Sparse complains for arrays declared with variable length
'warning: Variable length array is used'
Prior to c99 this was not allowed but lgcc (c99) doesn't have problem
with that https://gcc.gnu.org/onlinedocs/gcc/Variable-Length.html.
And also Linux kernel compilation with W=1 doesn't complain.
Since sparse is used extensively would like to ask what is the correct
usage of arrays of variable length
within Linux Kernel.
Thanks
Tomas
On Sun, Mar 05, 2017 at 11:44:33AM +0200, Tomas Winkler wrote:
> Sparse complains for arrays declared with variable length
>
> 'warning: Variable length array is used'
>
> Prior to c99 this was not allowed but lgcc (c99) doesn't have problem
> with that https://gcc.gnu.org/onlinedocs/gcc/Variable-Length.html.
> And also Linux kernel compilation with W=1 doesn't complain.
>
> Since sparse is used extensively would like to ask what is the correct
> usage of arrays of variable length
> within Linux Kernel.
That depends. For structure members the answer is simply "don't, it's
not a valid C to start with". Note that this is about actual VLA, not
struct foo {
int bar;
struct baz[];
}
- that is valid C99 and sparse is just fine with it. For local variables...
keep in mind that kernel stack is _small_, so any VLA there needs to be
done very carefully. For heap it's more or less usable, but keep in mind
that gcc support of VLA (and variably-modified types in general) has
seriously unpleasant corner cases, especially when combined with the ({...})
thing. IOW, "doesn't have problem" is overoptimistic; use with care.
Tomas Winkler <[email protected]> writes:
> Sparse complains for arrays declared with variable length
>
> 'warning: Variable length array is used'
>
> Prior to c99 this was not allowed but lgcc (c99) doesn't have problem
> with that https://gcc.gnu.org/onlinedocs/gcc/Variable-Length.html.
> And also Linux kernel compilation with W=1 doesn't complain.
>
> Since sparse is used extensively would like to ask what is the correct
> usage of arrays of variable length
> within Linux Kernel.
Variable-length arrays are a very bad idea. Don't use them, ever.
If the size has a sane upper bound, just use that value statically.
Otherwise, you have a stack overflow waiting to happen and should be
using some kind of dynamic allocation instead.
Furthermore, use of VLAs generally results in less efficient code. For
instance, it forces gcc to waste a register for the frame pointer, and
it often prevents inlining.
--
M?ns Rullg?rd
On Sun, 05 Mar 2017, M?ns Rullg?rd wrote:
> Tomas Winkler <[email protected]> writes:
> > Sparse complains for arrays declared with variable length
> >
> > 'warning: Variable length array is used'
> >
> > Prior to c99 this was not allowed but lgcc (c99) doesn't have problem
> > with that https://gcc.gnu.org/onlinedocs/gcc/Variable-Length.html.
> > And also Linux kernel compilation with W=1 doesn't complain.
> >
> > Since sparse is used extensively would like to ask what is the correct
> > usage of arrays of variable length
> > within Linux Kernel.
>
> Variable-length arrays are a very bad idea. Don't use them, ever.
> If the size has a sane upper bound, just use that value statically.
> Otherwise, you have a stack overflow waiting to happen and should be
> using some kind of dynamic allocation instead.
>
> Furthermore, use of VLAs generally results in less efficient code. For
> instance, it forces gcc to waste a register for the frame pointer, and
> it often prevents inlining.
Well, if we're going to forbid VLAs in the kernel, IMHO the kernel build
system should call gcc with -Werror=vla to get that point across early,
and flush out any offenders.
--
Henrique Holschuh
On Sun, Mar 5, 2017 at 10:12 PM, Henrique de Moraes Holschuh
<[email protected]> wrote:
> On Sun, 05 Mar 2017, Måns Rullgård wrote:
>> Tomas Winkler <[email protected]> writes:
>> > Sparse complains for arrays declared with variable length
>> >
>> > 'warning: Variable length array is used'
>> >
>> > Prior to c99 this was not allowed but lgcc (c99) doesn't have problem
>> > with that https://gcc.gnu.org/onlinedocs/gcc/Variable-Length.html.
