Am Montag, dem 23.02.2026 um 18:40 -0500 schrieb Yair Lenga:
> Hi Martin,
>
> Yes - I believe something more "lightweight" than #pragma is needed.
> What I've observed is that it's very "cumbersome", to write
>
> #pragma GCC diagnostic push
> #pragma GCC diagnostic ignored "-Wvla"
> double a[len] ;
> #pragma GCC diagnostic push
>
> Technically, can be "compacted" via #define - but then it's becoming
> something that it's not "C" any more: e .g.
> int foo(int how_many) {
> DECLARE_VLA(ddd, double, how_many) ; // Compact but NOT C
> int x = 5 ;
> }
>
> ---
> Regarding "vla-larger-than"
>
> -Wvla-larger-than= is a compile-time, size/range-analysis based
> warning, so it is very useful for catching potentially large VLAs. I
> see it as addressing a different concern than -Wvla.
>
> My goal here is not primarily to allow “small VLAs”, but to make the
> presence of a VLA an explicit, local opt-in in codebases that
> otherwise keep -Wvla enabled (often as -Werror=vla). Even bounded VLAs
> are still a “power-tool” in terms of stack allocation, lifetime, and
> portability considerations, and many projects prefer that their use be
> visible and deliberate.
In terms of lifetime and stack allocation, they seem similar to
regular arrays on the stack.
I consider the criticism of VLAs largely to be misguided. Compared
to worst-case sized arrays on the stack, VLAs reduce stack usage.
Compared to alloca, they are more portable and have proper scope-based
lifetimes. They also enable precise bounds checking.
But yes, portability, is still issue, but a code based where you
then locally opt-in via an attribute, would still not be portable.
This would then seem to defeat the point of having -Wvla added
to the compilation. So would we also need a new option
-Wreally-no-vla to go along with the new attribute?
I am not against your proposal, I just trying to understand
the use cases better.
Somewhat orthogonal to your proposal: What I would find useful
myself is a way to specifiy a worst-case bound for a VLA.
[[gnu::vla_bound(20)]] char a[n];
A compiler could then use this to transform this to the fixed
size array on the stack while preserving the true bound for
bounds checking and optimization. We could also let a sanitizer
check n against the worst-case bound specified.
Martin
>
> -Wvla-larger-than= helps with size risk, but it does not provide:
> * a policy mechanism to require explicit acknowledgment of any VLA, or
> * a readable, declaration-local marker of intentional use.
>
> So I see the two as complementary:
> * -Wvla → policy: VLAs discouraged by default
> * [[gnu::allow_vla]] → local, explicit opt-in for specific cases
> * -Wvla-larger-than= → safety net for large allocations
>
> I’m intentionally proposing that the attribute suppress only -Wvla,
> not -Wvla-larger-than=.
>
> Thanks for the questions/comments — happy to adjust scope if you think
> this should be framed differently.
>
> Yair
>
>
> On Mon, Feb 23, 2026 at 2:44 PM Martin Uecker <[email protected]> wrote:
> >
> > Am Montag, dem 23.02.2026 um 14:30 -0500 schrieb Yair Lenga via Gcc:
> > > Hi GCC maintainers,
> > >
> > > I’d like feedback on a small, C-only attribute proposal to improve
> > > practicality of using -Wvla in large codebases.
> > > Motivation
> > >
> > > Projects often enable -Wvla (sometimes with -Werror=vla) to discourage
> > > unbounded VLAs. However, there are occasional VLAs that are intentionally
> > > bounded/validated (e.g., small scratch buffers sized from known limits).
> > > Today, suppressing -Wvla locally requires #pragma GCC diagnostic
> > > push/ignored/pop, which is verbose and harder to keep correct during
> > > refactoring.
> > >
> > > I’m looking for a declaration-scoped, readable opt-out similar in spirit
> > > to
> > > [[fallthrough]]: keep the warning enabled globally, but allow a
> > > clearly-marked exception at a specific declaration.
> > > Proposal (C only)
> > >
> > > Introduce a GNU C attribute:
> > >
> > > [[gnu::allow_vla]] char tmp[n];
> > >
> > > (Spelling is flexible; I mainly want the functionality. I’m fine with
> > > __attribute__((allow_vla)) as well, but [[gnu::...]] is pleasant in C23
> > > style.)
> > > Semantics
> > >
> > > When -Wvla is enabled, a VLA declaration annotated with [[gnu::allow_vla]]
> > > does *not* emit the -Wvla warning for that declaration.
> > >
> > > Non-goals:
> > >
> > > -
> > >
> > > No change to VLA semantics, ABI, or code generation.
> > > -
> > >
> > > Not a general “suppress any warning” attribute.
> > > -
> > >
> > > C-only (no C++ support requested).
> > >
> > > Scope restrictions (to reduce ambiguity)
> > >
> > > I suggest restricting the attribute to:
> > >
> > > -
> > >
> > > object declarations with automatic storage duration (typical VLA
> > > usage),
> > > and
> > > -
> > >
> > > only affecting the -Wvla diagnostic for that declaration.
> > >
> > > (If maintainers prefer broader applicability, I can adjust, but I’d like
> > > to
> > > start minimal.)
> > > Implementation sketch
> > >
> > > My assumption is:
> > >
> > > -
> > >
> > > parse/attach the attribute to the relevant DECL (e.g.,
> > > DECL_ATTRIBUTES),
> > > -
> > >
> > > and gate the -Wvla diagnostic emission on “decl has allow_vla”.
> > >
> > > I can provide a patch + tests once there is agreement on direction and
> > > naming.
> > > Questions
> > >
> > > 1.
> > >
> > > Is a dedicated C-only GNU attribute acceptable for this purpose, vs.
> > > insisting on #pragma GCC diagnostic?
> >
> > I assume you want something more lightweight than
> >
> > #pragma GCC diagnostic ignored "-Wvla" ?
> >
> > > 2.
> > >
> > > Preferred spelling/name: allow_vla, vla_ok, etc.?
> > > 3.
> > >
> > > I intentionally propose -Wvla suppression only; I’m not requesting
> > > suppression of -Wvla-larger-than=.
> >
> > What I do not fully understand is why -Wvla-larger-than= does not
> > do what you want already if you are interested in small bounded VLAs?
> >
> >
> >
> > Martin
> >
> >
> > >
> > > Thanks,
> > > Yair
