[Pam-developers] Re: [Fwd: Re: GCC 6 -Wnonnull is too aggressive]

Hi, On Fri, Feb 19, Tomas Mraz wrote: > Apparently our usage of __nonnull__ attribute is not completely > aligned > with what gcc developers mean with it. Use of the attribute > declares > that the parameter can never be NULL which means that the checks in > the > IF_NO_PAMH for example can be removed by the compiler during the > optimization. We would need to remove the __nonnull__ attribute or > at > least add -fno-delete-null-pointer-checks to the default CFLAGS. > > I'd prefer removing the __nonnull__. > > What do you think? From Linux-PAM code: #if PAM_GNUC_PREREQ(3,3) && !defined(LIBPAM_COMPILE) # define PAM_NONNULL(params) __attribute__((__nonnull__ params)) #else # define PAM_NONNULL(params) #endif We don't use it for libpam itself, I fixed that already 10 years ago.  The problem is well known, from the GCC documentation: "causes the compiler to check that, in calls to my_memcpy, arguments   dest and src are non-null. If the compiler determines that a null   pointer is passed in an argument slot marked as non-null, and the   -Wnonnull option is enabled, a warning is issued. The compiler may  also choose to make optimizations based on the knowledge that certain   function arguments will not be null. " So our usage of the nonnull attribute is matching exactly what was documented for GCC: the calling code should get a warning from the compiler, if it is using NULL as argument, and the  called functions in libpam are not compiled with this attribute, so that the checks are not removed. I think we only need to check, if we haven't make changes to the code, so that the nonnull attribute is also used for to be called code.