[Bug sanitizer/98609] New: sanitizer diagnoses VLAs with length zero although zero-length arrays are a GNU extension

[Bug sanitizer/98609] New: sanitizer diagnoses VLAs with length zero although zero-length arrays are a GNU extension

[muecker at gwdg dot de]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=98609

            Bug ID: 98609
           Summary: sanitizer diagnoses VLAs with length zero although
                    zero-length arrays are a GNU extension
           Product: gcc
           Version: 11.0
            Status: UNCONFIRMED
          Severity: normal
          Priority: P3
         Component: sanitizer
          Assignee: unassigned at gcc dot gnu.org
          Reporter: muecker at gwdg dot de
                CC: dodji at gcc dot gnu.org, dvyukov at gcc dot gnu.org,
                    jakub at gcc dot gnu.org, kcc at gcc dot gnu.org, marxin at gcc dot gnu.org
  Target Milestone: ---

The following code is diagnosed with -fsanitize=undefined:

int main()
{
        int n = 0;
        double x[n];
}


runtime error: variable length array bound evaluates to non-positive value 0


But arrays of zero length are often useful and also generally support by GCC as
an extension. So it would be useful if this would get diagnosed by default. At
least there should be a way to turn this off.

[Bug sanitizer/98609] sanitizer diagnoses VLAs with length zero although zero-length arrays are a GNU extension

[marxin at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=98609

Martin Liška <marxin at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
     Ever confirmed|0                           |1
                 CC|                            |mpolacek at gcc dot gnu.org
             Status|UNCONFIRMED                 |NEW
   Last reconfirmed|                            |2021-01-11

--- Comment #1 from Martin Liška <marxin at gcc dot gnu.org> ---
Confirmed.
@Marek: Can you please take a look?

[Bug sanitizer/98609] sanitizer diagnoses VLAs with length zero although zero-length arrays are a GNU extension

[jakub at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=98609

--- Comment #2 from Jakub Jelinek <jakub at gcc dot gnu.org> ---
The sanitizers generally diagnose what the C or C++ language spec say, not what
the various extensions allow, it is the same also for shifts etc.
So I think it is correct that this is diagnosed by default.

[Bug sanitizer/98609] sanitizer diagnoses VLAs with length zero although zero-length arrays are a GNU extension

[muecker at gwdg dot de]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=98609

--- Comment #3 from Martin Uecker <muecker at gwdg dot de> ---
Fair enough. But there is also no way to selectively turn it off (or I am not
aware of it).  The warning for < 0 is important and useful while the warning
for == 0 is pedantic and not useful by itself when we generally allow zero
sized arrays elsewhere.

[Bug sanitizer/98609] sanitizer diagnoses VLAs with length zero although zero-length arrays are a GNU extension

[jakub at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=98609

--- Comment #4 from Jakub Jelinek <jakub at gcc dot gnu.org> ---
I'd say it is similar with shifts, the diagnostics about the shift count being
negative or too large is highly useful, the diagnostics about the various
lshift properties shifting into sign bit or shifting left negative values etc.)
are pedantic, at least GCC doesn't really take any advantage of that, because
there are so many different variants of the restrictions.
But for shifts we indeed do have a way to selectively turn one or the other on
or off.
So perhaps -fsanitize=vla can be a union of two subooptions too.
Though, we can't really do anything about this until upstream libsanitizer is
changed, because the diagnostics comes from that library.
And it would be really confusing to just do this on the GCC side, allow
VLA checks of <= 0 (=vla), < 0 (=vla-negative), == 0 (=vla-zero) and use the
same library routine in all cases that would always talk about non-positive
value.

[Bug sanitizer/98609] sanitizer diagnoses VLAs with length zero although zero-length arrays are a GNU extension

[marxin at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=98609

--- Comment #5 from Martin Liška <marxin at gcc dot gnu.org> ---
I would recommend changing just libsanitizer to allow something like
UBSAN_OPTIONS=vla_bounds_allow_zero=1. Should be relatively small change.

[Bug sanitizer/98609] sanitizer diagnoses VLAs with length zero although zero-length arrays are a GNU extension

[jakub at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=98609

--- Comment #6 from Jakub Jelinek <jakub at gcc dot gnu.org> ---
That is not really possible, as the compiler assumes for
-fno-sanitize-recover=vla that when we call the library routine, it never
returns (it is noreturn).

[Bug sanitizer/98609] sanitizer diagnoses VLAs with length zero although zero-length arrays are a GNU extension

[marxin at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=98609

--- Comment #7 from Martin Liška <marxin at gcc dot gnu.org> ---
(In reply to Jakub Jelinek from comment #6)
> That is not really possible, as the compiler assumes for
> -fno-sanitize-recover=vla

which is not the default value/

> that when we call the library routine, it never
> returns (it is noreturn).

Then it can be allowed only for recover UBSAN entry points.

[Bug sanitizer/98609] sanitizer diagnoses VLAs with length zero although zero-length arrays are a GNU extension

[msebor at gcc dot gnu.org]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=98609

Martin Sebor <msebor at gcc dot gnu.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |msebor at gcc dot gnu.org

--- Comment #8 from Martin Sebor <msebor at gcc dot gnu.org> ---
Zero allocations should be diagnosed by -Walloc-zero.  The option is disabled
by default to avoid false positives for calls to malloc(0) emitted by GCC in
some cases.  The test case in comment #0 isn't diagnosed even when -Walloc-zero
is explicitly set is a bug.  It should be diagnosed, and I think for VLAs the
warning should be enabled in -Wall to help detect potential aliasing
violations).

Some uses of zero length arrays that aren't VLAs are diagnosed by
-Wzero-length-bounds (enabled by -Warray-bounds).  I posted a patch in November
to enhance their detection, including VLAs, but it never got reviewed.  I
expect to resubmit it for GCC 12.  With that patch, the test case in comment #0
is diagnosed as long as the array is either accessed or passed as an argument
to a function that might use it.

[Bug sanitizer/98609] sanitizer diagnoses VLAs with length zero although zero-length arrays are a GNU extension

[muecker at gwdg dot de]

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=98609

--- Comment #9 from Martin Uecker <muecker at gwdg dot de> ---

I just ran into this problem again while trying to fix PR98608 where the
problem is that instrumentation of parameters is missing.  In parameters people
often use n == 0 null and some of the -Wnonnull warnings we have currently even
require setting it 0.