From mboxrd@z Thu Jan 1 00:00:00 1970 Date: Fri, 16 Mar 2018 17:55:02 +0000 From: Al Viro Subject: Re: [PATCH v5 0/2] Remove false-positive VLAs when using max() Message-ID: <20180316175502.GE30522@ZenIV.linux.org.uk> References: <1521174359-46392-1-git-send-email-keescook@chromium.org> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: Sender: Al Viro To: Linus Torvalds Cc: Florian Weimer , Kees Cook , Andrew Morton , Josh Poimboeuf , Rasmus Villemoes , Randy Dunlap , Miguel Ojeda , Ingo Molnar , David Laight , Ian Abbott , linux-input , linux-btrfs , Network Development , Linux Kernel Mailing List , Kernel Hardening List-ID: On Fri, Mar 16, 2018 at 10:29:16AM -0700, Linus Torvalds wrote: > t.c: In function ‘test’: > t.c:6:6: error: argument to variable-length array is too large > [-Werror=vla-larger-than=] > int array[(1,100)]; > > Gcc people are crazy. That's not them, that's C standard regarding ICE. 1,100 is *not* a constant expression as far as the standard is concerned, and that type is actually a VLA with the size that can be optimized into a compiler-calculated value. Would you argue that in void foo(char c) { int a[(c<<1) + 10 - c + 2 - c]; a is not a VLA? Sure, compiler probably would be able to reduce that expression to 12, but demanding that to be recognized means that compiler must do a bunch of optimizations in the middle of typechecking. expr, constant_expression is not a constant_expression. And in this particular case the standard is not insane - the only reason for using that is typechecking and _that_ can be achieved without violating 6.6p6: sizeof(expr,0) * 0 + ICE *is* an integer constant expression, and it gives you exact same typechecking. So if somebody wants to play odd games, they can do that just fine, without complicating the logics for compilers...