From: Martin Uecker <uecker@tugraz.at>
To: Qing Zhao <qing.zhao@oracle.com>,
Richard Biener <richard.guenther@gmail.com>,
Joseph Myers <joseph@codesourcery.com>
Cc: GCC <gcc@gcc.gnu.org>, Kees Cook <keescook@chromium.org>
Subject: Re: [wish] Flexible array members in unions
Date: Fri, 19 May 2023 14:08:06 +0200 [thread overview]
Message-ID: <469d153cacf438e7cdc282710ad57e386c49c074.camel@tugraz.at> (raw)
In-Reply-To: <EC073565-EC4C-4674-8306-6D66D1D4F11E@oracle.com>
Am Donnerstag, dem 18.05.2023 um 20:59 +0000 schrieb Qing Zhao:
>
> > On May 18, 2023, at 12:25 PM, Martin Uecker via Gcc <gcc@gcc.gnu.org> wrote:
> >
> >
> >
> > > On Thu, May 11, 2023 at 11:14 PM Kees Cook via Gcc <gcc@gcc.gnu.org> wrote:
> > > >
> > > > On Thu, May 11, 2023 at 08:53:52PM +0000, Joseph Myers wrote:
> > > > > On Thu, 11 May 2023, Kees Cook via Gcc wrote:
> > > > >
> > > > > > On Thu, May 11, 2023 at 06:29:10PM +0200, Alejandro Colomar wrote:
> > > > > > > On 5/11/23 18:07, Alejandro Colomar wrote:
> > > > > > > [...]
> > > > > > > > Would you allow flexible array members in unions? Is there any
> > > > > > > > strong reason to disallow them?
> > > > > >
> > > > > > Yes please!! And alone in a struct, too.
> > > > > >
> > > > > > AFAICT, there is no mechanical/architectural reason to disallow them
> > > > > > (especially since they _can_ be constructed with some fancy tricks,
> > > > > > and they behave as expected.) My understanding is that it's disallowed
> > > > > > due to an overly strict reading of the very terse language that created
> > > > > > flexible arrays in C99.
> > > > >
> > > > > Standard C has no such thing as a zero-size object or type, which would
> > > > > lead to problems with a struct or union that only contains a flexible
> > > > > array member there.
> >
> > (I think it is fundamentally not too problematic to have zero-size
> > objects, although it would take some work to specify the semantics
> > exactly.)
> >
> > But my preference would be to make structs / unions with FAM an
> > incomplete type which would then restrict their use (for the cases
> > now supported we would need backwards compatible exceptions).
> > We could then allow such a struct / union as the last member
> > of another struct / union which would make this an incomplete
> > type too.
>
> Yes, I like this approach.
> And we can make them GCC extensions first, promote to C standard later.
>
> My proposed patch sets (originally targeted on GCC13, now might need to target on GCC14) will
> make one part of the above a GCC extension:
> Allowing the struct with FAM as the last member of another struct. (See https://gcc.gnu.org/bugzilla/show_bug.cgi?id=101832)
>
> https://gcc.gnu.org/pipermail/gcc-patches/2023-March/614794.html
> https://gcc.gnu.org/pipermail/gcc-patches/2023-March/614793.html
> https://gcc.gnu.org/pipermail/gcc-patches/2023-March/614790.html
>
> I’d like these changes going into GCC first to improve this area.
Seems reasonable to me. Thanks!
Martin
>
> >
> > We then would need a special macro (based on a builtin) instead
> > of sizeof to get the size, but this would be safer anyway.
> >
> > In principle, an even better solution would be to allow dynamic
> > arrays because then it has a dynamic bound where the type with
> > the bound could propagate to some user. Bounds checking would
> > work as expected and more cases.
> >
> > struct foo {
> > int len;
> > char buf[.len];
> > };
> >
> > But this takes a bit more work to get right.
> >
> > > >
> > > > Ah-ha, okay. That root cause makes sense now.
> > >
> > > Hmm. but then the workaround
> > >
> > > struct X {
> > > int n;
> > > union u {
> > > char at_least_size_one;
> > > int iarr[];
> > > short sarr[];
> > > };
> > > };
> > >
> > > doesn't work either. We could make that a GNU extension without
> > > adverse effects?
> >
> > I think we could allow this even without the "at_least_size_one"
> > without a problem when allowing the use of such unions only as
> > a last member of some structure. Allowing it elsewhere seems
> > questionable anyway.
>
> Yes, Such an union can be treated as an flexible array member
> (just multiple flexible arrays sharing the same storage). Therefore it’s reasonable
> To only allow it as the last field of a structure.
>
> thanks.
>
> Qing.
>
> >
> > > Richard.
> > >
> > > > Why are zero-sized objects missing in Standard C? Or, perhaps, the better
> > > > question is: what's needed to support the idea of a zero-sized object?
> >
> > Probably a lot of convincing that it actually does not cause problems,
> > and is useful. Also a lot of work in making sure the standard is revised
> > everywhere where it is necessary. I think zero sized objects and
> > especially arrays are very useful also to avoid special code for corner
> > cases in numerical algorithms. But I think here some restrictions on
> > the use of the FAM will do.
> >
> >
> > Martin
>
prev parent reply other threads:[~2023-05-19 12:08 UTC|newest]
Thread overview: 16+ messages / expand[flat|nested] mbox.gz Atom feed top
2023-05-11 16:07 Alejandro Colomar
2023-05-11 16:29 ` Alejandro Colomar
2023-05-11 19:07 ` Kees Cook
2023-05-11 20:53 ` Joseph Myers
2023-05-11 21:13 ` Kees Cook
2023-05-11 21:43 ` Joseph Myers
2023-05-11 22:16 ` Kees Cook
2023-05-11 22:52 ` Joseph Myers
2023-05-12 0:25 ` Alejandro Colomar
2023-05-12 7:49 ` Jonathan Wakely
2023-05-12 6:16 ` Richard Biener
2023-05-12 12:32 ` David Brown
2023-05-15 19:58 ` Qing Zhao
2023-05-18 16:25 ` Martin Uecker
2023-05-18 20:59 ` Qing Zhao
2023-05-19 12:08 ` Martin Uecker [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=469d153cacf438e7cdc282710ad57e386c49c074.camel@tugraz.at \
--to=uecker@tugraz.at \
--cc=gcc@gcc.gnu.org \
--cc=joseph@codesourcery.com \
--cc=keescook@chromium.org \
--cc=qing.zhao@oracle.com \
--cc=richard.guenther@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).