>> > And also Linux kernel compilation with W=1 doesn't complain.
>> >
>> > Since sparse is used extensively would like to ask what is the correct
>> > usage of arrays of variable length
>> > within Linux Kernel.
>>
>> Variable-length arrays are a very bad idea. Don't use them, ever.
>> If the size has a sane upper bound, just use that value statically.
>> Otherwise, you have a stack overflow waiting to happen and should be
>> using some kind of dynamic allocation instead.
>>
>> Furthermore, use of VLAs generally results in less efficient code. For
>> instance, it forces gcc to waste a register for the frame pointer, and
>> it often prevents inlining.
>
> Well, if we're going to forbid VLAs in the kernel, IMHO the kernel build
> system should call gcc with -Werror=vla to get that point across early,
> and flush out any offenders.
First we'd have to fix all existing offenders which are a few...
--
Thanks,
//richard
Henrique de Moraes Holschuh <[email protected]> writes:
> On Sun, 05 Mar 2017, M?ns Rullg?rd wrote:
>> Tomas Winkler <[email protected]> writes:
>> > Sparse complains for arrays declared with variable length
>> >
>> > 'warning: Variable length array is used'
>> >
>> > Prior to c99 this was not allowed but lgcc (c99) doesn't have problem
>> > with that https://gcc.gnu.org/onlinedocs/gcc/Variable-Length.html.
>> > And also Linux kernel compilation with W=1 doesn't complain.
>> >
>> > Since sparse is used extensively would like to ask what is the correct
>> > usage of arrays of variable length
>> > within Linux Kernel.
>>
>> Variable-length arrays are a very bad idea. Don't use them, ever.
>> If the size has a sane upper bound, just use that value statically.
>> Otherwise, you have a stack overflow waiting to happen and should be
>> using some kind of dynamic allocation instead.
>>
>> Furthermore, use of VLAs generally results in less efficient code. For
>> instance, it forces gcc to waste a register for the frame pointer, and
>> it often prevents inlining.
>
> Well, if we're going to forbid VLAs in the kernel, IMHO the kernel build
> system should call gcc with -Werror=vla to get that point across early,
> and flush out any offenders.
If it were up to me, that's exactly what I'd do.
--
M?ns Rullg?rd
On Mon, Mar 6, 2017 at 2:31 AM, Måns Rullgård <[email protected]> wrote:
> Henrique de Moraes Holschuh <[email protected]> writes:
>
>> On Sun, 05 Mar 2017, Måns Rullgård wrote:
>>> Tomas Winkler <[email protected]> writes:
>>> > Sparse complains for arrays declared with variable length
>>> >
>>> > 'warning: Variable length array is used'
>>> >
>>> > Prior to c99 this was not allowed but lgcc (c99) doesn't have problem
>>> > with that https://gcc.gnu.org/onlinedocs/gcc/Variable-Length.html.
>>> > And also Linux kernel compilation with W=1 doesn't complain.
>>> >
>>> > Since sparse is used extensively would like to ask what is the correct
>>> > usage of arrays of variable length
>>> > within Linux Kernel.
>>>
>>> Variable-length arrays are a very bad idea. Don't use them, ever.
>>> If the size has a sane upper bound, just use that value statically.
>>> Otherwise, you have a stack overflow waiting to happen and should be
>>> using some kind of dynamic allocation instead.
>>>
>>> Furthermore, use of VLAs generally results in less efficient code. For
>>> instance, it forces gcc to waste a register for the frame pointer, and
>>> it often prevents inlining.
>>
>> Well, if we're going to forbid VLAs in the kernel, IMHO the kernel build
>> system should call gcc with -Werror=vla to get that point across early,
>> and flush out any offenders.
>
> If it were up to me, that's exactly what I'd do.
