You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The compiler could skip inserting null checks on pointer dereferences if it knows that use of a null pointer would be trapped safely by the OS rather than causing undefined behavior. This is probably true for a dereference at a sufficiently small constant offset from a pointer (e.g., accessing a struct field), but a dereference at an offset not known to be small or any pointer arithmetic operation that could be repeated to build up a large offset may still require a null check. This feature could be controlled by its own Checked-C-specific flag, or it might make sense to tie it into target-specific information already available in LLVM/Clang, such as -fdelete-null-pointer-checks; this may be related to #168.
Potential benefits:
Avoid the performance impact of the null checks.
If a user turns on warnings for runtime check insertion (Option to warn for each inserted runtime check that can't be proved unnecessary #1188) in order to get a guarantee of spatial memory safety on a plain C compiler, getting a large number of warnings about null checks and having to add them explicitly to the source code would be extremely annoying. Having the compiler eliminate most of the null checks would make this use scenario more feasible. An alternative way to address the problem would be to add a nullability analysis to Checked C, but I imagine that might be a lot of work and might become a distraction from the main goal of spatial memory safety.
The text was updated successfully, but these errors were encountered:
The compiler could skip inserting null checks on pointer dereferences if it knows that use of a null pointer would be trapped safely by the OS rather than causing undefined behavior. This is probably true for a dereference at a sufficiently small constant offset from a pointer (e.g., accessing a struct field), but a dereference at an offset not known to be small or any pointer arithmetic operation that could be repeated to build up a large offset may still require a null check. This feature could be controlled by its own Checked-C-specific flag, or it might make sense to tie it into target-specific information already available in LLVM/Clang, such as
-fdelete-null-pointer-checks; this may be related to #168.Potential benefits:
The text was updated successfully, but these errors were encountered: