From: Linus Torvalds <torvalds@linux-foundation.org>
To: Luc Van Oostenryck <luc.vanoostenryck@gmail.com>
Cc: Sparse Mailing-list <linux-sparse@vger.kernel.org>
Subject: Making structs with variable-sized arrays unsized?
Date: Fri, 18 Sep 2020 12:33:56 -0700 [thread overview]
Message-ID: <CAHk-=wgJZ05ap8VQdzWDWJVWVtZiOYTc6cnNB8gNeQzEnfm-tw@mail.gmail.com> (raw)
Luc,
we've been making kernel structures use flexible arrays as a
cleanliness thing, but it turns out that it doesn't find bugs that it
_should_ find.
We have that nice "struct_size()" macro to determine the size of the
flexible structure given the number of elements, which uses "offsetof
+ n*members". But sadly standard C still allows the (nonsensical)
'sizeof()' to be used - and I merged another fix for that just today.
Ok, so that's a C standard problem, but it's something that sparse
*could* warn about.
Comments? Appended is a kind of test-case for odd situations that
sparse happily and silently generates nonsensical code for (just
tested with test-linearize).
Linus
---
struct bad {
unsigned long long a;
char b[];
};
// An option to warn about this?
static struct bad array[5];
int odd(struct bad *a);
int not_nice(struct bad p[2]);
int please_fix(struct bad *p);
void weird(struct bad *dst, const struct bad *src);
// The layout is odd
// The code does "info->align_size = 0" for unsized arrays, but it
still works?
int odd(struct bad *a)
{
return __alignof__(*a);
}
// Arrays of flexible-array structures are pretty nonsensical
// Plus we don't even optimize the constant return. Sad.
int not_nice(struct bad p[2])
{
return (void *)(p+1) - (void *)p;
}
// This should at least have an option to warn
int please_fix(struct bad *p)
{
return sizeof(*p);
}
void weird(struct bad *dst, const struct bad *src)
{
*dst = *src;
}
next reply other threads:[~2020-09-18 19:34 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-09-18 19:33 Linus Torvalds [this message]
2020-09-18 20:41 ` Making structs with variable-sized arrays unsized? Luc Van Oostenryck
2020-09-18 20:49 ` Linus Torvalds
2020-09-18 21:04 ` Luc Van Oostenryck
2020-09-30 23:28 ` Luc Van Oostenryck
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAHk-=wgJZ05ap8VQdzWDWJVWVtZiOYTc6cnNB8gNeQzEnfm-tw@mail.gmail.com' \
--to=torvalds@linux-foundation.org \
--cc=linux-sparse@vger.kernel.org \
--cc=luc.vanoostenryck@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).