5

I want to know whether __attribute__((nonnull)) is standard in C or compiler specific. If it's compiler specific then, is there any alternative to do same with standard C?

I am trying to prevent static analyzer's possible null pointer dereference warning, but I don't want to make my code compiler dependent.

gonidelis
  • 885
  • 10
  • 32
Trishansh Bhardwaj
  • 478
  • 4
  • 16
  • arent warnings always compiler dependent? – 463035818_is_not_an_ai Jul 21 '17 at 12:02
  • More generally, the word *attribute* itself is almost absent from the C11 standard (there are 3 occurrences, two of which related to `_Alignas`). All kinds of GCC/Clang attributes are compiler-specific, so unless you are using `_Alignas`, you cannot have truly portable code that depends on attributes. That said, attributes are often used to modify aspects that are implementation-defined in the standard (or minor details, such as compiler diagnostic messages in your case), and therefore do not contradict it, so the fact that they are not in the standard is not necessarily bad. – anol Jul 21 '17 at 12:25
  • 1
    @tobi303 the C standard does specify some cases where a *diagnostic* should or must be emitted. This often coincides with compiler warnings. The standard does not specify the exact message contents, nor *how* it should be emitted, but since they must be emitted by every conforming implementation, in a sense they are not entirely compiler-dependent. – anol Jul 21 '17 at 12:30
  • 2
    Note that with the `nonnull` attribute, warnings are issued when `NULL` is passed as an argument, but not when a variable which happens to be a null pointer is passed. – ad absurdum Jul 21 '17 at 12:30
  • @anol so in a sense warnings are also not entirely compiler independent. Actually I wasnt sure, thanks for the clarification – 463035818_is_not_an_ai Jul 21 '17 at 12:32
  • What is unclear about the documentation? `__attribute__` is listed under "Extensions to the C language" for gcc. – too honest for this site Jul 21 '17 at 12:33

2 Answers2

9

It's compiler specific. Neither attributes nor nonnull is mentioned anywhere in the C11 standard.

In C11, you can use the type ParameterName[static 1] syntax, although only clang and zapcc (out of gcc <= 7.1 and clang >= 3.1, zapcc, and icc) generate warnings with it if you pass NULL arguments with it. (Also, it can't be used with void pointers, unfortunately).

__attribute__((__nonnull__)) /*nonstandard*/
void pass_nonnull0(char *X)
{
}

void pass_nonnull1(char X[static 1]) /*standard*/
{ /*the "static 1" means the pointed-to "array" must have at least 1 element*/
}

int main()
{
    pass_nonnull0(0); /* both clang & gcc warn with nonnull attributes */
    pass_nonnull1(0); /* only clang and zapcc warn with type ArgName [static 1] */
}

The semantics of the D[ static type-qualifier-listopt assignment-expression ] syntax don't really guarantee a warning. The syntax only denotes a promise to the compiler that the pointed to object will have at least N elements:

6.7.6.3p7:

A declaration of a parameter as ''array of type'' shall be adjusted to ''qualified pointer to type'', where the type qualifiers (if any) are those specified within the [ and ] of the array type derivation. If the keyword static also appears within the [ and ] of the array type derivation, then for each call to the function, the value of the corresponding actual argument shall provide access to the first element of an array with at least as many elements as specified by the size expression.

However, it is sensible for a compiler to generate a warning if it can see that promise is broken.

Petr Skocik
  • 58,047
  • 6
  • 95
  • 142
4

__attribute__(...) is never standard C.
No C standard ever defined __attribute__ to even exist.

Mecki
  • 125,244
  • 33
  • 244
  • 253