Arrays of variable length

Arrays of variable length

[Tomas Winkler]

Sparse complains for arrays declared with variable length

'warning: Variable length array is used'

Prior to c99 this was not allowed but lgcc (c99) doesn't have problem
with that  https://gcc.gnu.org/onlinedocs/gcc/Variable-Length.html.
And also Linux kernel compilation with W=1 doesn't complain.

Since sparse is used extensively would like to ask what is the correct
usage of arrays of variable length
within Linux Kernel.


Thanks
Tomas

Re: Arrays of variable length

[Al Viro]

On Sun, Mar 05, 2017 at 11:44:33AM +0200, Tomas Winkler wrote:
> Sparse complains for arrays declared with variable length
> 
> 'warning: Variable length array is used'
> 
> Prior to c99 this was not allowed but lgcc (c99) doesn't have problem
> with that  https://gcc.gnu.org/onlinedocs/gcc/Variable-Length.html.
> And also Linux kernel compilation with W=1 doesn't complain.
> 
> Since sparse is used extensively would like to ask what is the correct
> usage of arrays of variable length
> within Linux Kernel.

That depends.  For structure members the answer is simply "don't, it's
not a valid C to start with".  Note that this is about actual VLA, not
struct foo {
	int bar;
	struct baz[];
}
- that is valid C99 and sparse is just fine with it.  For local variables...
keep in mind that kernel stack is _small_, so any VLA there needs to be
done very carefully.  For heap it's more or less usable, but keep in mind
that gcc support of VLA (and variably-modified types in general) has
seriously unpleasant corner cases, especially when combined with the ({...}) 
thing.  IOW, "doesn't have problem" is overoptimistic; use with care.

Re: Arrays of variable length

[Måns Rullgård]

Tomas Winkler <tomasw@gmail.com> writes:

> Sparse complains for arrays declared with variable length
>
> 'warning: Variable length array is used'
>
> Prior to c99 this was not allowed but lgcc (c99) doesn't have problem
> with that  https://gcc.gnu.org/onlinedocs/gcc/Variable-Length.html.
> And also Linux kernel compilation with W=1 doesn't complain.
>
> Since sparse is used extensively would like to ask what is the correct
> usage of arrays of variable length
> within Linux Kernel.

Variable-length arrays are a very bad idea.  Don't use them, ever.
If the size has a sane upper bound, just use that value statically.
Otherwise, you have a stack overflow waiting to happen and should be
using some kind of dynamic allocation instead.

Furthermore, use of VLAs generally results in less efficient code.  For
instance, it forces gcc to waste a register for the frame pointer, and
it often prevents inlining.

-- 
Måns Rullgård

Re: Arrays of variable length

[Henrique de Moraes Holschuh]

On Sun, 05 Mar 2017, Måns Rullgård wrote:
> Tomas Winkler <tomasw@gmail.com> writes:
> > Sparse complains for arrays declared with variable length
> >
> > 'warning: Variable length array is used'
> >
> > Prior to c99 this was not allowed but lgcc (c99) doesn't have problem
> > with that  https://gcc.gnu.org/onlinedocs/gcc/Variable-Length.html.
> > And also Linux kernel compilation with W=1 doesn't complain.
> >
> > Since sparse is used extensively would like to ask what is the correct
> > usage of arrays of variable length
> > within Linux Kernel.
> 
> Variable-length arrays are a very bad idea.  Don't use them, ever.
> If the size has a sane upper bound, just use that value statically.
> Otherwise, you have a stack overflow waiting to happen and should be
> using some kind of dynamic allocation instead.
> 
> Furthermore, use of VLAs generally results in less efficient code.  For
> instance, it forces gcc to waste a register for the frame pointer, and
> it often prevents inlining.

Well, if we're going to forbid VLAs in the kernel, IMHO the kernel build
system should call gcc with -Werror=vla to get that point across early,
and flush out any offenders.

-- 
  Henrique Holschuh

Re: Arrays of variable length

[Richard Weinberger]

On Sun, Mar 5, 2017 at 10:12 PM, Henrique de Moraes Holschuh
<hmh@hmh.eng.br> wrote:
> On Sun, 05 Mar 2017, Måns Rullgård wrote:
>> Tomas Winkler <tomasw@gmail.com> writes:
>> > Sparse complains for arrays declared with variable length
>> >
>> > 'warning: Variable length array is used'
>> >
>> > Prior to c99 this was not allowed but lgcc (c99) doesn't have problem
>> > with that  https://gcc.gnu.org/onlinedocs/gcc/Variable-Length.html.
>> > And also Linux kernel compilation with W=1 doesn't complain.
>> >
>> > Since sparse is used extensively would like to ask what is the correct
>> > usage of arrays of variable length
>> > within Linux Kernel.
>>
>> Variable-length arrays are a very bad idea.  Don't use them, ever.
>> If the size has a sane upper bound, just use that value statically.
>> Otherwise, you have a stack overflow waiting to happen and should be
>> using some kind of dynamic allocation instead.
>>
>> Furthermore, use of VLAs generally results in less efficient code.  For
>> instance, it forces gcc to waste a register for the frame pointer, and
>> it often prevents inlining.
>
> Well, if we're going to forbid VLAs in the kernel, IMHO the kernel build
> system should call gcc with -Werror=vla to get that point across early,
> and flush out any offenders.

First we'd have to fix all existing offenders which are a few...

-- 
Thanks,
//richard

Re: Arrays of variable length

[Måns Rullgård]

Henrique de Moraes Holschuh <hmh@hmh.eng.br> writes:

> On Sun, 05 Mar 2017, Måns Rullgård wrote:
>> Tomas Winkler <tomasw@gmail.com> writes:
>> > Sparse complains for arrays declared with variable length
>> >
>> > 'warning: Variable length array is used'
>> >
>> > Prior to c99 this was not allowed but lgcc (c99) doesn't have problem
>> > with that  https://gcc.gnu.org/onlinedocs/gcc/Variable-Length.html.
>> > And also Linux kernel compilation with W=1 doesn't complain.
>> >
>> > Since sparse is used extensively would like to ask what is the correct
>> > usage of arrays of variable length
>> > within Linux Kernel.
>> 
>> Variable-length arrays are a very bad idea.  Don't use them, ever.
>> If the size has a sane upper bound, just use that value statically.
>> Otherwise, you have a stack overflow waiting to happen and should be
>> using some kind of dynamic allocation instead.
>> 
>> Furthermore, use of VLAs generally results in less efficient code.  For
>> instance, it forces gcc to waste a register for the frame pointer, and
>> it often prevents inlining.
>
> Well, if we're going to forbid VLAs in the kernel, IMHO the kernel build
> system should call gcc with -Werror=vla to get that point across early,
> and flush out any offenders.

If it were up to me, that's exactly what I'd do.

-- 
Måns Rullgård

Re: Arrays of variable length

[Tomas Winkler]

On Mon, Mar 6, 2017 at 2:31 AM, Måns Rullgård <mans@mansr.com> wrote:
> Henrique de Moraes Holschuh <hmh@hmh.eng.br> writes:
>
>> On Sun, 05 Mar 2017, Måns Rullgård wrote:
>>> Tomas Winkler <tomasw@gmail.com> writes:
>>> > Sparse complains for arrays declared with variable length
>>> >
>>> > 'warning: Variable length array is used'
>>> >
>>> > Prior to c99 this was not allowed but lgcc (c99) doesn't have problem
>>> > with that  https://gcc.gnu.org/onlinedocs/gcc/Variable-Length.html.
>>> > And also Linux kernel compilation with W=1 doesn't complain.
>>> >
>>> > Since sparse is used extensively would like to ask what is the correct
>>> > usage of arrays of variable length
>>> > within Linux Kernel.
>>>
>>> Variable-length arrays are a very bad idea.  Don't use them, ever.
>>> If the size has a sane upper bound, just use that value statically.
>>> Otherwise, you have a stack overflow waiting to happen and should be
>>> using some kind of dynamic allocation instead.
>>>
>>> Furthermore, use of VLAs generally results in less efficient code.  For
>>> instance, it forces gcc to waste a register for the frame pointer, and
>>> it often prevents inlining.
>>
>> Well, if we're going to forbid VLAs in the kernel, IMHO the kernel build
>> system should call gcc with -Werror=vla to get that point across early,
>> and flush out any offenders.
>
> If it were up to me, that's exactly what I'd do.

>
Some parts of the kernel depends on VLA such as ___ON_STACK macros in
include/crypto/hash.h
It's actually pretty neat implementation, maybe it's too harsh to
disable  VLA completely.

Tomas

Re: Arrays of variable length

[Måns Rullgård]

Tomas Winkler <tomasw@gmail.com> writes:

> On Mon, Mar 6, 2017 at 2:31 AM, Måns Rullgård <mans@mansr.com> wrote:
>> Henrique de Moraes Holschuh <hmh@hmh.eng.br> writes:
>>
>>> On Sun, 05 Mar 2017, Måns Rullgård wrote:
>>>> Tomas Winkler <tomasw@gmail.com> writes:
>>>> > Sparse complains for arrays declared with variable length
>>>> >
>>>> > 'warning: Variable length array is used'
>>>> >
>>>> > Prior to c99 this was not allowed but lgcc (c99) doesn't have problem
>>>> > with that  https://gcc.gnu.org/onlinedocs/gcc/Variable-Length.html.
>>>> > And also Linux kernel compilation with W=1 doesn't complain.
>>>> >
>>>> > Since sparse is used extensively would like to ask what is the correct
>>>> > usage of arrays of variable length
>>>> > within Linux Kernel.
>>>>
>>>> Variable-length arrays are a very bad idea.  Don't use them, ever.
>>>> If the size has a sane upper bound, just use that value statically.
>>>> Otherwise, you have a stack overflow waiting to happen and should be
>>>> using some kind of dynamic allocation instead.
>>>>
>>>> Furthermore, use of VLAs generally results in less efficient code.  For
>>>> instance, it forces gcc to waste a register for the frame pointer, and
>>>> it often prevents inlining.
>>>
>>> Well, if we're going to forbid VLAs in the kernel, IMHO the kernel build
>>> system should call gcc with -Werror=vla to get that point across early,
>>> and flush out any offenders.
>>
>> If it were up to me, that's exactly what I'd do.
>
>>
> Some parts of the kernel depends on VLA such as ___ON_STACK macros in
> include/crypto/hash.h
> It's actually pretty neat implementation, maybe it's too harsh to
> disable  VLA completely.

