How to specify a non-null pointer argument in C

jacob navia wrote:

Problem

You want to ensure that a pointer argument to a function
is non-null.

Solution

Compare the pointer to a null pointer, and don't call the function if
they compare equal.

Problem

You want to assume that a pointer function parameter is non-null.

Solution

int fn(double data[static 1]);

This means that the array (that is passed as a pointer)
must have at least 1 element, i.e. can't be NULL.

This ensures nothing, but allows certain otherwise invalid
optimisations, which may well be what you wanted. A minor point,
though:

#include <stdlib.h>

void f(double data[static 1]) {}
void g(double *data) {
if(data != NULL)
f(data);
}

int main(void) {
double x;
g(&x + 1);

double *p = malloc(1);
g(p);
free(p);
}

Both potential calls to f would be valid if "static 1" only meant
"non-null" and nothing more.

I wasn't aware of this till a discussion in comp.std.c

jacob navia wrote:

Problem

You want to ensure that a pointer argument to a function
is non-null.

Solution

int fn(double data[static 1]);

This means that the array (that is passed as a pointer)
must have at least 1 element, i.e. can't be NULL.

I wasn't aware of this till a discussion in comp.std.c

How's the above to be extrapolated for the general case?

Isn't simply comparing against NULL a simpler approach?

jacob navia schrieb:

Problem

You want to ensure that a pointer argument to a function
is non-null.

Solution

int fn(double data[static 1]);

This means that the array (that is passed as a pointer)
must have at least 1 element, i.e. can't be NULL.

I wasn't aware of this till a discussion in comp.std.c

In what way then will

x = fn(p);

fail if p happens to be NULL?

hagman a écrit :

jacob navia schrieb:

>>Problem

You want to ensure that a pointer argument to a function
is non-null.

Solution

int fn(double data[static 1]);

This means that the array (that is passed as a pointer)
must have at least 1 element, i.e. can't be NULL.

I wasn't aware of this till a discussion in comp.std.c

In what way then will

x = fn(p);

fail if p happens to be NULL?

The compiler can automatically insert a test in a
debug setting. For instance given this prototype

int fn(char string[static 1]);

when seeing a call
fn(s);
can replace that with

assert(s);
fn(s);

at each call site!

santosh a écrit :

jacob navia wrote:

>>Problem

You want to ensure that a pointer argument to a function
is non-null.

Solution

int fn(double data[static 1]);

This means that the array (that is passed as a pointer)
must have at least 1 element, i.e. can't be NULL.

I wasn't aware of this till a discussion in comp.std.c

How's the above to be extrapolated for the general case?

Isn't simply comparing against NULL a simpler approach?

Obviously this is for the compiler. In a debug setting, a
compiler and replace
fn(s)
with
assert(s),fn(s) ;

given a prototype
char *fn(char str[static 1]);

Harald van Dijk a écrit :

jacob navia wrote:

>>Problem

You want to ensure that a pointer argument to a function
is non-null.

Solution

Compare the pointer to a null pointer, and don't call the function if
they compare equal.

Problem

You want to assume that a pointer function parameter is non-null.

>>Solution

int fn(double data[static 1]);

This means that the array (that is passed as a pointer)
must have at least 1 element, i.e. can't be NULL.

This ensures nothing, but allows certain otherwise invalid
optimisations, which may well be what you wanted. A minor point,
though:

#include <stdlib.h>

void f(double data[static 1]) {}
void g(double *data) {
if(data != NULL)
f(data);
}

int main(void) {
double x;
g(&x + 1);

double *p = malloc(1);
g(p);
free(p);
}

Both potential calls to f would be valid if "static 1" only meant
"non-null" and nothing more.

>>I wasn't aware of this till a discussion in comp.std.c

well, you are right. That bug is not catched.

"jacob navia" <ja***@jacob.re mcomp.frwrote in message
news:45******** *************** @news.orange.fr ...

Problem

You want to ensure that a pointer argument to a function
is non-null.

Solution

int fn(double data[static 1]);

This means that the array (that is passed as a pointer)
must have at least 1 element, i.e. can't be NULL.

I wasn't aware of this till a discussion in comp.std.c

what do you mean with ensure? I tried this code and I could easily call this
function with NULL. I didnt get a warning or error at all. And of course
this only happens at compile time right where the compiler can actually
analyse that it is called with NULL.

What about this then?
fn (malloc(1000000 * sizeof(double)) ;

Seems to me we're stuck with if (p == NULL) for a while :)

"hagman" <go****@von-eitzen.dewrites :

jacob navia schrieb:

Problem

You want to ensure that a pointer argument to a function
is non-null.

Solution

int fn(double data[static 1]);

This means that the array (that is passed as a pointer)
must have at least 1 element, i.e. can't be NULL.

I wasn't aware of this till a discussion in comp.std.c

In what way then will

x = fn(p);

fail if p happens to be NULL?

By invoking undefined behavior.

C99 6.7.5.3p7:

If the keyword static also appears within the [ and ] of the array
type derivation, then for each call to the function, the value of
the corresponding actual argument shall provide access to the
first element of an array with at least as many elements as
specified by the size expression.

This "shall" appears outside a constraint, so if it's violated the
result is undefined behavior.

You might as well just (attempt to) dereference the pointer inside the
function; that invokes UB in exactly the same circumstances. And in
either case, a compiler may, but is not required to, insert a check
(and to decide what happens if the check fails).

--
Keith Thompson (The_Other_Keit h) ks***@mib.org <http://www.ghoti.net/~kst>
San Diego Supercomputer Center <* <http://users.sdsc.edu/~kst>
We must do something. This is something. Therefore, we must do this.

Serve Laurijssen a écrit :

"jacob navia" <ja***@jacob.re mcomp.frwrote in message
news:45******** *************** @news.orange.fr ...

>>Problem

You want to ensure that a pointer argument to a function
is non-null.

Solution

int fn(double data[static 1]);

This means that the array (that is passed as a pointer)
must have at least 1 element, i.e. can't be NULL.

I wasn't aware of this till a discussion in comp.std.c

what do you mean with ensure? I tried this code and I could easily call this
function with NULL. I didnt get a warning or error at all. And of course
this only happens at compile time right where the compiler can actually
analyse that it is called with NULL.

What about this then?
fn (malloc(1000000 * sizeof(double)) ;

Seems to me we're stuck with if (p == NULL) for a while :)

This would provoke an assertion failure (if malloc returns NULL)

The compiler would automatically test for NULL *before* pushing the
arguments. In this case you would have an assertion failed NOT in the
fn function but in the calling function, where the error actually
is!

This is MUCH better than testing for NULL in 'fn'