Richard, What’s your opinion on this?
Do we need one separate warning option to report the misuse of flexible array member only? Or we just combine such warnings into -Warray-bounds when it combines with -fstrict-flex-arrays? Thanks. Qing > On Dec 1, 2022, at 12:18 PM, Kees Cook <keesc...@chromium.org> wrote: > > On Thu, Dec 01, 2022 at 05:04:02PM +0000, Qing Zhao wrote: >> >> >>> On Dec 1, 2022, at 11:42 AM, Kees Cook <keesc...@chromium.org> wrote: >>> >>> On Wed, Nov 30, 2022 at 02:25:56PM +0000, Qing Zhao wrote: >>>> '-Wstrict-flex-arrays' >>>> Warn about inproper usages of flexible array members according to >>>> the LEVEL of the 'strict_flex_array (LEVEL)' attribute attached to >>>> the trailing array field of a structure if it's available, >>>> otherwise according to the LEVEL of the option >>>> '-fstrict-flex-arrays=LEVEL'. >>>> >>>> This option is effective only when LEVEL is bigger than 0. >>>> Otherwise, it will be ignored with a warning. >>>> >>>> when LEVEL=1, warnings will be issued for a trailing array >>>> reference of a structure that have 2 or more elements if the >>>> trailing array is referenced as a flexible array member. >>>> >>>> when LEVEL=2, in addition to LEVEL=1, additional warnings will be >>>> issued for a trailing one-element array reference of a structure if >>>> the array is referenced as a flexible array member. >>>> >>>> when LEVEL=3, in addition to LEVEL=2, additional warnings will be >>>> issued for a trailing zero-length array reference of a structure if >>>> the array is referenced as a flexible array member. >>>> >>>> At the same time, -Warray-bounds is updated: >>> >>> Why is there both -Wstrict-flex-arrays and -Warray-bounds? I thought >>> only the latter was going to exist? >> >> Yes, It’s very easy to merge these two warnings into one: >> >> -Warray-bounds, when combined with -fstrict-flex-arrays, in addition to >> report all the out-of-bounds warnings, it also report >> the misuse of flexible array members according to the LEVEL of >> -fstrict-flex-arrays >> >> The major question is, do we need one separate warning option to report the >> misuse of flexible array member only? >> If so, then we need to add a new one. > > I guess it is up to you, but I think it just makes things needlessly > complex. I think having 1 option for behavior (-ftrict-flex-arrays), > and 1 option for warnings (-Warray-bounds) is sufficient. I think adding > -Wstrict-flex-arrays is confusing. > > -- > Kees Cook