (C) 1987, 1993, 1994, 1995, 1997, 1998, 2002,
>     1999, 2000, 2001, 2002 Free Software Foundation, Inc.
>
>  This file is part of GCC.
> @@ -585,6 +585,11 @@
>
>  extern int warn_nonnull;
>
> +/* Warn when a function requiring a NULL-terminated vararg list is not
> +   passed a terminating NULL.  */
> +
> +int warn_null_termination;
> +
>
>  /* ObjC language option variables.  */
>
> @@ -864,6 +869,7 @@
>  extern tree fname_decl				PARAMS ((unsigned, tree));
>  extern const char *fname_string			PARAMS ((unsigned));
>
> +extern void check_function_null_termination     PARAMS ((tree, tree));
>  extern void check_function_arguments		PARAMS ((tree, tree));
>  extern void check_function_arguments_recurse	PARAMS ((void (*) (void 
> *,
>  								   tree,
> Index: c-opts.c
> ===================================================================
> RCS file: /cvs/gcc/gcc/gcc/c-opts.c,v
> retrieving revision 1.21
> diff -u -r1.21 c-opts.c
> --- c-opts.c 8 Oct 2002 19:20:15 -0000 1.21
> +++ c-opts.c 13 Oct 2002 22:39:10 -0000
> @@ -163,6 +163,7 @@
>    OPT("Wnon-template-friend",	CL_CXX,   OPT_Wnon_template_friend)	    
>  \
>    OPT("Wnon-virtual-dtor",	CL_CXX,   OPT_Wnon_virtual_dtor)	     \
>    OPT("Wnonnull",		CL_C,     OPT_Wnonnull)			     \
> +  OPT("Wnull-termination",	CL_ALL,   OPT_Wnull_termination)	     \
>    OPT("Wold-style-cast",	CL_CXX,   OPT_Wold_style_cast)		     \
>    OPT("Woverloaded-virtual",	CL_CXX,   OPT_Woverloaded_virtual)	     \
>    OPT("Wparentheses",		CL_ALL,   OPT_Wparentheses)		     \
> @@ -874,6 +875,10 @@
>
>      case OPT_Wnon_virtual_dtor:
>        warn_nonvdtor = on;
> +      break;
> +
> +    case OPT_Wnull_termination:
> +      warn_null_termination = on;
>        break;
>
>      case OPT_Wnonnull:
> Index: c-typeck.c
> ===================================================================
> RCS file: /cvs/gcc/gcc/gcc/c-typeck.c,v
> retrieving revision 1.210
> diff -u -r1.210 c-typeck.c
> --- c-typeck.c 8 Oct 2002 19:20:15 -0000 1.210
> +++ c-typeck.c 13 Oct 2002 22:39:16 -0000
> @@ -1,5 +1,5 @@
>  /* Build expressions with type checking for C compiler.
> -   Copyright (C) 1987, 1988, 1991, 1992, 1993, 1994, 1995, 1996, 1997,
> +   Copyright (C) 1987, 1988, 1991, 1992, 1993, 1994, 1995, 1996, 
> 1997, 2002,
>     1998, 1999, 2000, 2001, 2002 Free Software Foundation, Inc.
>
>  This file is part of GCC.
> @@ -1519,6 +1519,8 @@
>
>    /* Check that the arguments to the function are valid.  */
>
> +  check_function_null_termination (fundecl ? DECL_ATTRIBUTES (fundecl)
> +				   : NULL_TREE, coerced_params);
>    check_function_arguments (TYPE_ATTRIBUTES (fntype), coerced_params);
>
>    /* Recognize certain built-in functions so we can make tree-codes
>
> Index: cp/typeck.c
> ===================================================================
> RCS file: /cvs/gcc/gcc/gcc/cp/typeck.c,v
> retrieving revision 1.430
> diff -u -r1.430 typeck.c
> --- cp/typeck.c 30 Sep 2002 16:52:15 -0000 1.430
> +++ cp/typeck.c 13 Oct 2002 22:39:35 -0000
> @@ -1,5 +1,5 @@
>  /* Build expressions with type checking for C++ compiler.