And what happens if the requested size is insane?

-- 
Måns Rullgård

Re: Arrays of variable length

[Måns Rullgård]

Tomas Winkler <tomasw@gmail.com> writes:

> On Mon, Mar 6, 2017 at 2:31 AM, Måns Rullgård <mans@mansr.com> wrote:
>> Henrique de Moraes Holschuh <hmh@hmh.eng.br> writes:
>>
>>> On Sun, 05 Mar 2017, Måns Rullgård wrote:
>>>> Tomas Winkler <tomasw@gmail.com> writes:
>>>> > Sparse complains for arrays declared with variable length
>>>> >
>>>> > 'warning: Variable length array is used'
>>>> >
>>>> > Prior to c99 this was not allowed but lgcc (c99) doesn't have problem
>>>> > with that  https://gcc.gnu.org/onlinedocs/gcc/Variable-Length.html.
>>>> > And also Linux kernel compilation with W=1 doesn't complain.
>>>> >
>>>> > Since sparse is used extensively would like to ask what is the correct
>>>> > usage of arrays of variable length
>>>> > within Linux Kernel.
>>>>
>>>> Variable-length arrays are a very bad idea.  Don't use them, ever.
>>>> If the size has a sane upper bound, just use that value statically.
>>>> Otherwise, you have a stack overflow waiting to happen and should be
>>>> using some kind of dynamic allocation instead.
>>>>
>>>> Furthermore, use of VLAs generally results in less efficient code.  For
>>>> instance, it forces gcc to waste a register for the frame pointer, and
>>>> it often prevents inlining.
>>>
>>> Well, if we're going to forbid VLAs in the kernel, IMHO the kernel build
>>> system should call gcc with -Werror=vla to get that point across early,
>>> and flush out any offenders.
>>
>> If it were up to me, that's exactly what I'd do.
>
>>
> Some parts of the kernel depends on VLA such as ___ON_STACK macros in
> include/crypto/hash.h
> It's actually pretty neat implementation, maybe it's too harsh to
> disable  VLA completely.

And what happens if the requested size is insane?

-- 
Måns Rullgård

Re: Arrays of variable length

[Tomas Winkler]

On Thu, Mar 9, 2017 at 3:02 PM, Måns Rullgård <mans@mansr.com> wrote:
> Tomas Winkler <tomasw@gmail.com> writes:
>
>> On Mon, Mar 6, 2017 at 2:31 AM, Måns Rullgård <mans@mansr.com> wrote:
>>> Henrique de Moraes Holschuh <hmh@hmh.eng.br> writes:
>>>
>>>> On Sun, 05 Mar 2017, Måns Rullgård wrote:
>>>>> Tomas Winkler <tomasw@gmail.com> writes:
>>>>> > Sparse complains for arrays declared with variable length
>>>>> >
>>>>> > 'warning: Variable length array is used'
>>>>> >
>>>>> > Prior to c99 this was not allowed but lgcc (c99) doesn't have problem
>>>>> > with that  https://gcc.gnu.org/onlinedocs/gcc/Variable-Length.html.
>>>>> > And also Linux kernel compilation with W=1 doesn't complain.
>>>>> >
>>>>> > Since sparse is used extensively would like to ask what is the correct
>>>>> > usage of arrays of variable length
>>>>> > within Linux Kernel.
>>>>>
>>>>> Variable-length arrays are a very bad idea.  Don't use them, ever.
>>>>> If the size has a sane upper bound, just use that value statically.
>>>>> Otherwise, you have a stack overflow waiting to happen and should be
>>>>> using some kind of dynamic allocation instead.
>>>>>
>>>>> Furthermore, use of VLAs generally results in less efficient code.  For
>>>>> instance, it forces gcc to waste a register for the frame pointer, and
>>>>> it often prevents inlining.
>>>>
>>>> Well, if we're going to forbid VLAs in the kernel, IMHO the kernel build
>>>> system should call gcc with -Werror=vla to get that point across early,
>>>> and flush out any offenders.
>>>
>>> If it were up to me, that's exactly what I'd do.
>>
>>>
>> Some parts of the kernel depends on VLA such as ___ON_STACK macros in
>> include/crypto/hash.h
>> It's actually pretty neat implementation, maybe it's too harsh to
>> disable  VLA completely.
>
> And what happens if the requested size is insane?

