[cfe-dev] [RFC] Control -Wvla for conformant parameters

Aaron Ballman via cfe-dev cfe-dev at lists.llvm.org
Mon Nov 8 04:34:21 PST 2021 

On Sun, Nov 7, 2021 at 10:27 AM Hu Jialun via cfe-dev
<cfe-dev at lists.llvm.org> wrote:
>
> Hello,
>
> It appears that -Wvla tends to be used for two different purposes,
>
> - Code compatibility with pre- and post-C99 code
> - Good practices since VLA can have security implications
>
> -Wvla seems to only serve the former one satisfactorily now. For the latter
> purpose, conformant array parameters would still generate VLA diagnosis
> although they degrade into pointers and have no runtime implications. There is
> currently no way to inhibit such false positives.
>
>         $ clang -Wvla -x c -std=c99 - <<< "void f(unsigned n, int a[n]);"
>         <stdin>:1:26: warning: variable length array used [-Wvla]
>         void f(unsigned n, int a[n]);
>                                 ^
>
> I propose that a separate warning against conformant parameters be extracted
> from -Wvla, so that it is possible to negate it. I would be more than glad if
> I could attempt to work out the implementation should this proposal be
> accepted.

I think this makes a fair amount of sense. In the standard, VLAs are
split into two concepts: a variably-modified type and a variable
length array. (Basically, the type of a VLA is a variably modified
type, so you get a VM type in function parameters but a VLA in local
object declarations.) A variably modified type is not the same level
of concern as a variable length array, so I think it makes sense to
give a distinction with our warning groups.

One interesting trouble is with the diagnostic names. Users are used
to -Wvla warning them about VMs already, so removing warnings they may
have wanted to get seems like a bad thing. Also, VM types cannot exist
without VLA support in the compiler (aka `__STDC_NO_VLA__`), and -Wvla
tells you all of the places you're forming a type that may not be
portable to other compilers. So my gut instinct is to leave -Wvla
alone and make a new subset grouping for VMs. But the downside to this
is: the names are exactly backwards. All VLAs are a VM, but not all
VMs are a VLA, so we'd want -Wvm to be the superset and -Wvla to be
the subset. I'm not certain what the best way forward here is, but I
suspect we can pick a defensible path later,

~Aaron

>
> Best regards,
> Hu Jialun
>
>
> _______________________________________________
> cfe-dev mailing list
> cfe-dev at lists.llvm.org
> https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-dev

More information about the cfe-dev mailing list