Re: [PATCH] treewide: Replace zero-length array with flexible-array
On Thu, May 7, 2020 at 1:49 PM Gustavo A. R. Silva wrote: > > The current codebase makes use of the zero-length array language > extension to the C90 standard, but the preferred mechanism to declare > variable-length types such as these ones is a flexible array member[1][2], > introduced in C99: > > struct foo { > int stuff; > struct boo array[]; > }; > > By making use of the mechanism above, we will get a compiler warning > in case the flexible array does not occur last in the structure, which > will help us prevent some kind of undefined behavior bugs from being > inadvertently introduced[3] to the codebase from now on. > > Also, notice that, dynamic memory allocations won't be affected by > this change: > > "Flexible array members have incomplete type, and so the sizeof operator > may not be applied. As a quirk of the original implementation of > zero-length arrays, sizeof evaluates to zero."[1] > > sizeof(flexible-array-member) triggers a warning because flexible array > members have incomplete type[1]. There are some instances of code in > which the sizeof operator is being incorrectly/erroneously applied to > zero-length arrays and the result is zero. Such instances may be hiding > some bugs. So, this work (flexible-array member conversions) will also > help to get completely rid of those sorts of issues. > > This issue was found with the help of Coccinelle. > > [1] https://gcc.gnu.org/onlinedocs/gcc/Zero-Length.html > [2] https://github.com/KSPP/linux/issues/21 > [3] commit 76497732932f ("cxgb3/l2t: Fix undefined behaviour") > > Signed-off-by: Gustavo A. R. Silva > --- > include/linux/fsl/bestcomm/bestcomm.h |2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) Applied for next. Thanks. Regards, Leo > > diff --git a/include/linux/fsl/bestcomm/bestcomm.h > b/include/linux/fsl/bestcomm/bestcomm.h > index a0e2e6b19b57..154e541ce57e 100644 > --- a/include/linux/fsl/bestcomm/bestcomm.h > +++ b/include/linux/fsl/bestcomm/bestcomm.h > @@ -27,7 +27,7 @@ > */ > struct bcom_bd { > u32 status; > - u32 data[0];/* variable payload size */ > + u32 data[]; /* variable payload size */ > }; > > /* > */ >
Re: [PATCH] treewide: Replace zero-length array with flexible-array
On Thu, May 07, 2020 at 01:53:13PM -0500, Gustavo A. R. Silva wrote: > The current codebase makes use of the zero-length array language > extension to the C90 standard, but the preferred mechanism to declare > variable-length types such as these ones is a flexible array member[1][2], > introduced in C99: > > struct foo { > int stuff; > struct boo array[]; > }; > > By making use of the mechanism above, we will get a compiler warning > in case the flexible array does not occur last in the structure, which > will help us prevent some kind of undefined behavior bugs from being > inadvertently introduced[3] to the codebase from now on. > > Also, notice that, dynamic memory allocations won't be affected by > this change: > > "Flexible array members have incomplete type, and so the sizeof operator > may not be applied. As a quirk of the original implementation of > zero-length arrays, sizeof evaluates to zero."[1] > > sizeof(flexible-array-member) triggers a warning because flexible array > members have incomplete type[1]. There are some instances of code in > which the sizeof operator is being incorrectly/erroneously applied to > zero-length arrays and the result is zero. Such instances may be hiding > some bugs. So, this work (flexible-array member conversions) will also > help to get completely rid of those sorts of issues. > > This issue was found with the help of Coccinelle. > > [1] https://gcc.gnu.org/onlinedocs/gcc/Zero-Length.html > [2] https://github.com/KSPP/linux/issues/21 > [3] commit 76497732932f ("cxgb3/l2t: Fix undefined behaviour") > > Signed-off-by: Gustavo A. R. Silva Applied for -next, thanks. Johan
RE: [PATCH] treewide: Replace zero-length array with flexible-array