One option is to add '-Wvla-larger-than=n' other option is to selectively
shut down the warning on ON_STACK macros using #pragma
warning(disable:) though this looks rather ugly.
Just a thought

Tomas

Re: Arrays of variable length

[Måns Rullgård]

Tomas Winkler <tomasw@gmail.com> writes:

> On Thu, Mar 9, 2017 at 3:02 PM, Måns Rullgård <mans@mansr.com> wrote:
>> Tomas Winkler <tomasw@gmail.com> writes:
>>
>>> On Mon, Mar 6, 2017 at 2:31 AM, Måns Rullgård <mans@mansr.com> wrote:
>>>> Henrique de Moraes Holschuh <hmh@hmh.eng.br> writes:
>>>>
>>>>> On Sun, 05 Mar 2017, Måns Rullgård wrote:
>>>>>> Tomas Winkler <tomasw@gmail.com> writes:
>>>>>> > Sparse complains for arrays declared with variable length
>>>>>> >
>>>>>> > 'warning: Variable length array is used'
>>>>>> >
>>>>>> > Prior to c99 this was not allowed but lgcc (c99) doesn't have problem
>>>>>> > with that  https://gcc.gnu.org/onlinedocs/gcc/Variable-Length.html.
>>>>>> > And also Linux kernel compilation with W=1 doesn't complain.
>>>>>> >
>>>>>> > Since sparse is used extensively would like to ask what is the correct
>>>>>> > usage of arrays of variable length
>>>>>> > within Linux Kernel.
>>>>>>
>>>>>> Variable-length arrays are a very bad idea.  Don't use them, ever.
>>>>>> If the size has a sane upper bound, just use that value statically.
>>>>>> Otherwise, you have a stack overflow waiting to happen and should be
>>>>>> using some kind of dynamic allocation instead.
>>>>>>
>>>>>> Furthermore, use of VLAs generally results in less efficient code.  For
>>>>>> instance, it forces gcc to waste a register for the frame pointer, and
>>>>>> it often prevents inlining.
>>>>>
>>>>> Well, if we're going to forbid VLAs in the kernel, IMHO the kernel build
>>>>> system should call gcc with -Werror=vla to get that point across early,
>>>>> and flush out any offenders.
>>>>
>>>> If it were up to me, that's exactly what I'd do.
>>>
>>>>
>>> Some parts of the kernel depends on VLA such as ___ON_STACK macros in
>>> include/crypto/hash.h
>>> It's actually pretty neat implementation, maybe it's too harsh to
>>> disable  VLA completely.
>>
>> And what happens if the requested size is insane?
>
> One option is to add '-Wvla-larger-than=n'

If you know the upper bound, why use VLAs in the first place?

-- 
Måns Rullgård

Re: Arrays of variable length

[Måns Rullgård]

Tomas Winkler <tomasw@gmail.com> writes:

> On Thu, Mar 9, 2017 at 3:02 PM, Måns Rullgård <mans@mansr.com> wrote:
>> Tomas Winkler <tomasw@gmail.com> writes:
>>
>>> On Mon, Mar 6, 2017 at 2:31 AM, Måns Rullgård <mans@mansr.com> wrote:
>>>> Henrique de Moraes Holschuh <hmh@hmh.eng.br> writes:
>>>>
>>>>> On Sun, 05 Mar 2017, Måns Rullgård wrote:
>>>>>> Tomas Winkler <tomasw@gmail.com> writes:
>>>>>> > Sparse complains for arrays declared with variable length
>>>>>> >
>>>>>> > 'warning: Variable length array is used'
>>>>>> >
>>>>>> > Prior to c99 this was not allowed but lgcc (c99) doesn't have problem
>>>>>> > with that  https://gcc.gnu.org/onlinedocs/gcc/Variable-Length.html.
>>>>>> > And also Linux kernel compilation with W=1 doesn't complain.
>>>>>> >
>>>>>> > Since sparse is used extensively would like to ask what is the correct
>>>>>> > usage of arrays of variable length
>>>>>> > within Linux Kernel.
>>>>>>
>>>>>> Variable-length arrays are a very bad idea.  Don't use them, ever.
>>>>>> If the size has a sane upper bound, just use that value statically.
>>>>>> Otherwise, you have a stack overflow waiting to happen and should be
>>>>>> using some kind of dynamic allocation instead.
>>>>>>
>>>>>> Furthermore, use of VLAs generally results in less efficient code.  For
>>>>>> instance, it forces gcc to waste a register for the frame pointer, and
>>>>>> it often prevents inlining.
>>>>>
>>>>> Well, if we're going to forbid VLAs in the kernel, IMHO the kernel build
>>>>> system should call gcc with -Werror=vla to get that point across early,
>>>>> and flush out any offenders.
>>>>
>>>> If it were up to me, that's exactly what I'd do.
>>>
>>>>
>>> Some parts of the kernel depends on VLA such as ___ON_STACK macros in
>>> include/crypto/hash.h
>>> It's actually pretty neat implementation, maybe it's too harsh to
>>> disable  VLA completely.
>>
>> And what happens if the requested size is insane?
>
> One option is to add '-Wvla-larger-than=n'

If you know the upper bound, why use VLAs in the first place?

