[clang] [Clang][Sema]: Allow flexible arrays in unions and alone in structs (PR #84428)

Tue, 12 Mar 2024 13:08:19 -0700 

kees wrote:

> That one ends up not being a problem, but presumably you are wanting to 
> change that top-level 'struct' to be a 'union'?

No, I want to collapse the entire macro into just `TYPE NAME[]`. Right now the 
Linux kernel uses the `DECLARE_FLEX_ARRAY` macro _in_ over 200 unions and 
structs. For example:
```
struct iwl_tx_cmd {
    ...
        union {
                DECLARE_FLEX_ARRAY(u8, payload);
                DECLARE_FLEX_ARRAY(struct ieee80211_hdr, hdr);
        };
};
```
or
```
struct pda_antenna_gain {
        DECLARE_FLEX_ARRAY(struct {
                u8 gain_5GHz;   /* 0.25 dBi units */
                u8 gain_2GHz;   /* 0.25 dBi units */
        } __packed, antenna);
} __packed;
```
or
```
struct coreboot_device {
        struct device dev;
        union {
                struct coreboot_table_entry entry;
                struct lb_cbmem_ref cbmem_ref;
                struct lb_cbmem_entry cbmem_entry;
                struct lb_framebuffer framebuffer;
                DECLARE_FLEX_ARRAY(u8, raw);
        };
};
```
> What is the problem with making it `TYPE NAME[0];` ?

Because these are not 0-sized arrays. To have unambiguous mitigation of array 
and buffer overflows, the compiler must have explicitly defined array sizes. 
The Linux kernel uses both `-fstrict-flex-array=3` to get rid of all the 
horrible "fake" flexible arrays (since it was ambiguous and forced GCC and 
Clang to leave trailing arrays uncovered by the array-bounds sanitizer, 
`__builtin_object_size()`, and `__builtin_dynamic_object_size()`), and the 
`counted_by` attribute to gain deterministic size information. Note that with 
`counted_by`, a 0-sized array is a perfectly valid size, so there is no such 
thing has "just ignore 0-sized arrays". The point is to gain determinism. We 
spent 6 years cleaning this up already. Lots of details here:
https://people.kernel.org/kees/bounded-flexible-arrays-in-c

Basically, Linux needed to kill the "if it's a trailing array, it's a flexible 
array" extension, without removing the "flex arrays can be in unions" 
extension. The former was solved with GCC and Clang's addition of the 
`-fstrict-flex-arrays=3` option). The latter was accomplished by bypassing GCC 
and Clang's syntax checking, but I'd prefer that the extension to support flex 
arrays in unions just be properly extended to C99 flex arrays to avoid the 
syntactic hack. (i.e. it's already possible with the hack; why make the hack 
necessary?)


https://github.com/llvm/llvm-project/pull/84428
_______________________________________________
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

Reply via email to