>
Some parts of the kernel depends on VLA such as ___ON_STACK macros in
include/crypto/hash.h
It's actually pretty neat implementation, maybe it's too harsh to
disable VLA completely.
Tomas
Tomas Winkler <[email protected]> writes:
> On Mon, Mar 6, 2017 at 2:31 AM, M?ns Rullg?rd <[email protected]> wrote:
>> Henrique de Moraes Holschuh <[email protected]> writes:
>>
>>> On Sun, 05 Mar 2017, M?ns Rullg?rd wrote:
>>>> Tomas Winkler <[email protected]> writes:
>>>> > Sparse complains for arrays declared with variable length
>>>> >
>>>> > 'warning: Variable length array is used'
>>>> >
>>>> > Prior to c99 this was not allowed but lgcc (c99) doesn't have problem
>>>> > with that https://gcc.gnu.org/onlinedocs/gcc/Variable-Length.html.
>>>> > And also Linux kernel compilation with W=1 doesn't complain.
>>>> >
>>>> > Since sparse is used extensively would like to ask what is the correct
>>>> > usage of arrays of variable length
>>>> > within Linux Kernel.
>>>>
>>>> Variable-length arrays are a very bad idea. Don't use them, ever.
>>>> If the size has a sane upper bound, just use that value statically.
>>>> Otherwise, you have a stack overflow waiting to happen and should be
>>>> using some kind of dynamic allocation instead.
>>>>
>>>> Furthermore, use of VLAs generally results in less efficient code. For
>>>> instance, it forces gcc to waste a register for the frame pointer, and
>>>> it often prevents inlining.
>>>
>>> Well, if we're going to forbid VLAs in the kernel, IMHO the kernel build
>>> system should call gcc with -Werror=vla to get that point across early,
>>> and flush out any offenders.
>>
>> If it were up to me, that's exactly what I'd do.
>
>>
> Some parts of the kernel depends on VLA such as ___ON_STACK macros in
> include/crypto/hash.h
> It's actually pretty neat implementation, maybe it's too harsh to
> disable VLA completely.
And what happens if the requested size is insane?
--
M?ns Rullg?rd
On Thu, Mar 9, 2017 at 3:02 PM, Måns Rullgård <[email protected]> wrote:
> Tomas Winkler <[email protected]> writes:
>
>> On Mon, Mar 6, 2017 at 2:31 AM, Måns Rullgård <[email protected]> wrote:
>>> Henrique de Moraes Holschuh <[email protected]> writes:
>>>
>>>> On Sun, 05 Mar 2017, Måns Rullgård wrote:
>>>>> Tomas Winkler <[email protected]> writes:
>>>>> > Sparse complains for arrays declared with variable length
>>>>> >
>>>>> > 'warning: Variable length array is used'
>>>>> >
>>>>> > Prior to c99 this was not allowed but lgcc (c99) doesn't have problem
>>>>> > with that https://gcc.gnu.org/onlinedocs/gcc/Variable-Length.html.
>>>>> > And also Linux kernel compilation with W=1 doesn't complain.
>>>>> >
>>>>> > Since sparse is used extensively would like to ask what is the correct
>>>>> > usage of arrays of variable length
>>>>> > within Linux Kernel.
>>>>>
>>>>> Variable-length arrays are a very bad idea. Don't use them, ever.
>>>>> If the size has a sane upper bound, just use that value statically.
>>>>> Otherwise, you have a stack overflow waiting to happen and should be
>>>>> using some kind of dynamic allocation instead.
>>>>>
>>>>> Furthermore, use of VLAs generally results in less efficient code. For
>>>>> instance, it forces gcc to waste a register for the frame pointer, and
>>>>> it often prevents inlining.
>>>>
>>>> Well, if we're going to forbid VLAs in the kernel, IMHO the kernel build
>>>> system should call gcc with -Werror=vla to get that point across early,
>>>> and flush out any offenders.