-- 
Måns Rullgård

Re: Arrays of variable length

[Tomas Winkler]

On Thu, Mar 9, 2017 at 4:16 PM, Måns Rullgård <mans@mansr.com> wrote:
> Tomas Winkler <tomasw@gmail.com> writes:
>
>> On Thu, Mar 9, 2017 at 3:02 PM, Måns Rullgård <mans@mansr.com> wrote:
>>> Tomas Winkler <tomasw@gmail.com> writes:
>>>
>>>> On Mon, Mar 6, 2017 at 2:31 AM, Måns Rullgård <mans@mansr.com> wrote:
>>>>> Henrique de Moraes Holschuh <hmh@hmh.eng.br> writes:
>>>>>
>>>>>> On Sun, 05 Mar 2017, Måns Rullgård wrote:
>>>>>>> Tomas Winkler <tomasw@gmail.com> writes:
>>>>>>> > Sparse complains for arrays declared with variable length
>>>>>>> >
>>>>>>> > 'warning: Variable length array is used'
>>>>>>> >
>>>>>>> > Prior to c99 this was not allowed but lgcc (c99) doesn't have problem
>>>>>>> > with that  https://gcc.gnu.org/onlinedocs/gcc/Variable-Length.html.
>>>>>>> > And also Linux kernel compilation with W=1 doesn't complain.
>>>>>>> >
>>>>>>> > Since sparse is used extensively would like to ask what is the correct
>>>>>>> > usage of arrays of variable length
>>>>>>> > within Linux Kernel.
>>>>>>>
>>>>>>> Variable-length arrays are a very bad idea.  Don't use them, ever.
>>>>>>> If the size has a sane upper bound, just use that value statically.
>>>>>>> Otherwise, you have a stack overflow waiting to happen and should be
>>>>>>> using some kind of dynamic allocation instead.
>>>>>>>
>>>>>>> Furthermore, use of VLAs generally results in less efficient code.  For
>>>>>>> instance, it forces gcc to waste a register for the frame pointer, and
>>>>>>> it often prevents inlining.
>>>>>>
>>>>>> Well, if we're going to forbid VLAs in the kernel, IMHO the kernel build
>>>>>> system should call gcc with -Werror=vla to get that point across early,
>>>>>> and flush out any offenders.
>>>>>
>>>>> If it were up to me, that's exactly what I'd do.
>>>>
>>>>>
>>>> Some parts of the kernel depends on VLA such as ___ON_STACK macros in
>>>> include/crypto/hash.h
>>>> It's actually pretty neat implementation, maybe it's too harsh to
>>>> disable  VLA completely.
>>>
>>> And what happens if the requested size is insane?
>>
>> One option is to add '-Wvla-larger-than=n'
>
> If you know the upper bound, why use VLAs in the first place?

This is a water mark and not  actual usage, but maybe I didn't
understand your comment.

Tomas

Re: Arrays of variable length

[Måns Rullgård]

Tomas Winkler <tomasw@gmail.com> writes:

> On Thu, Mar 9, 2017 at 4:16 PM, Måns Rullgård <mans@mansr.com> wrote:
>> Tomas Winkler <tomasw@gmail.com> writes:
>>
>>> On Thu, Mar 9, 2017 at 3:02 PM, Måns Rullgård <mans@mansr.com> wrote:
>>>> Tomas Winkler <tomasw@gmail.com> writes:
>>>>
>>>>> On Mon, Mar 6, 2017 at 2:31 AM, Måns Rullgård <mans@mansr.com> wrote:
>>>>>> Henrique de Moraes Holschuh <hmh@hmh.eng.br> writes:
>>>>>>
>>>>>>> On Sun, 05 Mar 2017, Måns Rullgård wrote:
>>>>>>>> Tomas Winkler <tomasw@gmail.com> writes:
>>>>>>>> > Sparse complains for arrays declared with variable length
>>>>>>>> >
>>>>>>>> > 'warning: Variable length array is used'
>>>>>>>> >
>>>>>>>> > Prior to c99 this was not allowed but lgcc (c99) doesn't have problem
>>>>>>>> > with that  https://gcc.gnu.org/onlinedocs/gcc/Variable-Length.html.
>>>>>>>> > And also Linux kernel compilation with W=1 doesn't complain.
>>>>>>>> >
>>>>>>>> > Since sparse is used extensively would like to ask what is the correct
>>>>>>>> > usage of arrays of variable length
>>>>>>>> > within Linux Kernel.
>>>>>>>>
>>>>>>>> Variable-length arrays are a very bad idea.  Don't use them, ever.
>>>>>>>> If the size has a sane upper bound, just use that value statically.
>>>>>>>> Otherwise, you have a stack overflow waiting to happen and should be
>>>>>>>> using some kind of dynamic allocation instead.
>>>>>>>>
>>>>>>>> Furthermore, use of VLAs generally results in less efficient code.  For
>>>>>>>> instance, it forces gcc to waste a register for the frame pointer, and
>>>>>>>> it often prevents inlining.
>>>>>>>
>>>>>>> Well, if we're going to forbid VLAs in the kernel, IMHO the kernel build
>>>>>>> system should call gcc with -Werror=vla to get that point across early,
>>>>>>> and flush out any offenders.
>>>>>>
>>>>>> If it were up to me, that's exactly what I'd do.
>>>>>
>>>>>>
>>>>> Some parts of the kernel depends on VLA such as ___ON_STACK macros in
>>>>> include/crypto/hash.h
>>>>> It's actually pretty neat implementation, maybe it's too harsh to
>>>>> disable  VLA completely.
>>>>
>>>> And what happens if the requested size is insane?
>>>
>>> One option is to add '-Wvla-larger-than=n'
>>
>> If you know the upper bound, why use VLAs in the first place?
>
> This is a water mark and not  actual usage, but maybe I didn't
> understand your comment.

