On 2025-12-14 02:30, Alejandro Colomar wrote:
On Sat, Dec 13, 2025 at 09:14:12PM -0800, Paul Eggert wrote:
#ifdef __STDC_NO_VLA__
# define VLA_ELEMS(n)
#else
# define VLA_ELEMS(n) static n
#endif
You could use 'n' instead of 'static n'. I expect that would work
always.
Yes it'd compile and run, but it wouldn't mean the same thing. Thien-Thi
wanted the 'static n' meaning.
We already know how dangerous [[gnu::nonnull()]] is, so 'static' should
be considered just as dangerous.
How is [[gnu::nonnull()]] more dangerous than attributes like GNU C's
__attribute__ ((__nonnull__ ())) that Gnulib uses all the time?
Yes, there are dangers in using these attributes. The thing that bugs me
the most occurs in functions like execl where for compatibility with
traditional dynamic checking for null pointers Gnulib must jump through
a hoop to also do static checking. (I wish we'd never done the dynamic
checking, as the static checking is better.)
But there are also dangers in not using these attributes, and in
practice the former dangers seem less than the latter.
(Hey, it's C! People *expect* it to be dangerous! :-)