>>>
>>> If it were up to me, that's exactly what I'd do.
>>
>>>
>> Some parts of the kernel depends on VLA such as ___ON_STACK macros in
>> include/crypto/hash.h
>> It's actually pretty neat implementation, maybe it's too harsh to
>> disable VLA completely.
>
> And what happens if the requested size is insane?
One option is to add '-Wvla-larger-than=n' other option is to selectively
shut down the warning on ON_STACK macros using #pragma
warning(disable:) though this looks rather ugly.
Just a thought
Tomas
Tomas Winkler <[email protected]> writes:
> On Thu, Mar 9, 2017 at 3:02 PM, M?ns Rullg?rd <[email protected]> wrote:
>> Tomas Winkler <[email protected]> writes:
>>
>>> On Mon, Mar 6, 2017 at 2:31 AM, M?ns Rullg?rd <[email protected]> wrote:
>>>> Henrique de Moraes Holschuh <[email protected]> writes:
>>>>
>>>>> On Sun, 05 Mar 2017, M?ns Rullg?rd wrote:
>>>>>> Tomas Winkler <[email protected]> writes:
>>>>>> > Sparse complains for arrays declared with variable length
>>>>>> >
>>>>>> > 'warning: Variable length array is used'
>>>>>> >
>>>>>> > Prior to c99 this was not allowed but lgcc (c99) doesn't have problem
>>>>>> > with that https://gcc.gnu.org/onlinedocs/gcc/Variable-Length.html.
>>>>>> > And also Linux kernel compilation with W=1 doesn't complain.
>>>>>> >
>>>>>> > Since sparse is used extensively would like to ask what is the correct
>>>>>> > usage of arrays of variable length
>>>>>> > within Linux Kernel.
>>>>>>
>>>>>> Variable-length arrays are a very bad idea. Don't use them, ever.
>>>>>> If the size has a sane upper bound, just use that value statically.
>>>>>> Otherwise, you have a stack overflow waiting to happen and should be
>>>>>> using some kind of dynamic allocation instead.
>>>>>>
>>>>>> Furthermore, use of VLAs generally results in less efficient code. For
>>>>>> instance, it forces gcc to waste a register for the frame pointer, and
>>>>>> it often prevents inlining.
>>>>>
>>>>> Well, if we're going to forbid VLAs in the kernel, IMHO the kernel build
>>>>> system should call gcc with -Werror=vla to get that point across early,
>>>>> and flush out any offenders.
>>>>
>>>> If it were up to me, that's exactly what I'd do.
>>>
>>>>
>>> Some parts of the kernel depends on VLA such as ___ON_STACK macros in
>>> include/crypto/hash.h
>>> It's actually pretty neat implementation, maybe it's too harsh to
>>> disable VLA completely.
>>
>> And what happens if the requested size is insane?
>
> One option is to add '-Wvla-larger-than=n'
If you know the upper bound, why use VLAs in the first place?
--
M?ns Rullg?rd
On Thu, Mar 9, 2017 at 4:16 PM, Måns Rullgård <[email protected]> wrote:
> Tomas Winkler <[email protected]> writes:
>
>> On Thu, Mar 9, 2017 at 3:02 PM, Måns Rullgård <[email protected]> wrote:
>>> Tomas Winkler <[email protected]> writes:
>>>
>>>> On Mon, Mar 6, 2017 at 2:31 AM, Måns Rullgård <[email protected]> wrote:
>>>>> Henrique de Moraes Holschuh <[email protected]> writes:
>>>>>
>>>>>> On Sun, 05 Mar 2017, Måns Rullgård wrote:
>>>>>>> Tomas Winkler <[email protected]> writes:
>>>>>>> > Sparse complains for arrays declared with variable length
>>>>>>> >
>>>>>>> > 'warning: Variable length array is used'
>>>>>>> >
>>>>>>> > Prior to c99 this was not allowed but lgcc (c99) doesn't have problem
>>>>>>> > with that https://gcc.gnu.org/onlinedocs/gcc/Variable-Length.html.