If there is an upper bound known at compile time, why not simply use
that size statically?  If there is no upper bound, well, then you have a
problem.

-- 
Måns Rullgård

Re: Arrays of variable length

[Måns Rullgård]

Tomas Winkler <tomasw@gmail.com> writes:

> On Thu, Mar 9, 2017 at 4:16 PM, Måns Rullgård <mans@mansr.com> wrote:
>> Tomas Winkler <tomasw@gmail.com> writes:
>>
>>> On Thu, Mar 9, 2017 at 3:02 PM, Måns Rullgård <mans@mansr.com> wrote:
>>>> Tomas Winkler <tomasw@gmail.com> writes:
>>>>
>>>>> On Mon, Mar 6, 2017 at 2:31 AM, Måns Rullgård <mans@mansr.com> wrote:
>>>>>> Henrique de Moraes Holschuh <hmh@hmh.eng.br> writes:
>>>>>>
>>>>>>> On Sun, 05 Mar 2017, Måns Rullgård wrote:
>>>>>>>> Tomas Winkler <tomasw@gmail.com> writes:
>>>>>>>> > Sparse complains for arrays declared with variable length
>>>>>>>> >
>>>>>>>> > 'warning: Variable length array is used'
>>>>>>>> >
>>>>>>>> > Prior to c99 this was not allowed but lgcc (c99) doesn't have problem
>>>>>>>> > with that  https://gcc.gnu.org/onlinedocs/gcc/Variable-Length.html.
>>>>>>>> > And also Linux kernel compilation with W=1 doesn't complain.
>>>>>>>> >
>>>>>>>> > Since sparse is used extensively would like to ask what is the correct
>>>>>>>> > usage of arrays of variable length
>>>>>>>> > within Linux Kernel.
>>>>>>>>
>>>>>>>> Variable-length arrays are a very bad idea.  Don't use them, ever.
>>>>>>>> If the size has a sane upper bound, just use that value statically.
>>>>>>>> Otherwise, you have a stack overflow waiting to happen and should be
>>>>>>>> using some kind of dynamic allocation instead.
>>>>>>>>
>>>>>>>> Furthermore, use of VLAs generally results in less efficient code.  For
>>>>>>>> instance, it forces gcc to waste a register for the frame pointer, and
>>>>>>>> it often prevents inlining.
>>>>>>>
>>>>>>> Well, if we're going to forbid VLAs in the kernel, IMHO the kernel build
>>>>>>> system should call gcc with -Werror=vla to get that point across early,
>>>>>>> and flush out any offenders.
>>>>>>
>>>>>> If it were up to me, that's exactly what I'd do.
>>>>>
>>>>>>
>>>>> Some parts of the kernel depends on VLA such as ___ON_STACK macros in
>>>>> include/crypto/hash.h
>>>>> It's actually pretty neat implementation, maybe it's too harsh to
>>>>> disable  VLA completely.
>>>>
>>>> And what happens if the requested size is insane?
>>>
>>> One option is to add '-Wvla-larger-than=n'
>>
>> If you know the upper bound, why use VLAs in the first place?
>
> This is a water mark and not  actual usage, but maybe I didn't
> understand your comment.

If there is an upper bound known at compile time, why not simply use
that size statically?  If there is no upper bound, well, then you have a
problem.

-- 
Måns Rullgård

Re: Arrays of variable length

[Tomas Winkler]

