[cfe-dev] [RFC] Approach for C++1y N3639 (runtime-sized arrays with automatic storage duration)

Ronan Keryell Ronan.Keryell at silkan.com
Thu May 9 14:13:40 PDT 2013

>>>>> On Thu, 9 May 2013 12:11:39 -0700, Richard Smith <richard at metafoo.co.uk> said:

    Richard> Hi!  C++1y adds support for arrays of runtime bound (ARBs)
    Richard> to the C++ language.  These are basically a restricted form
    Richard> of VLA,

Very restricted... (Well I am biased, as a great fan of C99 VLA :-),
mainly for automatic parallelization & vectorization issues)

    Richard> * Add a -farb-stack-limit=N command-line option to control
    Richard> the maximum stack memory which can be used by an ARB. If
    Richard> the ARB doesn't fit in this limit, we use heap allocation
    Richard> instead. By default, there is no limit.  * Add a
    Richard> -farb-heap-limit=N command-line option to control the
    Richard> maximum heap memory which can be used by an ARB. If the ARB
    Richard> doesn't fit in this limit, we call
    Richard> __cxa_throw_bad_array_length. By default, the limit is 0
    Richard> (never use heap allocation).  * If the bound is erroneous
    Richard> (too small, multiplication overflows, beyond our limit), we
    Richard> call __cxa_throw_bad_array_length. To support old C++ ABI
    Richard> libraries, we emit a weak form of this in every TU which
    Richard> invokes it, and the weak form calls __builtin_trap().

    Richard> Does this seem reasonable?


    Richard>  Would we want any part of this checking (for instance, the
    Richard> overflow check + trap) in C, or in C++-before-C++14? Maybe
    Richard> the flags should be -fvla-foo instead of -farb-foo?

I am curious about what is expected in the case of C checking.
In this case do we test for overflows also in the case of
multiple-dimension VLA too?

How to deal with C function definitions such as:
void foo(int n, int m, float array[n][m]) {


where do you put the test for n and m?
It looks to me that if you want to be ABI-compatible, you have to
synthesize a function wrapper and put the tests in it before calling the
real renamed function or something like that...

But even if it is difficult, I think your proposition of providing such
verification for C compilation in Clang is a good idea as it can improve
the code safety for C99.

Thank you,
  Ronan KERYELL                            |\/  Phone:  +1 650 386 6482
  SILKAN Wild Systems                      |/)
  4962 El Camino Real #201                 K    Ronan.Keryell at silkan.com
  Los Altos, CA 94022                      |\   skype:keryell
  USA                                      | \  http://silkan.com

More information about the cfe-dev mailing list