>>>>>>> > And also Linux kernel compilation with W=1 doesn't complain.
>>>>>>> >
>>>>>>> > Since sparse is used extensively would like to ask what is the correct
>>>>>>> > usage of arrays of variable length
>>>>>>> > within Linux Kernel.
>>>>>>>
>>>>>>> Variable-length arrays are a very bad idea. Don't use them, ever.
>>>>>>> If the size has a sane upper bound, just use that value statically.
>>>>>>> Otherwise, you have a stack overflow waiting to happen and should be
>>>>>>> using some kind of dynamic allocation instead.
>>>>>>>
>>>>>>> Furthermore, use of VLAs generally results in less efficient code. For
>>>>>>> instance, it forces gcc to waste a register for the frame pointer, and
>>>>>>> it often prevents inlining.
>>>>>>
>>>>>> Well, if we're going to forbid VLAs in the kernel, IMHO the kernel build
>>>>>> system should call gcc with -Werror=vla to get that point across early,
>>>>>> and flush out any offenders.
>>>>>
>>>>> If it were up to me, that's exactly what I'd do.
>>>>
>>>>>
>>>> Some parts of the kernel depends on VLA such as ___ON_STACK macros in
>>>> include/crypto/hash.h
>>>> It's actually pretty neat implementation, maybe it's too harsh to
>>>> disable VLA completely.
>>>
>>> And what happens if the requested size is insane?
>>
>> One option is to add '-Wvla-larger-than=n'
>
> If you know the upper bound, why use VLAs in the first place?
This is a water mark and not actual usage, but maybe I didn't
understand your comment.
Tomas
On Thu, Mar 9, 2017 at 4:26 PM, Måns Rullgård <[email protected]> wrote:
> Tomas Winkler <[email protected]> writes:
>
>> On Thu, Mar 9, 2017 at 4:16 PM, Måns Rullgård <[email protected]> wrote:
>>> Tomas Winkler <[email protected]> writes:
>>>
>>>> On Thu, Mar 9, 2017 at 3:02 PM, Måns Rullgård <[email protected]> wrote:
>>>>> Tomas Winkler <[email protected]> writes:
>>>>>
>>>>>> On Mon, Mar 6, 2017 at 2:31 AM, Måns Rullgård <[email protected]> wrote:
>>>>>>> Henrique de Moraes Holschuh <[email protected]> writes:
>>>>>>>
>>>>>>>> On Sun, 05 Mar 2017, Måns Rullgård wrote:
>>>>>>>>> Tomas Winkler <[email protected]> writes:
>>>>>>>>> > Sparse complains for arrays declared with variable length
>>>>>>>>> >
>>>>>>>>> > 'warning: Variable length array is used'
>>>>>>>>> >
>>>>>>>>> > Prior to c99 this was not allowed but lgcc (c99) doesn't have problem
>>>>>>>>> > with that https://gcc.gnu.org/onlinedocs/gcc/Variable-Length.html.
>>>>>>>>> > And also Linux kernel compilation with W=1 doesn't complain.
>>>>>>>>> >
>>>>>>>>> > Since sparse is used extensively would like to ask what is the correct
>>>>>>>>> > usage of arrays of variable length
>>>>>>>>> > within Linux Kernel.
>>>>>>>>>
>>>>>>>>> Variable-length arrays are a very bad idea. Don't use them, ever.
>>>>>>>>> If the size has a sane upper bound, just use that value statically.
>>>>>>>>> Otherwise, you have a stack overflow waiting to happen and should be
>>>>>>>>> using some kind of dynamic allocation instead.
>>>>>>>>>
>>>>>>>>> Furthermore, use of VLAs generally results in less efficient code. For
>>>>>>>>> instance, it forces gcc to waste a register for the frame pointer, and
>>>>>>>>> it often prevents inlining.
