incomplete checking for nullability qualifiers

Hi,

We appear to perform significantly incomplete checking for assigning a null pointer value to a _Nonnull pointer. In particular, pointer initialization and assignment is not checked:

// No warning on static initialization to zero

struct A {
int *_Nonnull p;
} a;
int *_Nonnull b[3];

void g() {

// No warning on initialization

int *_Nonnull p = 0;
// No warning on assignment
p = 0;
// No warning on assignment to member
a.p = 0;

// No warning on assignment to array element
b[0] = 0;
}

Would it be reasonable to start warning on these cases? Are people relying on the existing behavior? (Note, I’m not suggesting we start warning on conversion from a _Nullable or _Null_unspecified pointer to a _Nonnull pointer, only when initializing or assigning to a _Nonnull pointer from a null pointer value.)

Regards,
Richard

Hi,

We appear to perform significantly incomplete checking for assigning a null pointer value to a _Nonnull pointer. In particular, pointer initialization and assignment is not checked:

// No warning on static initialization to zero
struct A {
  int *_Nonnull p;
} a;
int *_Nonnull b[3];

void g() {
  // No warning on initialization
  int *_Nonnull p = 0;
  // No warning on assignment
  p = 0;
  // No warning on assignment to member
  a.p = 0;
  // No warning on assignment to array element
  b[0] = 0;
}

Would it be reasonable to start warning on these cases? Are people relying on the existing behavior? (Note, I'm not suggesting we start warning on conversion from a _Nullable or _Null_unspecified pointer to a _Nonnull pointer, only when initializing or assigning to a _Nonnull pointer from a null pointer value.)

I think it would be quite valuable to warn on these cases; I'm
surprised we don't already. I'd expect we would also want to warn on:

int * _Nonnull ptr = nullptr; // Don't currently warn
ptr = (int*)0; // Don't currently warn

~Aaron

I filed a similar bug 6 years ago:

<https://bugs.llvm.org/show_bug.cgi?id=24328>

Sean