> -   Copyright (C) 1987, 1988, 1989, 1992, 1993, 1994, 1995, 1996, 
> 1997, 1998,
> +   Copyright (C) 1987, 1988, 1989, 1992, 1993, 1994, 1995, 1996, 
> 1997, 1998, 2002,
>     1999, 2000, 2001, 2002 Free Software Foundation, Inc.
>     Hacked by Michael Tiemann (tiemann@cygnus.com)
>
> @@ -2723,6 +2723,8 @@
>
>    if (warn_format)
>      check_function_format (NULL, TYPE_ATTRIBUTES (fntype), 
> coerced_params);
> +  check_function_null_termination (fndecl ? DECL_ATTRIBUTES (fndecl)
> +				   : NULL_TREE, coerced_params);
>
>    /* Recognize certain built-in functions so we can make tree-codes
>       other than CALL_EXPR.  We do this when it enables fold-const.c
> Index: doc/extend.texi
> ===================================================================
> RCS file: /cvs/gcc/gcc/gcc/doc/extend.texi,v
> retrieving revision 1.106
> diff -u -r1.106 extend.texi
> --- doc/extend.texi 11 Oct 2002 04:15:14 -0000 1.106
> +++ doc/extend.texi 13 Oct 2002 22:39:43 -0000
> @@ -2197,6 +2197,25 @@
>  	__attribute__((nonnull));
>  @end smallexample
>
> +@item null_terminated
> +@cindex @code{null_terminated} function attribute
> +The @code{null_terminated} attribute specifies that the final
> +argument to a function should be a null pointer.  For instance, the
> +declaration:
> +
> +@smallexample
> +extern int
> +execlp (const char *filename, const char *arg0, ...)
> +	__attribute__((null_terminated));
> +@end smallexample
> +
> +@noindent
> +causes the compiler to check that, in calls to @code{execlp},
> +the terminating argument is a null pointer.  If the compiler
> +determines that the last argument is not a null pointer, and the
> +@option{-Wnull-termination} is enabled, a warning is issued.
> +This feature is most useful with varargs functions.
> +
>  @item no_instrument_function
>  @cindex @code{no_instrument_function} function attribute
>  @opindex finstrument-functions
> Index: doc/invoke.texi
> ===================================================================
> RCS file: /cvs/gcc/gcc/gcc/doc/invoke.texi,v
> retrieving revision 1.195
> diff -u -r1.195 invoke.texi
> --- doc/invoke.texi 10 Oct 2002 17:38:35 -0000 1.195
> +++ doc/invoke.texi 13 Oct 2002 22:39:54 -0000
> @@ -1,4 +1,4 @@
> -@c Copyright (C) 1988, 1989, 1992, 1993, 1994, 1995, 1996, 1997, 
> 1998, 1999,
> +@c Copyright (C) 1988, 1989, 1992, 1993, 1994, 1995, 1996, 1997, 
> 1998, 1999, 2002,
>  @c 2000, 2001, 2002 Free Software Foundation, Inc.
>  @c This is part of the GCC manual.
>  @c For copying conditions, see the file gcc.texi.
> @@ -225,7 +225,7 @@
>  -Wmain  -Wmissing-braces @gol
>  -Wmissing-format-attribute  -Wmissing-noreturn @gol
>  -Wno-multichar  -Wno-format-extra-args  -Wno-format-y2k @gol
> --Wno-import  -Wnonnull  -Wpacked  -Wpadded @gol
> +-Wno-import  -Wnonnull  -Wnull_termination  -Wpacked  -Wpadded @gol
>  -Wparentheses  -Wpointer-arith  -Wredundant-decls @gol
>  -Wreturn-type  -Wsequence-point  -Wshadow @gol
>  -Wsign-compare  -Wstrict-aliasing -Wswitch  -Wswitch-default 
> -Wswitch-enum @gol
> @@ -2055,6 +2055,12 @@
>
>  @option{-Wnonnull} is included in @option{-Wall} and 
> @option{-Wformat}.  It
>  can be disabled with the @option{-Wno-nonnull} option.
> +
> +@item -Wnull-termination
> +@opindex Wnull-termination
> +Enable warning about failing to pass a null pointer as the final
> +argument to a function whose final argument should be null, as
> +determined by the @code{null_terminated} function attribute.
>
>  @item -Wimplicit-int
>  @opindex Wimplicit-int