aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorNick Mathewson <nickm@torproject.org>2008-07-09 15:23:35 +0000
committerNick Mathewson <nickm@torproject.org>2008-07-09 15:23:35 +0000
commitbe5d943cec431438b28b55b450b11900c0e31ed1 (patch)
treef8c553fa7d604e6b9a0b3429217b19ee585839c4
parentfcf0a324fd2db4caadeef4b169088289f520b1e0 (diff)
downloadtor-be5d943cec431438b28b55b450b11900c0e31ed1.tar.gz
tor-be5d943cec431438b28b55b450b11900c0e31ed1.zip
Stop using __attribute__((nonnull)): It gets us occcasional warnings when we do something so foolish it can be detected without dataflow analysis, but it also eliminates some of our error checking code. Suggested by Peter Gutmann.
svn:r15804
-rw-r--r--ChangeLog3
-rw-r--r--src/common/compat.h12
2 files changed, 14 insertions, 1 deletions
diff --git a/ChangeLog b/ChangeLog
index b8b9b66602..770291ea7a 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -36,6 +36,9 @@ Changes in version 0.2.0.29-rc - 2008-07-08
- Correctly detect transparent proxy support on Linux hosts that
require in.h to be included before netfilter_ipv4.h. Patch
from coderman.
+ - Stop using __attribute__((nonnull)) with GCC: it can give us useful
+ warnings (occasionally), but it can also cause the compiler to
+ eliminate error-checking code. Suggested by Peter Gutmann.
Changes in version 0.2.0.28-rc - 2008-06-13
diff --git a/src/common/compat.h b/src/common/compat.h
index 75b6e5420f..ea66093568 100644
--- a/src/common/compat.h
+++ b/src/common/compat.h
@@ -122,7 +122,17 @@ extern INLINE double U64_TO_DBL(uint64_t x) {
#define ATTR_CONST __attribute__((const))
#define ATTR_MALLOC __attribute__((malloc))
#define ATTR_NORETURN __attribute__((noreturn))
-#define ATTR_NONNULL(x) __attribute__((nonnull x))
+/* Alas, nonnull is not at present a good idea for us. We'd like to get
+ * warnings when we pass NULL where we shouldn't (which nonnull does, albeit
+ * spottily), but we don't want to tell the compiler to make optimizations
+ * with the assumption that the argument can't be NULL (since this would make
+ * many of our checks go away, and make our code less robust against
+ * programming errors). Unfortunately, nonnull currently does both of these
+ * things, and there's no good way to split them up.
+ *
+ * #define ATTR_NONNULL(x) __attribute__((nonnull x)) */
+#define ATTR_NONNULL(x)
+
/** Macro: Evaluates to <b>exp</b> and hints the compiler that the value
* of <b>exp</b> will probably be true. */
#define PREDICT_LIKELY(exp) __builtin_expect((exp), 1)