This is the mail archive of the
gcc-patches@gcc.gnu.org
mailing list for the GCC project.
Re: Website patch: update projects to remove attribute nonnull
On Sat, 17 May 2003, Kaveh R. Ghazi wrote:
> Joseph, IMHO surveying variadic function termination conventions is
> overdoing it. NULL is pretty much it.
Another patch around that time
<http://gcc.gnu.org/ml/gcc-patches/2002-10/msg00802.html> provided for an
arbitrary constant terminator, not necessarily a pointer, with reference
to GNOME. I don't know whether in fact there are uses of zero-terminated
lists of integers, but that patch allowed for them. Surveying what is
used isn't overdoing it - rather it's avoiding overdoing it by actually
assessing what is really used and so should be allowed for in the design.
> Since you've grouped this in with the other format attributes in the
> projects page, I think we should follow the existing style and avoid
> adding a new attribute. I suggest this:
The grouping is historical (in that it was linked to discussions of
nonnull, which were directly linked to moving that check out of the format
checking) and logical on the general theme of checking properties of
function calls beyond standard type checking, not indicating either way
whether the same attributes should be used.
> __attribute__ ((__format__ (__execl__)))
>
> Rather than ad hoc, this follows the printf and scanf format
> convention by specifying the type of format check via the name of the
> standard function whose variadic style we are emulating.
While the style of execle is pretty specific (a specific type argument as
the last argument after the terminating NULL) I don't think most users of
the style of execl (e.g., concat in libiberty) will think they are
emulating its style. The case for using the name is clearer for fopen
format strings, also discussed there - there we are checking the
correctness of a string in a particular format. ("format" attribute
presently includes checks for format strings with no associated list of
arguments - strftime - but not for lists of arguments with no associated
strings.)
The format checking code avoids having any conditionals on specific format
types in the code - controlling it entirely by data. I'd say the new sort
of checks should work that way if possible as well - if names are used,
they should be used just to look up a description in a table - the
datastructures should be far simpler than for the existing format
checking. (A table with names also leaves the road open for future
extensible format checking to make this sort of checking extensible as
well; a general form allowing the execle type to be specified would be a
pain without new syntax allowing type names to be passed in, but such
syntax would be needed for extensible format checking.)
> WRT it's behavior, I read through the thread you cited above, and I
> think the consensus was that the terminating value must be an integral
> zero with the same width as a pointer, or any pointer-typed zero.
> E.g. NULL or (T*)0.
I think it should be pointer to object typed zero only, not integers (for
execl style).
> Does this sound ok? If so, I'll try and update Tom's patch.
It needs thorough testcases as well as updating (and making able to cover
execle at least), in any case.
--
Joseph S. Myers
jsm28@cam.ac.uk