Re: Fix UDF-FS potentially dereferencing null

From: Alexandre Oliva
Date: Thu Apr 22 2004 - 15:33:22 EST

On Apr 17, 2004, Linus Torvalds <torvalds@xxxxxxxx> wrote:

> On Sat, 17 Apr 2004, Ingo Oeser wrote:
>> Or even call the attribute "nonnull", because this is a very obvious
>> naming, even to non-native English readers.

> I did that at first, but decided that what I really wanted was "safe".

> "nonnull" is nice for avoiding the NULL check, but it's useless for
> anything else.

> "safe" to my mind means that not only is it not NULL, it's also safe to
> dereference early (ie "prefetchable"), which has a lot of meaning for the
> back-end.

And how far back can this go?

Consider, for example:

inline int foo(int *safe p) {
return *p;

int bar(int *p) {
if (p)
return foo(p);
return -1;

I suppose you'd like a compiler to remember the point at which the
pointer became safe, and avoid prefetching it before the test. So
it's not exactly total freedom to reschedule the load.

Still, this sounds like something that might be useful, especially on
platforms that don't support (non-trapping) prefetching.

GCC's nonnull attribute is indeed useless for these purposes. Even
though the docs say it could be used to optimize away a NULL test, its
syntax is far too cumbersome, since you apply the nonnull attribute to
the function, not to its argument, which makes it unusable for
non-argument variables.

Alexandre Oliva
Red Hat Compiler Engineer aoliva@{,}
Free Software Evangelist oliva@{,}
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at
Please read the FAQ at