From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mailrelay.tugraz.at (mailrelay.tugraz.at [129.27.2.202]) by sourceware.org (Postfix) with ESMTPS id 9600C3853D08 for ; Thu, 18 May 2023 16:25:40 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org 9600C3853D08 Authentication-Results: sourceware.org; dmarc=pass (p=quarantine dis=none) header.from=tugraz.at Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=tugraz.at Received: from vra-169-138.tugraz.at (vra-169-138.tugraz.at [129.27.169.138]) by mailrelay.tugraz.at (Postfix) with ESMTPSA id 4QMb1X6lJtz3wD2 for ; Thu, 18 May 2023 18:25:36 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tugraz.at; s=mailrelay; t=1684427137; bh=Re4Ze3cnY2mOR+4xi5R5gVaFT6lZEkBqhqILCGMdD7M=; h=Subject:From:To:Date:In-Reply-To; b=ei4obXZ0JtIJpfG7YDdr1Y5IF033SHZBhjvDjMxO3gyC+ZDr1sUDyqev073fQZbaY zAwm0s0tBWzNYl68cEW4pzI9m1oJotG7dmePi/cvJNxeRazmbTmEZqLXZ7J7nF3vMV XI2Vu1vveHFptc/zEwnnyzWorKZYsahXfUBWW7qQ= Message-ID: Subject: Re: [wish] Flexible array members in unions From: Martin Uecker To: gcc@gcc.gnu.org Date: Thu, 18 May 2023 18:25:36 +0200 In-Reply-To: Content-Type: text/plain; charset="UTF-8" User-Agent: Evolution 3.38.3-1+deb11u1 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-TUG-Backscatter-control: G/VXY7/6zeyuAY/PU2/0qw X-Spam-Scanner: SpamAssassin 3.003001 X-Spam-Score-relay: -0.4 X-Scanned-By: MIMEDefang 2.74 on 129.27.10.116 X-Spam-Status: No, score=-3.8 required=5.0 tests=BAYES_00,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,RCVD_IN_MSPIKE_H3,RCVD_IN_MSPIKE_WL,SPF_HELO_NONE,SPF_PASS,TXREP,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: > On Thu, May 11, 2023 at 11:14 PM Kees Cook via Gcc wrote: > > > > On Thu, May 11, 2023 at 08:53:52PM +0000, Joseph Myers wrote: > > > On Thu, 11 May 2023, Kees Cook via Gcc wrote: > > > > > > > On Thu, May 11, 2023 at 06:29:10PM +0200, Alejandro Colomar wrote: > > > > > On 5/11/23 18:07, Alejandro Colomar wrote: > > > > > [...] > > > > > > Would you allow flexible array members in unions? Is there any > > > > > > strong reason to disallow them? > > > > > > > > Yes please!! And alone in a struct, too. > > > > > > > > AFAICT, there is no mechanical/architectural reason to disallow them > > > > (especially since they _can_ be constructed with some fancy tricks, > > > > and they behave as expected.) My understanding is that it's disallowed > > > > due to an overly strict reading of the very terse language that created > > > > flexible arrays in C99. > > > > > > Standard C has no such thing as a zero-size object or type, which would > > > lead to problems with a struct or union that only contains a flexible > > > array member there. (I think it is fundamentally not too problematic to have zero-size objects, although it would take some work to specify the semantics exactly.) But my preference would be to make structs / unions with FAM an incomplete type which would then restrict their use (for the cases now supported we would need backwards compatible exceptions). We could then allow such a struct / union as the last member of another struct / union which would make this an incomplete type too. We then would need a special macro (based on a builtin) instead of sizeof to get the size, but this would be safer anyway. In principle, an even better solution would be to allow dynamic arrays because then it has a dynamic bound where the type with the bound could propagate to some user. Bounds checking would work as expected and more cases. struct foo { int len; char buf[.len]; }; But this takes a bit more work to get right. > > > > Ah-ha, okay. That root cause makes sense now. > > Hmm. but then the workaround > > struct X { > int n; > union u { > char at_least_size_one; > int iarr[]; > short sarr[]; > }; > }; > > doesn't work either. We could make that a GNU extension without > adverse effects? I think we could allow this even without the "at_least_size_one" without a problem when allowing the use of such unions only as a last member of some structure. Allowing it elsewhere seems questionable anyway. > Richard. > > > Why are zero-sized objects missing in Standard C? Or, perhaps, the better > > question is: what's needed to support the idea of a zero-sized object? Probably a lot of convincing that it actually does not cause problems, and is useful. Also a lot of work in making sure the standard is revised everywhere where it is necessary. I think zero sized objects and especially arrays are very useful also to avoid special code for corner cases in numerical algorithms. But I think here some restrictions on the use of the FAM will do. Martin