From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: by sourceware.org (Postfix, from userid 48) id B0DCF3858C50; Fri, 28 Jul 2023 20:25:48 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org B0DCF3858C50 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gcc.gnu.org; s=default; t=1690575948; bh=wxOgg8bsjvVjsXTPUVZx2tUDlbzvX0l195cYW/Mn2/M=; h=From:To:Subject:Date:In-Reply-To:References:From; b=BW4+PCfVH4YuxK3IdxEc8/ylclVYyIqKLTrqargNPHY9uoX4LMyF/Dv4noi/ZEadm Plk19Uh2VJ9G+fgfVQzBmVlLWNe55+CUe2YWqICY4BuL5XP0N6cRxXgmly1s9IgRgK GGUsgnrMCHOxIcW4Fa1zHDkrmJAjiLvzrgJZUyZ8= From: "aaron at aaronballman dot com" To: gcc-bugs@gcc.gnu.org Subject: [Bug c++/110848] Consider enabling -Wvla by default in C++ modes Date: Fri, 28 Jul 2023 20:25:48 +0000 X-Bugzilla-Reason: CC X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: gcc X-Bugzilla-Component: c++ X-Bugzilla-Version: 13.0 X-Bugzilla-Keywords: diagnostic X-Bugzilla-Severity: enhancement X-Bugzilla-Who: aaron at aaronballman dot com X-Bugzilla-Status: UNCONFIRMED X-Bugzilla-Resolution: X-Bugzilla-Priority: P3 X-Bugzilla-Assigned-To: unassigned at gcc dot gnu.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: http://gcc.gnu.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 List-Id: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=3D110848 --- Comment #3 from Aaron Ballman --- (In reply to Andrew Pinski from comment #1) > Since VLA support has been a GNU C++ extension way before it was proposed= to > WG21, I doubt we want to enable this by default. I think it boils down to whether you think users are using it on purpose or= by accident. My experience has been that more people use this by accident than= not in C++ and are unhappily surprised when they learn of it (sometimes by port= ing to other compilers (like MSVC) that don't have the extension, sometimes thr= ough other means like static analysis, etc). Given that there are security implications with them, they're very easy to use accidentally, there are mo= re idiomatic approaches like std::vector, and that code generation can be quit= e a bit slower for VLAs than other approaches, I think warning on them by defau= lt is justifiable (the folks using them on purpose can add -Wno-vla to disable= the diagnostic, but I honestly expect them to be in the minority). Do you have evidence there's a lot of intentional use of this feature in C+= + in the wild?=