From: "Jörn Engel" <joern@wohnheim.fh-wedel.de>
To: Mikael Pettersson <mikpe@csd.uu.se>
Cc: Dave Olien <dmo@osdl.org>,
Petri Koistinen <petri.koistinen@iki.fi>,
linux-kernel@vger.kernel.org
Subject: Re: Sparse warning: bitmap.h: bad constant expression
Date: Tue, 2 Sep 2003 22:08:34 +0200 [thread overview]
Message-ID: <20030902200834.GB24744@wohnheim.fh-wedel.de> (raw)
In-Reply-To: <16212.28592.322946.64754@gargle.gargle.HOWL>
On Tue, 2 September 2003 12:23:44 +0200, Mikael Pettersson wrote:
>
> If data is a local variable then this is perfectly valid example of a
> C99 variable-length array (VLA). This works at least with gcc-2.95.3
> and newer, and gcc handles it by itself w/o calling alloca().
A lot of buggy code consists of perfectly valid C99. :)
> Of course, VLAs should be bounded in size to avoid overflowing the
> kernel stack, but that doesn't make them illegal per se.
There is a deeper problem to this. At the moment, there is no way to
prove that the kernel doesn't contain a stack overflow somewhere. In
order to do this, we can make some assumptions and do a formal proof
*as long as the assumptions are valid*.
This perfectly valid C99 code means either that we need very
complicated checker software - a problem in itself - or that the
assumptions are wrong and we are none the wiser.
And even if you ignore this pet project of mine, do you know of a sane
way to have an upper bound for a VLA? And if there is, why not use a
static array with the upper bound as size in the first place?
Explicit is always simpler than implicit and simpler code has less
bugs. :)
Jörn
--
To recognize individual spam features you have to try to get into the
mind of the spammer, and frankly I want to spend as little time inside
the minds of spammers as possible.
-- Paul Graham
next prev parent reply other threads:[~2003-09-02 20:14 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2003-09-01 19:59 Sparse warning: bitmap.h: bad constant expression Petri Koistinen
2003-09-02 1:57 ` Dave Olien
2003-09-02 9:56 ` Jörn Engel
2003-09-02 10:23 ` Mikael Pettersson
2003-09-02 10:54 ` Jörn Engel
2003-09-02 16:45 ` Linus Torvalds
2003-09-02 20:08 ` Jörn Engel [this message]
2003-09-02 17:38 ` Dave Olien
2003-09-02 20:11 ` Jörn Engel
2003-09-02 17:22 ` William Lee Irwin III
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20030902200834.GB24744@wohnheim.fh-wedel.de \
--to=joern@wohnheim.fh-wedel.de \
--cc=dmo@osdl.org \
--cc=linux-kernel@vger.kernel.org \
--cc=mikpe@csd.uu.se \
--cc=petri.koistinen@iki.fi \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).