>>>>>>>>
>>>>>>>> Well, if we're going to forbid VLAs in the kernel, IMHO the kernel build
>>>>>>>> system should call gcc with -Werror=vla to get that point across early,
>>>>>>>> and flush out any offenders.
>>>>>>>
>>>>>>> If it were up to me, that's exactly what I'd do.
>>>>>>
>>>>>>>
>>>>>> Some parts of the kernel depends on VLA such as ___ON_STACK macros in
>>>>>> include/crypto/hash.h
>>>>>> It's actually pretty neat implementation, maybe it's too harsh to
>>>>>> disable VLA completely.
>>>>>
>>>>> And what happens if the requested size is insane?
>>>>
>>>> One option is to add '-Wvla-larger-than=n'
>>>
>>> If you know the upper bound, why use VLAs in the first place?
>>
>> This is a water mark and not actual usage, but maybe I didn't
>> understand your comment.
>
> If there is an upper bound known at compile time, why not simply use
> that size statically? If there is no upper bound, well, then you have a
> problem.
If the compiler can do the job, why not to use this flexibility ?
Tomas
Tomas Winkler <[email protected]> writes:
> On Thu, Mar 9, 2017 at 4:16 PM, M?ns Rullg?rd <[email protected]> wrote:
>> Tomas Winkler <[email protected]> writes:
>>
>>> On Thu, Mar 9, 2017 at 3:02 PM, M?ns Rullg?rd <[email protected]> wrote:
>>>> Tomas Winkler <[email protected]> writes:
>>>>
>>>>> On Mon, Mar 6, 2017 at 2:31 AM, M?ns Rullg?rd <[email protected]> wrote:
>>>>>> Henrique de Moraes Holschuh <[email protected]> writes:
>>>>>>
>>>>>>> On Sun, 05 Mar 2017, M?ns Rullg?rd wrote:
>>>>>>>> Tomas Winkler <[email protected]> writes:
>>>>>>>> > Sparse complains for arrays declared with variable length
>>>>>>>> >
>>>>>>>> > 'warning: Variable length array is used'
>>>>>>>> >
>>>>>>>> > Prior to c99 this was not allowed but lgcc (c99) doesn't have problem
>>>>>>>> > with that https://gcc.gnu.org/onlinedocs/gcc/Variable-Length.html.
>>>>>>>> > And also Linux kernel compilation with W=1 doesn't complain.
>>>>>>>> >
>>>>>>>> > Since sparse is used extensively would like to ask what is the correct
>>>>>>>> > usage of arrays of variable length
>>>>>>>> > within Linux Kernel.
>>>>>>>>
>>>>>>>> Variable-length arrays are a very bad idea. Don't use them, ever.
>>>>>>>> If the size has a sane upper bound, just use that value statically.
>>>>>>>> Otherwise, you have a stack overflow waiting to happen and should be
>>>>>>>> using some kind of dynamic allocation instead.
>>>>>>>>
>>>>>>>> Furthermore, use of VLAs generally results in less efficient code. For
>>>>>>>> instance, it forces gcc to waste a register for the frame pointer, and
>>>>>>>> it often prevents inlining.
>>>>>>>
>>>>>>> Well, if we're going to forbid VLAs in the kernel, IMHO the kernel build
>>>>>>> system should call gcc with -Werror=vla to get that point across early,
>>>>>>> and flush out any offenders.
>>>>>>
>>>>>> If it were up to me, that's exactly what I'd do.
>>>>>
>>>>>>
>>>>> Some parts of the kernel depends on VLA such as ___ON_STACK macros in
>>>>> include/crypto/hash.h
>>>>> It's actually pretty neat implementation, maybe it's too harsh to
>>>>> disable VLA completely.
>>>>
>>>> And what happens if the requested size is insane?
>>>
>>> One option is to add '-Wvla-larger-than=n'
>>
>> If you know the upper bound, why use VLAs in the first place?
>
> This is a water mark and not actual usage, but maybe I didn't
> understand your comment.
