[Bug tree-optimization/96003] [11 Regression] Maybe a false positive for -Werror=nonnull

msebor at gcc dot gnu.org gcc-bugzilla@gcc.gnu.org
Thu Jul 9 15:22:15 GMT 2020


Martin Sebor <msebor at gcc dot gnu.org> changed:

           What    |Removed                     |Added
     Ever confirmed|0                           |1
             Status|UNCONFIRMED                 |NEW
           Keywords|rejects-valid               |
   Last reconfirmed|                            |2020-07-09
             Blocks|                            |95507
            Summary|Maybe a false positive for  |[11 Regression] Maybe a
                   |-Werror=nonnull             |false positive for
                   |                            |-Werror=nonnull

--- Comment #4 from Martin Sebor <msebor at gcc dot gnu.org> ---
Confirmed for the test case in comment #0.  It's a warning, not an error
(except with -Werror if requested), so removing rejects-valid.  The warning is
doing what it's designed to do.  The corresponding diagnostic is emitted prior
to r11-1697 for the following C code:

$ cat z.c && gcc -S -Wall -fdump-tree-optimized=/dev/stdout z.c
__attribute__ ((nonnull)) void f (void*);

void g (void **p)
  f (p ? *p : 0);
z.c: In function ‘g’:
z.c:5:3: warning: argument 1 null where non-null expected [-Wnonnull]
    5 |   f (p ? *p : 0);
      |   ^
z.c:1:32: note: in a call to function ‘f’ declared ‘nonnull’
    1 | __attribute__ ((nonnull)) void f (void*);
      |                                ^

Unless the warning code is removed from the front end and made to rely solely
on the middle end I'm not sure what the generic front end part can do to avoid
triggering.  Perhaps the C++ front end could wrap the 'r != 0B ? &r->D.2352 :
0B' expression somehow to briefly hide it.

The warning in the test case in comment #3 looks correct to me.  The function

  template <typename d> void e<d>::operator++() { d()->b(); }

is instantiated as a result of the calls to e<a *> begin() and e<a *> end()
emitted by the for (auto i : g) loop.  With d being e*, the d() expression
evaluates to a null pointer, so the call is ((e*)0)->b().

Referenced Bugs:

[Bug 95507] [meta-bug] bogus/missing -Wnonnull

More information about the Gcc-bugs mailing list