clang 3.6 brought some very useful warnings when a function argument with __attribute__((nonnull)) had a NULL check:
warning: nonnull parameter 'p' will evaluate to 'true' on first encounter [-Wpointer-bool-conversion]
With gcc and earlier clang versions, the NULL check was silently optimized away.
We just realized that the same problem remains with __attribute__((returns_nonnull)): NULL checks are silently optimized away, as in the following test case.
int *nul(void) {
return NULL;
}
__attribute__((returns_nonnull)) int *foo(void)
{
return nul();
}
int main(void)
{
fprintf(stderr, "%p\n", foo());
if (foo() == NULL) {
fprintf(stderr, "foo is null\n");
}
return 0;
}
Is it planned to have a warning in that case ?