On Thu, Mar 9, 2017 at 4:26 PM, Måns Rullgård <mans@mansr.com> wrote:
> Tomas Winkler <tomasw@gmail.com> writes:
>
>> On Thu, Mar 9, 2017 at 4:16 PM, Måns Rullgård <mans@mansr.com> wrote:
>>> Tomas Winkler <tomasw@gmail.com> writes:
>>>
>>>> On Thu, Mar 9, 2017 at 3:02 PM, Måns Rullgård <mans@mansr.com> wrote:
>>>>> Tomas Winkler <tomasw@gmail.com> writes:
>>>>>
>>>>>> On Mon, Mar 6, 2017 at 2:31 AM, Måns Rullgård <mans@mansr.com> wrote:
>>>>>>> Henrique de Moraes Holschuh <hmh@hmh.eng.br> writes:
>>>>>>>
>>>>>>>> On Sun, 05 Mar 2017, Måns Rullgård wrote:
>>>>>>>>> Tomas Winkler <tomasw@gmail.com> writes:
>>>>>>>>> > Sparse complains for arrays declared with variable length
>>>>>>>>> >
>>>>>>>>> > 'warning: Variable length array is used'
>>>>>>>>> >
>>>>>>>>> > Prior to c99 this was not allowed but lgcc (c99) doesn't have problem
>>>>>>>>> > with that  https://gcc.gnu.org/onlinedocs/gcc/Variable-Length.html.
>>>>>>>>> > And also Linux kernel compilation with W=1 doesn't complain.
>>>>>>>>> >
>>>>>>>>> > Since sparse is used extensively would like to ask what is the correct
>>>>>>>>> > usage of arrays of variable length
>>>>>>>>> > within Linux Kernel.
>>>>>>>>>
>>>>>>>>> Variable-length arrays are a very bad idea.  Don't use them, ever.
>>>>>>>>> If the size has a sane upper bound, just use that value statically.
>>>>>>>>> Otherwise, you have a stack overflow waiting to happen and should be
>>>>>>>>> using some kind of dynamic allocation instead.
>>>>>>>>>
>>>>>>>>> Furthermore, use of VLAs generally results in less efficient code.  For
>>>>>>>>> instance, it forces gcc to waste a register for the frame pointer, and
>>>>>>>>> it often prevents inlining.
>>>>>>>>
>>>>>>>> Well, if we're going to forbid VLAs in the kernel, IMHO the kernel build
>>>>>>>> system should call gcc with -Werror=vla to get that point across early,
>>>>>>>> and flush out any offenders.
>>>>>>>
>>>>>>> If it were up to me, that's exactly what I'd do.
>>>>>>
>>>>>>>
>>>>>> Some parts of the kernel depends on VLA such as ___ON_STACK macros in
>>>>>> include/crypto/hash.h
>>>>>> It's actually pretty neat implementation, maybe it's too harsh to
>>>>>> disable  VLA completely.
>>>>>
>>>>> And what happens if the requested size is insane?
>>>>
>>>> One option is to add '-Wvla-larger-than=n'
>>>
>>> If you know the upper bound, why use VLAs in the first place?
>>
>> This is a water mark and not  actual usage, but maybe I didn't
>> understand your comment.
>
> If there is an upper bound known at compile time, why not simply use
> that size statically?  If there is no upper bound, well, then you have a
> problem.

If the compiler can do the job, why not to use this flexibility ?

Tomas

Re: Arrays of variable length

[Måns Rullgård]

Tomas Winkler <tomasw@gmail.com> writes:

> On Thu, Mar 9, 2017 at 4:26 PM, Måns Rullgård <mans@mansr.com> wrote:
>> Tomas Winkler <tomasw@gmail.com> writes:
>>
>>> On Thu, Mar 9, 2017 at 4:16 PM, Måns Rullgård <mans@mansr.com> wrote:
>>>> Tomas Winkler <tomasw@gmail.com> writes:
>>>>
>>>>> On Thu, Mar 9, 2017 at 3:02 PM, Måns Rullgård <mans@mansr.com> wrote:
>>>>>> Tomas Winkler <tomasw@gmail.com> writes:
>>>>>>
>>>>>>> On Mon, Mar 6, 2017 at 2:31 AM, Måns Rullgård <mans@mansr.com> wrote:
>>>>>>>> Henrique de Moraes Holschuh <hmh@hmh.eng.br> writes:
>>>>>>>>
>>>>>>>>> On Sun, 05 Mar 2017, Måns Rullgård wrote:
>>>>>>>>>> Tomas Winkler <tomasw@gmail.com> writes:
>>>>>>>>>> > Sparse complains for arrays declared with variable length
>>>>>>>>>> >
>>>>>>>>>> > 'warning: Variable length array is used'
>>>>>>>>>> >
>>>>>>>>>> > Prior to c99 this was not allowed but lgcc (c99) doesn't have problem
>>>>>>>>>> > with that  https://gcc.gnu.org/onlinedocs/gcc/Variable-Length.html.
>>>>>>>>>> > And also Linux kernel compilation with W=1 doesn't complain.
>>>>>>>>>> >
>>>>>>>>>> > Since sparse is used extensively would like to ask what is the correct
>>>>>>>>>> > usage of arrays of variable length
>>>>>>>>>> > within Linux Kernel.
>>>>>>>>>>
>>>>>>>>>> Variable-length arrays are a very bad idea.  Don't use them, ever.
>>>>>>>>>> If the size has a sane upper bound, just use that value statically.
>>>>>>>>>> Otherwise, you have a stack overflow waiting to happen and should be
>>>>>>>>>> using some kind of dynamic allocation instead.
>>>>>>>>>>
>>>>>>>>>> Furthermore, use of VLAs generally results in less efficient code.  For
>>>>>>>>>> instance, it forces gcc to waste a register for the frame pointer, and
>>>>>>>>>> it often prevents inlining.
>>>>>>>>>
>>>>>>>>> Well, if we're going to forbid VLAs in the kernel, IMHO the kernel build
>>>>>>>>> system should call gcc with -Werror=vla to get that point across early,
>>>>>>>>> and flush out any offenders.
>>>>>>>>
>>>>>>>> If it were up to me, that's exactly what I'd do.
>>>>>>>
>>>>>>>>
>>>>>>> Some parts of the kernel depends on VLA such as ___ON_STACK macros in
>>>>>>> include/crypto/hash.h
>>>>>>> It's actually pretty neat implementation, maybe it's too harsh to
>>>>>>> disable  VLA completely.
>>>>>>
>>>>>> And what happens if the requested size is insane?
>>>>>
>>>>> One option is to add '-Wvla-larger-than=n'
>>>>
>>>> If you know the upper bound, why use VLAs in the first place?
>>>
>>> This is a water mark and not  actual usage, but maybe I didn't
>>> understand your comment.
>>
>> If there is an upper bound known at compile time, why not simply use
>> that size statically?  If there is no upper bound, well, then you have a
>> problem.
>
> If the compiler can do the job, why not to use this flexibility ?

