Re: [wish] Flexible array members in unions

public inbox for gcc@gcc.gnu.org
 help / color / mirror / Atom feed

From: Qing Zhao <qing.zhao@oracle.com>
To: Richard Biener <richard.guenther@gmail.com>,
	Joseph Myers <joseph@codesourcery.com>
Cc: Kees Cook <keescook@chromium.org>,
	Alejandro Colomar <alx.manpages@gmail.com>, GCC <gcc@gcc.gnu.org>,
	Alejandro Colomar <alx@nginx.com>,
	Andrew Clayton <a.clayton@nginx.com>,
	Andrew Clayton <andrew@digital-domain.net>,
	"linux-hardening@vger.kernel.org"
	<linux-hardening@vger.kernel.org>
Subject: Re: [wish] Flexible array members in unions
Date: Mon, 15 May 2023 19:58:37 +0000	[thread overview]
Message-ID: <447B1CEB-B525-4143-854E-9BD2069C9E16@oracle.com> (raw)
In-Reply-To: <CAFiYyc1JRm6gm8aw2ZQmcycN3AF3hu5wjwGeUgDCN6gRN7UbbA@mail.gmail.com>



> On May 12, 2023, at 2:16 AM, Richard Biener via Gcc <gcc@gcc.gnu.org> wrote:
> 
> On Thu, May 11, 2023 at 11:14 PM Kees Cook via Gcc <gcc@gcc.gnu.org> wrote:
>> 
>> On Thu, May 11, 2023 at 08:53:52PM +0000, Joseph Myers wrote:
>>> On Thu, 11 May 2023, Kees Cook via Gcc wrote:
>>> 
>>>> On Thu, May 11, 2023 at 06:29:10PM +0200, Alejandro Colomar wrote:
>>>>> On 5/11/23 18:07, Alejandro Colomar wrote:
>>>>> [...]
>>>>>> Would you allow flexible array members in unions?  Is there any
>>>>>> strong reason to disallow them?
>>>> 
>>>> Yes please!! And alone in a struct, too.
>>>> 
>>>> AFAICT, there is no mechanical/architectural reason to disallow them
>>>> (especially since they _can_ be constructed with some fancy tricks,
>>>> and they behave as expected.) My understanding is that it's disallowed
>>>> due to an overly strict reading of the very terse language that created
>>>> flexible arrays in C99.
>>> 
>>> Standard C has no such thing as a zero-size object or type, which would
>>> lead to problems with a struct or union that only contains a flexible
>>> array member there.
>> 
>> Ah-ha, okay. That root cause makes sense now.
> 
> Hmm. but then the workaround
> 
> struct X {
>  int n;
>  union u {
>      char at_least_size_one;
>      int iarr[];
>      short sarr[];
>  };
> };
> 
> doesn't work either.  We could make that a GNU extension without
> adverse effects?

I think that this might be  a very nice extension, which addresses the standard C’s restriction  on the zero-size object, and also can resolve kernel’s need. (And also other users’s similar programming need?)
And maybe it’s also possible to add such extension later to Standard C?

Similar as flexible array member in Standard C, we should limit such union as the last field of another structure.  (Since basically this union can be treated
As a flexible array member)

Qing

> 
> Richard.
> 
>> Why are zero-sized objects missing in Standard C? Or, perhaps, the better
>> question is: what's needed to support the idea of a zero-sized object?
>> 
>> --
>> Kees Cook

next prev parent reply	other threads:[~2023-05-15 19:58 UTC|newest]

Thread overview: 16+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2023-05-11 16:07 Alejandro Colomar
2023-05-11 16:29 ` Alejandro Colomar
2023-05-11 19:07   ` Kees Cook
2023-05-11 20:53     ` Joseph Myers
2023-05-11 21:13       ` Kees Cook
2023-05-11 21:43         ` Joseph Myers
2023-05-11 22:16           ` Kees Cook
2023-05-11 22:52             ` Joseph Myers
2023-05-12  0:25               ` Alejandro Colomar
2023-05-12  7:49             ` Jonathan Wakely
2023-05-12  6:16         ` Richard Biener
2023-05-12 12:32           ` David Brown
2023-05-15 19:58           ` Qing Zhao [this message]
2023-05-18 16:25           ` Martin Uecker
2023-05-18 20:59             ` Qing Zhao
2023-05-19 12:08               ` Martin Uecker

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=447B1CEB-B525-4143-854E-9BD2069C9E16@oracle.com \
    --to=qing.zhao@oracle.com \
    --cc=a.clayton@nginx.com \
    --cc=alx.manpages@gmail.com \
    --cc=alx@nginx.com \
    --cc=andrew@digital-domain.net \
    --cc=gcc@gcc.gnu.org \
    --cc=joseph@codesourcery.com \
    --cc=keescook@chromium.org \
    --cc=linux-hardening@vger.kernel.org \
    --cc=richard.guenther@gmail.com \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).