> -Original Message- > From: Gustavo A. R. Silva > Sent: Thursday, May 07, 2020 21:54 > To: Winkler, Tomas > Cc: linux-kernel@vger.kernel.org > Subject: [PATCH] treewide: Replace zero-length array with flexible-array Ack. > > The current codebase makes use of the zero-length array language extension to > the C90 standard, but the preferred mechanism to declare variable-length types > such as these ones is a flexible array member[1][2], introduced in C99: > > struct foo { > int stuff; > struct boo array[]; > }; > > By making use of the mechanism above, we will get a compiler warning in case > the flexible array does not occur last in the structure, which will help us > prevent > some kind of undefined behavior bugs from being inadvertently introduced[3] > to the codebase from now on. > > Also, notice that, dynamic memory allocations won't be affected by this > change: > > "Flexible array members have incomplete type, and so the sizeof operator may > not be applied. As a quirk of the original implementation of zero-length > arrays, > sizeof evaluates to zero."[1] > > sizeof(flexible-array-member) triggers a warning because flexible array > members have incomplete type[1]. There are some instances of code in which > the sizeof operator is being incorrectly/erroneously applied to zero-length > arrays and the result is zero. Such instances may be hiding some bugs. So, > this > work (flexible-array member conversions) will also help to get completely rid > of > those sorts of issues. > > This issue was found with the help of Coccinelle. > > [1] https://gcc.gnu.org/onlinedocs/gcc/Zero-Length.html > [2] https://github.com/KSPP/linux/issues/21 > [3] commit 76497732932f ("cxgb3/l2t: Fix undefined behaviour") > > Signed-off-by: Gustavo A. R. Silva > --- > samples/mei/mei-amt-version.c |2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/samples/mei/mei-amt-version.c b/samples/mei/mei-amt-version.c > index 32234481ad7d..ad3e56042f96 100644 > --- a/samples/mei/mei-amt-version.c > +++ b/samples/mei/mei-amt-version.c > @@ -267,7 +267,7 @@ struct amt_host_if_msg_header { struct > amt_host_if_resp_header { > struct amt_host_if_msg_header header; > uint32_t status; > - unsigned char data[0]; > + unsigned char data[]; > } __attribute__((packed)); > > const uuid_le MEI_IAMTHIF = UUID_LE(0x12f80028, 0xb4b7, 0x4b2d, \
Re: [PATCH] treewide: Replace zero-length array with flexible-array
On Thu, May 07, 2020 at 01:53:34PM -0500, Gustavo A. R. Silva wrote: > The current codebase makes use of the zero-length array language > extension to the C90 standard, but the preferred mechanism to declare > variable-length types such as these ones is a flexible array member[1][2], > introduced in C99: > > struct foo { > int stuff; > struct boo array[]; > }; > > By making use of the mechanism above, we will get a compiler warning > in case the flexible array does not occur last in the structure, which > will help us prevent some kind of undefined behavior bugs from being > inadvertently introduced[3] to the codebase from now on. > > Also, notice that, dynamic memory allocations won't be affected by > this change: > > "Flexible array members have incomplete type, and so the sizeof operator > may not be applied. As a quirk of the original implementation of > zero-length arrays, sizeof evaluates to zero."[1] > > sizeof(flexible-array-member) triggers a warning because flexible array > members have incomplete type[1]. There are some instances of code in > which the sizeof operator is being incorrectly/erroneously applied to > zero-length arrays and the result is zero. Such instances may be hiding > some bugs. So, this work (flexible-array member conversions) will also > help to get completely rid of those sorts of issues. > > This issue was found with the help of Coccinelle. > > [1] https://gcc.gnu.org/onlinedocs/gcc/Zero-Length.html > [2] https://github.com/KSPP/linux/issues/21 > [3] commit 76497732932f ("cxgb3/l2t: Fix undefined behaviour") > > Signed-off-by: Gustavo A. R. Silva I'm fine with this specific change ... so Acked-by: Tony Luck for anyone picking up all of these treewide: patches (if they don't, then I can apply this to the ia64 tree) But a question ... is sizeof still ok on a structure that contains a flexible-array-member? E.g. I'd expect: struct foo { int stuff; struct boo array[]; }; printk("size of foo = %d\n", sizeof(struct foo)); To not give any complilation warnings and to tell me that the size of the structure is 4 bytes. Is that still true and OK? -Tony