Mercurial > gnulib
changeset 40178:a8eeb883e377
vla: add commentary about VLA_ELEMS
* lib/vla.h (VLA_ELEMS): Add commentary,
some inspired by Bruno Haible’s proposal in:
https://lists.gnu.org/r/bug-gnulib/2019-01/msg00109.html
author | Paul Eggert <eggert@cs.ucla.edu> |
---|---|
date | Sat, 02 Feb 2019 14:39:59 -0800 |
parents | dcd889592b62 |
children | 6823a10c9418 |
files | ChangeLog lib/vla.h |
diffstat | 2 files changed, 31 insertions(+), 0 deletions(-) [+] |
line wrap: on
line diff
--- a/ChangeLog Sat Feb 02 13:01:55 2019 -0800 +++ b/ChangeLog Sat Feb 02 14:39:59 2019 -0800 @@ -1,5 +1,10 @@ 2019-02-02 Paul Eggert <eggert@cs.ucla.edu> + vla: add commentary about VLA_ELEMS + * lib/vla.h (VLA_ELEMS): Add commentary, + some inspired by Bruno Haible’s proposal in: + https://lists.gnu.org/r/bug-gnulib/2019-01/msg00109.html + dtoastr,ftoastr,ldtoastr: port to c-strtod changes Decouple these modules from c-strtod. Nowadays it’s reasonable to assume the C99 signatures for strtod and strtold. Programs that
--- a/lib/vla.h Sat Feb 02 13:01:55 2019 -0800 +++ b/lib/vla.h Sat Feb 02 14:39:59 2019 -0800 @@ -17,6 +17,20 @@ Written by Paul Eggert. */ +/* The VLA_ELEMS macro does not allocate variable-length arrays (VLAs), + so it does not have the security or performance issues commonly + associated with VLAs. VLA_ELEMS is for exploiting a C11 feature + where a function can start like this: + + double scan_array (int n, double v[static n]) + + to require a caller to pass a vector V with at least N elements; + this allows better static checking and performance in some cases. + In C11 this feature means that V is a VLA, so the feature is + supported only if __STDC_NO_VLA__ is defined, and for compatibility + to platforms that do not support VLAs, VLA_ELEMS (n) expands to + nothing when __STDC_NO_VLA__ is not defined. */ + /* A function's argument must point to an array with at least N elements. Example: 'int main (int argc, char *argv[VLA_ELEMS (argc)]);'. */ @@ -25,3 +39,15 @@ #else # define VLA_ELEMS(n) static n #endif + +/* Although C99 requires support for variable-length arrays (VLAs), + some C compilers never supported VLAs and VLAs are optional in C11. + VLAs are controversial because their allocation may be unintended + or awkward to support, and large VLAs might cause security or + performance problems. GCC can diagnose the use of VLAs via the + -Wvla and -Wvla-larger-than warnings options, and defining the + macro GNULIB_NO_VLA disables the allocation of VLAs in Gnulib code. + + The VLA_ELEMS macro is unaffected by GNULIB_NO_VLA, since it does + not allocate VLAs. Programs that use VLA_ELEMS should be compiled + with 'gcc -Wvla-larger-than' instead of with 'gcc -Wvla'. */