Thread: flexible array members
gcc 4.6 has now arrived as the default compiler on my desktop, and as previously reported, it throws a bunch of warnings, foiling my life-long plan of compiling PostgreSQL with -Werror. So looking more aggressively into fixing some of these, let's look at this case: gistutil.c: In function ‘gistMakeUnionKey’: gistutil.c:263:16: warning: array subscript is above array bounds [-Warray-bounds] gistutil.c:268:16: warning: array subscript is above array bounds [-Warray-bounds] gistutil.c:273:16: warning: array subscript is above array bounds [-Warray-bounds] The code in question is this: typedef struct { int32 n; /* number of elements */ GISTENTRY vector[1]; /* variable-length array */ } GistEntryVector; Not sure why the new gcc is confused about this when -Warray-bounds has existed for a while. But thinking a bit further, the "proper" fix for this would be to use flexible array members like this: typedef struct { int32 n; /* number of elements */ GISTENTRY vector[]; } GistEntryVector; This is C99, but with some gentle standard autoconf seasoning, it can be made transparent. See attached patch. Is this a route we want to go down? It looks as though other compilers could also benefit from this. clang throws even more warnings of this kind, and the clang static analyzer even more. One thing that is a bit concerning is that throwing more flexible array members around the code wherever variable-length arrays are used results in crash and burn. Probably some places are using sizeof or offsetof on these structures in incompatible ways. So each place would have to be examined separately.
Attachment
Peter Eisentraut <peter_e@gmx.net> writes: > Is this a route we want to go down? > - GISTENTRY vector[1]; /* variable-length array */ > + GISTENTRY vector[FLEXIBLE_ARRAY_MEMBER]; Yes, I was thinking about the same trick after noting these warnings on Fedora 15, although personally I'd name the macro VARIABLE_LENGTH_ARRAY. > One thing that is a bit concerning is that throwing more flexible array > members around the code wherever variable-length arrays are used results > in crash and burn. Probably some places are using sizeof or offsetof on > these structures in incompatible ways. So each place would have to be > examined separately. Hmm, that's nasty. But from a code-documentation standpoint I think this is a useful improvement, so it seems worth doing the work to clean things up. (I do recall a number of places that assume that sizeof() includes a single array element ...) regards, tom lane
On ons, 2011-06-15 at 18:19 -0400, Tom Lane wrote: > Peter Eisentraut <peter_e@gmx.net> writes: > > Is this a route we want to go down? > > > - GISTENTRY vector[1]; /* variable-length > array */ > > + GISTENTRY vector[FLEXIBLE_ARRAY_MEMBER]; > > Yes, I was thinking about the same trick after noting these warnings > on Fedora 15, although personally I'd name the macro > VARIABLE_LENGTH_ARRAY. This macro is provided by Autoconf and it appears to be using the standard's terminology. Actually, the term "variable-length array" appears to refer to another C99 feature, namely this one: void foo(int n) { bar int[n]; do_something(); }
<span id="IDstID">On Thu, 16 Jun 2011 22:49:45 +0300, Peter Eisentraut <a class="moz-txt-link-rfc2396E" href="mailto:peter_e@gmx.net"><peter_e@gmx.net></a> wrote:</span><br/><blockquote cite="mid:1308253785.6721.2.camel@vanquo.pezone.net"type="cite"><pre wrap="">This macro is provided by Autoconf and it appearsto be using the standard's terminology. </pre></blockquote><br /> commit dbbba5279f66f95805c1e084e6f646d174931e56 refs/heads/master<br /> Author: Peter Eisentraut<a class="moz-txt-link-rfc2396E" href="mailto:peter_e@gmx.net"><peter_e@gmx.net></a><br /> Date: Thu Jun16 22:39:09 2011 +0300<br /><br /> Periodically checking my VS2010 patch I noticed that this one broke Visual Studio builds.<br/><br /> At least mine and "<a href="http://buildfarm.postgresql.org/cgi-bin/show_history.pl?nm=chough&br=HEAD"title="History">chough</a>" in the buildfarm - I expect others to follow once they rebuild.<br /><br /><pre>error C2065: 'FLEXIBLE_ARRAY_MEMBER' : undeclaredidentifier error C2057: expected constant expression Regards, Brar </pre><br /><br /><br />