c2rust icon indicating copy to clipboard operation
c2rust copied to clipboard
verified publisher icon immunant

Feature suggestion: Clang nullability attributes and qualifiers

Open Dante-Broggi opened this issue 4 years ago • 0 comments

Clang provides _Nonnull, _Nullable and _Null_unspecified qualifiers and __attribute__((nonnull)) to enable C code to specify the nullability of pointers. c2rust ought to preserve such specification in the translated code.

The use of these qualifiers in C source is documented here: https://clang.llvm.org/docs/AttributeReference.html#id473

As a minimal example this function:

int fetch(int * _Nonnull ptr) { return *ptr; }

Currently translates on the website (https://c2rust.com) as:

#[no_mangle]
pub unsafe extern "C" fn fetch(mut ptr: *mut libc::c_int) -> libc::c_int {
    return *ptr;
}

But it could translate as:

#[no_mangle]
pub unsafe extern "C" fn fetch(mut ptr: core::ptr::NonNull<libc::c_int>) -> libc::c_int {
    return *ptr.as_ptr();
}

This translation would preserve the assumption of ptr not being null, which in more complex cases could be harder to re-derive later.

Dante-Broggi avatar Jul 23 '21 18:07 Dante-Broggi