We appear to perform significantly incomplete checking for assigning a null pointer value to a _Nonnull pointer. In particular, pointer initialization and assignment is not checked:
// No warning on static initialization to zero
struct A {
int *_Nonnull p;
} a;
int *_Nonnull b[3];
void g() {
// No warning on initialization
int *_Nonnull p = 0;
// No warning on assignment
p = 0;
// No warning on assignment to member
a.p = 0;
// No warning on assignment to array element
b[0] = 0;
}
Would it be reasonable to start warning on these cases? Are people relying on the existing behavior? (Note, I’m not suggesting we start warning on conversion from a _Nullable or _Null_unspecified pointer to a _Nonnull pointer, only when initializing or assigning to a _Nonnull pointer from a null pointer value.)
We appear to perform significantly incomplete checking for assigning a null pointer value to a _Nonnull pointer. In particular, pointer initialization and assignment is not checked:
// No warning on static initialization to zero
struct A {
int *_Nonnull p;
} a;
int *_Nonnull b[3];
void g() {
// No warning on initialization
int *_Nonnull p = 0;
// No warning on assignment
p = 0;
// No warning on assignment to member
a.p = 0;
// No warning on assignment to array element
b[0] = 0;
}
Would it be reasonable to start warning on these cases? Are people relying on the existing behavior? (Note, I'm not suggesting we start warning on conversion from a _Nullable or _Null_unspecified pointer to a _Nonnull pointer, only when initializing or assigning to a _Nonnull pointer from a null pointer value.)
I think it would be quite valuable to warn on these cases; I'm
surprised we don't already. I'd expect we would also want to warn on:
int * _Nonnull ptr = nullptr; // Don't currently warn
ptr = (int*)0; // Don't currently warn