This is the mail archive of the gcc-patches@gcc.gnu.org mailing list for the GCC project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: PR c/16351 Extend Wnonnull for returns_nonnull

From: Bernhard Reutner-Fischer <rep dot dot dot nop at gmail dot com>
To: Jeff Law <law at redhat dot com>,Manuel López-Ibáñez <lopezibanez at gmail dot com>,Gcc Patch List <gcc-patches at gcc dot gnu dot org>,Jason Merrill <jason at redhat dot com>,"Joseph S. Myers" <joseph at codesourcery dot com>
Date: Fri, 24 Jul 2015 10:06:01 +0200
Subject: Re: PR c/16351 Extend Wnonnull for returns_nonnull
Authentication-results: sourceware.org; auth=none
References: <CAESRpQAZT7syOqgusqXQEgigUj3UeTfi5iD9CHJKGCAnVfA7Ug at mail dot gmail dot com> <55B127D7 dot 3020202 at redhat dot com> <3EAB7D8C-698E-418A-A269-DF4389142264 at gmail dot com> <55B1CD5B dot 6010101 at redhat dot com>

On July 24, 2015 7:30:03 AM GMT+02:00, Jeff Law <law@redhat.com> wrote:
>On 07/23/2015 04:44 PM, Bernhard Reutner-Fischer wrote:
>> On July 23, 2015 7:43:51 PM GMT+02:00, Jeff Law <law@redhat.com>
>wrote:
>>> On 07/22/2015 09:29 AM, Manuel LÃpez-IbÃÃez wrote:
>>>> While looking at PR c/16351, I noticed that all tests proposed for
>>>> -Wnull-attribute
>>>> (https://gcc.gnu.org/ml/gcc-patches/2014-01/msg01715.html) could be
>>>> warned from the FEs by simply extending the existing Wnonnull.
>>>>
>>>> Bootstrapped and regression tested on x86_64-linux-gnu.
>>>>
>>>> OK?
>>>>
>>>>
>>>> gcc/ChangeLog:
>>>>
>>>> 2015-07-22  Manuel LÃpez-IbÃÃez  <manu@gcc.gnu.org>
>>>>
>>>>       PR c/16351
>>>>       * doc/invoke.texi (Wnonnull): Document behavior for
>>>>       returns_nonnull.
>>>>
>>>> gcc/testsuite/ChangeLog:
>>>>
>>>> 2015-07-22  Manuel LÃpez-IbÃÃez  <manu@gcc.gnu.org>
>>>>
>>>>       PR c/16351
>>>>       * c-c++-common/wnonnull-1.c: New test.
>>>>
>>>> gcc/cp/ChangeLog:
>>>>
>>>> 2015-07-22  Manuel LÃpez-IbÃÃez  <manu@gcc.gnu.org>
>>>>
>>>>       PR c/16351
>>>>       * typeck.c (check_return_expr): Call
>maybe_warn_returns_nonnull.
>>>>
>>>>
>>>> gcc/c-family/ChangeLog:
>>>>
>>>> 2015-07-22  Manuel LÃpez-IbÃÃez  <manu@gcc.gnu.org>
>>>>
>>>>       PR c/16351
>>>>       * c-common.c (maybe_warn_returns_nonnull): New.
>>>>       * c-common.h (maybe_warn_returns_nonnull): Declare.
>>>>
>>>> gcc/c/ChangeLog:
>>>>
>>>> 2015-07-22  Manuel LÃpez-IbÃÃez  <manu@gcc.gnu.org>
>>>>
>>>>       PR c/16351
>>>>       * c-typeck.c (c_finish_return): Call
>maybe_warn_returns_nonnull.
>>> FWIW, we have the usual tension here between warning in the
>front-end
>>> vs
>>> warning after optimization and exploiting dataflow analysis.
>>>
>>> Warning in the front-ends like this can generate false positives
>(such
>>> as a NULL return in an unreachable path and miss cases where the
>NULL
>>> has to be propagated into the return by later optimizations.
>>>
>>> However warning in the front-ends will tend to have more stable
>>> diagnostics from release to release.
>>>
>>> Warning after optimization/analysis will tend to generate fewer
>false
>>> positives and can pick up cases where the didn't explicitly appear
>in
>>> the return statement, but had to be propagated in by the optimizers.
>Of
>>>
>>> course, these warnings are less stable release-to-release and
>require
>>> the optimizers/analysis phases to be run.
>>>
>>> I've always preferred exploiting optimization and analysis to both
>>> reduce false positives and expose the non-trivial which show up via
>>> optimizations.  But I also understand that's simply my preference
>and
>>> that others have a different preference.
>>>
>>> I'll tentatively approve for the trunk, but I think we still want
>>> warnings after optimization/analysis.  Which will likely lead to a
>>> scheme like I proposed many years for uninitialized variables where
>we
>>> have multiple modes.  One warns in the front-end like your
>implemention
>>>
>>> does, the other defers the warning until after analysis &
>optimization.
>>>
>>> So please keep 16351 open after committing.
>>
>> -W{no-,}{f,m}e IIRC was proposed before. Won't help
>https://gcc.gnu.org/PR55035 though where struct stores just escape too
>much -- AFAIU -- but still..
>>
>Things like uninitialized variable analysis are inherently going to 
>cause false positives.  It's just a fact of life.
>
>Looking at the reduced testcase in that PR, I'm pretty sure its a bogus
>
>reduction.

Yes, the original, smallish test case in comment #4 is different, AFAICS.
>
>We could have N == 0 when we encounter the head of the first loop.  So 
>no members of temp[] will be initialized.  We then have the call to 
>bar() which could change the value of N to 1.  We then hit the second 
>loop and read temp[0] which is uninitialized.  The warning for the 
>reduced testcase is correct.

Agree.
>
>If the original source has the same overall structure (an unbound write
>
>between the key loops), then the warning is correct.  If the writes can
>
>be proven to not clobber the loop bounds (such that the two key loops 
>iterate over the same number of elements), then we'd have a false 
>positive warning (and a failure of jump threading to discover the 
>unexecutable path).

AFAIU the write in the testcase in comment #4 does not clobber loop bounds, so I think the warning is wrong.

Thanks,

Follow-Ups:
- Re: PR c/16351 Extend Wnonnull for returns_nonnull
  - From: Jeff Law

References:
- PR c/16351 Extend Wnonnull for returns_nonnull
  - From: Manuel LÃpez-IbÃÃez
- Re: PR c/16351 Extend Wnonnull for returns_nonnull
  - From: Jeff Law
- Re: PR c/16351 Extend Wnonnull for returns_nonnull
  - From: Bernhard Reutner-Fischer
- Re: PR c/16351 Extend Wnonnull for returns_nonnull
  - From: Jeff Law

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]