Menu

#3956 Aliasing implications of uses of restrict are ignored for _Optional analysis

open
nobody
None
other
5
2026-03-23
2026-03-23
Christopher Bazley
No

1: Sample code that reproduces the problem.

void
orlando (_Optional int **ppoi_1, _Optional int **restrict ppoi_2)
{
  // constrains *ppoi_1 to non-null on the fallthrough path
  if (!*ppoi_1)
    return;

  **ppoi_1 = 1;      // no recommended diagnostic
  *ppoi_2 = nullptr; /* non-null constraint on *ppoi_1 is
                        unaffected because *ppoi_2 cannot
                        alias *ppoi_1 */
  **ppoi_1 = 2;      // no recommended diagnostic
}

2: Exact command used to run SDCC on this sample code

sdcc --std=c23 -c /work/bug5.c

3: SDCC version tested (type "sdcc -v" to find it)

SDCC : mcs51/z80/z180/r2k/r2ka/r3ka/r4k/r5k/r6k/sm83/tlcs90/ez80/z80n/r800/ds390/pic16/pic14/TININative/ds400/hc08/s08/stm8/pdk13/pdk14/pdk15/mos6502/mos65c02/f8/f8l TD- 4.5.21 #16327 (Linux)

4: Copy of the error message or incorrect output, or a clear description of the observed versus expected behavior.

The above example from the Recommended Practice part of subsection 6.5.2 "Type qualifiers" in the _Optional TS is intended to illustrate best-case analysis that might be possible if making use of the information provided by restrict.

The value of ppoi_1, a pointer to a pointer to an optional-qualified type, is constrained not to be the address of a null pointer on the fallthrough path of an if statement, therefore the implementation is recommended not to produce a diagnostic message for the lvalue *ppoi_1 in the first assignment.

The restrict-qualified type of ppoi_2 asserts that if an object is accessed using ppoi_2, and that object is modified anywhere in the program, then is it never accessed using any other pointer. That means the assignment of nullptr to the lvalue *ppoi_2 cannot modify the value of *ppoi_1 to a null pointer. The implementation is therefore recommended not to produce a diagnostic message for the lvalue **ppoi_1 in the last assignment.

Instead, SDCC currently produces the following diagnostic message.

/work/bug5.c:12: warning 355: pointer to _Optional could not be proven to be non-null at dereference

This is not a bug because it concerned Recommended Practice and 6.7.4.2 in C23 says

A translator is free to ignore any or all aliasing implications of uses of restrict."

I thought it might be useful to report it regardless, in case there is scope for improvement (if the maintainers of SDCC consider that useful).

Discussion

Log in to post a comment.

MongoDB Logo MongoDB