On Fri, Feb 24, 2023 at 9:00 AM Jₑₙₛ Gustedt <jens.gustedt@inria.fr> wrote:

Tamir,

on Fri, 24 Feb 2023 11:42:30 -0500 you (Tamir Duberstein
<tamird@google.com>) wrote:

> Internal UB means "applying zero offset to null pointer" when the
> caller passes (NULL, _, 0, _).

So you mean internal misbehavior?

> Does such an attribute exist?

Yes, gcc has the nonnull old-style attribute, and I think that the C23
versions of gcc and clang will have something like `[[gnu::nonnull]]`.

Having this as attribute of the function and not of the pointer is a
bit unfortunate. For non-void pointers you could also use the `[static
1]` array parameter notation instead of a pointer.

bionic's using clang's _Nullable and _Nonnull, which do let you express this: https://clang.llvm.org/docs/AttributeReference.html#nullability-attributes

Jₑₙₛ

--
:: ICube :::::::::::::::::::::::::::::: deputy director ::
:: Université de Strasbourg :::::::::::::::::::::: ICPS ::
:: INRIA Nancy Grand Est :::::::::::::::::::::::: Camus ::
:: :::::::::::::::::::::::::::::::::::: ☎ +33 368854536 ::
:: https://icube-icps.unistra.fr/index.php/Jens_Gustedt ::