Re: PATCH to implement C++14 VLA semantics
On Thu, May 9, 2013 at 11:41 AM, Jason Merrill wrote: > At the last C++ standards meeting, we agreed to add VLAs to the language. > But they're significantly different from GNU/C99 VLAs: you can't form a > pointer to a VLA, or take its sizeof, or really anything other than directly > use it. We also need to throw an exception if we try to create one with a > negative or too large bound. And we need to support lambda capture and > range-based for loops. > > The one thing I'm nervous about is our handling of an array which turns out > at runtime to be of length 0. GCC has always allowed zero-length arrays, > and they work fine, so I don't want to break existing code, but I also want > to offer a fully-conforming mode. What I ended up deciding to do is throw > on zero with -std=c++1y and not with -std=gnu++1y. But I'm not terribly > comfortable with this answer; anyone have any better ideas? I am fine with this distinction. I suspect that we don't have too many codes with VLA array with zero length in existing C++ mode. > > The first patch accepts VLAs in C++1y mode and adds new functionality; the > second patch adds diagnostics for invalid uses of C++1y VLAs. > > Tested x86_64-pc-linux-gnu, applying to trunk.
Re: PATCH to implement C++14 VLA semantics
On 05/09/2013 06:41 PM, Jason Merrill wrote: At the last C++ standards meeting, we agreed to add VLAs to the language. But they're significantly different from GNU/C99 VLAs: you can't form a pointer to a VLA, or take its sizeof, or really anything other than directly use it. We also need to throw an exception if we try to create one with a negative or too large bound. I'm not sure if we should throw the exception in case of large size_t values. Even with the checks in place, there is still a wide gap where the definition triggers undefined behavior due to stack overflow. This whole feature seems rather poorly designed to me. The code size increase due to official VLA support in C++11y might come a bit as a surprise. But rereading N3639, there's no way around it, at least for expressions of signed types. -- Florian Weimer / Red Hat Product Security Team
Re: PATCH to implement C++14 VLA semantics
On Mon, May 13, 2013 at 7:25 AM, Florian Weimer wrote: > On 05/09/2013 06:41 PM, Jason Merrill wrote: >> >> At the last C++ standards meeting, we agreed to add VLAs to the >> language. But they're significantly different from GNU/C99 VLAs: you >> can't form a pointer to a VLA, or take its sizeof, or really anything >> other than directly use it. We also need to throw an exception if we >> try to create one with a negative or too large bound. > > > I'm not sure if we should throw the exception in case of large size_t > values. Even with the checks in place, there is still a wide gap where the > definition triggers undefined behavior due to stack overflow. > > This whole feature seems rather poorly designed to me. The code size > increase due to official VLA support in C++11y might come a bit as a > surprise. But rereading N3639, there's no way around it, at least for > expressions of signed types. I think there is a general mood of unsympathetic views towards liberal "undefined behavior." Of course, implementations are always free to offer switches to programmers who don't want checks. -- Gaby
Re: PATCH to implement C++14 VLA semantics
On 05/13/2013 03:06 PM, Gabriel Dos Reis wrote: This whole feature seems rather poorly designed to me. The code size increase due to official VLA support in C++11y might come a bit as a surprise. But rereading N3639, there's no way around it, at least for expressions of signed types. I think there is a general mood of unsympathetic views towards liberal "undefined behavior." Of course, implementations are always free to offer switches to programmers who don't want checks. And usually I'm in that crowd as well. But in this case, we add a check which only covers a tiny fraction of the problem. It's like bounds checking for arrays which only fails if the index is at least twice as large as the array length, IMHO. -- Florian Weimer / Red Hat Product Security Team
Re: PATCH to implement C++14 VLA semantics
On 05/13/2013 09:09 AM, Florian Weimer wrote: And usually I'm in that crowd as well. But in this case, we add a check which only covers a tiny fraction of the problem. It's like bounds checking for arrays which only fails if the index is at least twice as large as the array length, IMHO. The document is still in flux; if you have ideas about ways to improve the specification, I would be happy to submit them as a comment on the public draft. Jason