If there is an upper bound known at compile time, why not simply use
that size statically? If there is no upper bound, well, then you have a
problem.
--
M?ns Rullg?rd
Tomas Winkler <[email protected]> writes:
> On Thu, Mar 9, 2017 at 4:26 PM, M?ns Rullg?rd <[email protected]> wrote:
>> Tomas Winkler <[email protected]> writes:
>>
>>> On Thu, Mar 9, 2017 at 4:16 PM, M?ns Rullg?rd <[email protected]> wrote:
>>>> Tomas Winkler <[email protected]> writes:
>>>>
>>>>> On Thu, Mar 9, 2017 at 3:02 PM, M?ns Rullg?rd <[email protected]> wrote:
>>>>>> Tomas Winkler <[email protected]> writes:
>>>>>>
>>>>>>> On Mon, Mar 6, 2017 at 2:31 AM, M?ns Rullg?rd <[email protected]> wrote:
>>>>>>>> Henrique de Moraes Holschuh <[email protected]> writes:
>>>>>>>>
>>>>>>>>> On Sun, 05 Mar 2017, M?ns Rullg?rd wrote:
>>>>>>>>>> Tomas Winkler <[email protected]> writes:
>>>>>>>>>> > Sparse complains for arrays declared with variable length
>>>>>>>>>> >
>>>>>>>>>> > 'warning: Variable length array is used'
>>>>>>>>>> >
>>>>>>>>>> > Prior to c99 this was not allowed but lgcc (c99) doesn't have problem
>>>>>>>>>> > with that https://gcc.gnu.org/onlinedocs/gcc/Variable-Length.html.
>>>>>>>>>> > And also Linux kernel compilation with W=1 doesn't complain.
>>>>>>>>>> >
>>>>>>>>>> > Since sparse is used extensively would like to ask what is the correct
>>>>>>>>>> > usage of arrays of variable length
>>>>>>>>>> > within Linux Kernel.
>>>>>>>>>>
>>>>>>>>>> Variable-length arrays are a very bad idea. Don't use them, ever.
>>>>>>>>>> If the size has a sane upper bound, just use that value statically.
>>>>>>>>>> Otherwise, you have a stack overflow waiting to happen and should be
>>>>>>>>>> using some kind of dynamic allocation instead.
>>>>>>>>>>
>>>>>>>>>> Furthermore, use of VLAs generally results in less efficient code. For
>>>>>>>>>> instance, it forces gcc to waste a register for the frame pointer, and
>>>>>>>>>> it often prevents inlining.
>>>>>>>>>
>>>>>>>>> Well, if we're going to forbid VLAs in the kernel, IMHO the kernel build
>>>>>>>>> system should call gcc with -Werror=vla to get that point across early,
>>>>>>>>> and flush out any offenders.
>>>>>>>>
>>>>>>>> If it were up to me, that's exactly what I'd do.
>>>>>>>
>>>>>>>>
>>>>>>> Some parts of the kernel depends on VLA such as ___ON_STACK macros in
>>>>>>> include/crypto/hash.h
>>>>>>> It's actually pretty neat implementation, maybe it's too harsh to
>>>>>>> disable VLA completely.
>>>>>>
>>>>>> And what happens if the requested size is insane?
>>>>>
>>>>> One option is to add '-Wvla-larger-than=n'
>>>>
>>>> If you know the upper bound, why use VLAs in the first place?
>>>
>>> This is a water mark and not actual usage, but maybe I didn't
>>> understand your comment.
>>
>> If there is an upper bound known at compile time, why not simply use
>> that size statically? If there is no upper bound, well, then you have a
>> problem.
>
> If the compiler can do the job, why not to use this flexibility ?
Because, as I already said, there are security implications if the size
is unbounded, and even with safely bounded size, using VLAs interferes
with compiler optimisations. Ensuring VLAs are used safely is usually
more work than simply avoiding them in the first place.
--
M?ns Rullg?rd