Because, as I already said, there are security implications if the size
is unbounded, and even with safely bounded size, using VLAs interferes
with compiler optimisations.  Ensuring VLAs are used safely is usually
more work than simply avoiding them in the first place.

-- 
Måns Rullgård

Re: Arrays of variable length

[Måns Rullgård]

Tomas Winkler <tomasw@gmail.com> writes:

> On Thu, Mar 9, 2017 at 4:26 PM, Måns Rullgård <mans@mansr.com> wrote:
>> Tomas Winkler <tomasw@gmail.com> writes:
>>
>>> On Thu, Mar 9, 2017 at 4:16 PM, Måns Rullgård <mans@mansr.com> wrote:
>>>> Tomas Winkler <tomasw@gmail.com> writes:
>>>>
>>>>> On Thu, Mar 9, 2017 at 3:02 PM, Måns Rullgård <mans@mansr.com> wrote:
>>>>>> Tomas Winkler <tomasw@gmail.com> writes:
>>>>>>
>>>>>>> On Mon, Mar 6, 2017 at 2:31 AM, Måns Rullgård <mans@mansr.com> wrote:
>>>>>>>> Henrique de Moraes Holschuh <hmh@hmh.eng.br> writes:
>>>>>>>>
>>>>>>>>> On Sun, 05 Mar 2017, Måns Rullgård wrote:
>>>>>>>>>> Tomas Winkler <tomasw@gmail.com> writes:
>>>>>>>>>> > Sparse complains for arrays declared with variable length
>>>>>>>>>> >
>>>>>>>>>> > 'warning: Variable length array is used'
>>>>>>>>>> >
>>>>>>>>>> > Prior to c99 this was not allowed but lgcc (c99) doesn't have problem
>>>>>>>>>> > with that  https://gcc.gnu.org/onlinedocs/gcc/Variable-Length.html.
>>>>>>>>>> > And also Linux kernel compilation with W=1 doesn't complain.
>>>>>>>>>> >
>>>>>>>>>> > Since sparse is used extensively would like to ask what is the correct
>>>>>>>>>> > usage of arrays of variable length
>>>>>>>>>> > within Linux Kernel.
>>>>>>>>>>
>>>>>>>>>> Variable-length arrays are a very bad idea.  Don't use them, ever.
>>>>>>>>>> If the size has a sane upper bound, just use that value statically.
>>>>>>>>>> Otherwise, you have a stack overflow waiting to happen and should be
>>>>>>>>>> using some kind of dynamic allocation instead.
>>>>>>>>>>
>>>>>>>>>> Furthermore, use of VLAs generally results in less efficient code.  For
>>>>>>>>>> instance, it forces gcc to waste a register for the frame pointer, and
>>>>>>>>>> it often prevents inlining.
>>>>>>>>>
>>>>>>>>> Well, if we're going to forbid VLAs in the kernel, IMHO the kernel build
>>>>>>>>> system should call gcc with -Werror=vla to get that point across early,
>>>>>>>>> and flush out any offenders.
>>>>>>>>
>>>>>>>> If it were up to me, that's exactly what I'd do.
>>>>>>>
>>>>>>>>
>>>>>>> Some parts of the kernel depends on VLA such as ___ON_STACK macros in
>>>>>>> include/crypto/hash.h
>>>>>>> It's actually pretty neat implementation, maybe it's too harsh to
>>>>>>> disable  VLA completely.
>>>>>>
>>>>>> And what happens if the requested size is insane?
>>>>>
>>>>> One option is to add '-Wvla-larger-than=n'
>>>>
>>>> If you know the upper bound, why use VLAs in the first place?
>>>
>>> This is a water mark and not  actual usage, but maybe I didn't
>>> understand your comment.
>>
>> If there is an upper bound known at compile time, why not simply use
>> that size statically?  If there is no upper bound, well, then you have a
>> problem.
>
> If the compiler can do the job, why not to use this flexibility ?

Because, as I already said, there are security implications if the size
is unbounded, and even with safely bounded size, using VLAs interferes
with compiler optimisations.  Ensuring VLAs are used safely is usually
more work than simply avoiding them in the first place.

-- 
Måns Rullgård