diff options
| -rw-r--r-- | ChangeLog | 3 | ||||
| -rw-r--r-- | src/common/compat.h | 12 |
2 files changed, 14 insertions, 1 deletions
@@ -13,6 +13,9 @@ Changes in version 0.2.1.3-alpha - 2008-07-xx - Change the contrib/tor.logrotate script so it makes the new logs as "_tor:_tor" rather than the default, which is generally "root:wheel". Fixes bug 676, reported by Serge Koksharov. + - Stop using __attribute__((nonnull)) with GCC: it can give us useful + warnings (occasionally), but it can also cause the compiler to + eliminate error-checking code. Suggested by Peter Gutmann. Changes in version 0.2.0.29-rc - 2008-07-08 diff --git a/src/common/compat.h b/src/common/compat.h index 5ec969fa11..7ad964c75d 100644 --- a/src/common/compat.h +++ b/src/common/compat.h @@ -122,7 +122,17 @@ extern INLINE double U64_TO_DBL(uint64_t x) { #define ATTR_CONST __attribute__((const)) #define ATTR_MALLOC __attribute__((malloc)) #define ATTR_NORETURN __attribute__((noreturn)) -#define ATTR_NONNULL(x) __attribute__((nonnull x)) +/* Alas, nonnull is not at present a good idea for us. We'd like to get + * warnings when we pass NULL where we shouldn't (which nonnull does, albeit + * spottily), but we don't want to tell the compiler to make optimizations + * with the assumption that the argument can't be NULL (since this would make + * many of our checks go away, and make our code less robust against + * programming errors). Unfortunately, nonnull currently does both of these + * things, and there's no good way to split them up. + * + * #define ATTR_NONNULL(x) __attribute__((nonnull x)) */ +#define ATTR_NONNULL(x) + /** Macro: Evaluates to <b>exp</b> and hints the compiler that the value * of <b>exp</b> will probably be true. */ #define PREDICT_LIKELY(exp) __builtin_expect((exp), 1) |