Hi Paul, On Sat, Dec 13, 2025 at 09:14:12PM -0800, Paul Eggert wrote: > On 2025-12-13 16:34, Alejandro Colomar wrote: > > > #define ARRAY_OF_AT_LEAST(a,n) a[static n] > > Please don't use [static n] ever. I want to remove it from the > > standard, and I think I'm quite advanced in convincing the right people. > > If you start using it, that could be negative to my efforts. > > I put a similar macro into Gnulib more than a decade ago with Gnulib's vla > module, which does this: > > #ifdef __STDC_NO_VLA__ > # define VLA_ELEMS(n) > #else > # define VLA_ELEMS(n) static n > #endif
You could use 'n' instead of 'static n'. I expect that would work always. > ... the idea being that you can use the syntax 'int foo[VLA_ELEMS (10)]' if > you like. However, the only use I know of is the obsolescent program Gnu RCS > that the module was introduced for. The late Thien-Thi Nguyen asked for > VLA_ELEMS and used it mostly for documentation I think. See the thread > starting at <https://lists.gnu.org/r/bug-gnulib/2014-08/msg00012.html>. > > As I understand things, the main use of [static n] advocated by Jens Gustedt > is as as a not-immediately-obvious way to assert that a pointer parameter is > non-null. Yes, 'static' in array parameters essentially means [[gnu::nonnull()]]. We already know how dangerous [[gnu::nonnull()]] is, so 'static' should be considered just as dangerous. Actually, [static n] is *more* dangerous than [[gnu::nonnull()]], as it also implies that n>0, something which may not be true always, and when it's not true, it's straight UB. And this is way more dangerous than [[gnu::nonnull()]], because there's nothing like -fno-delete-null-pointer-checks for array bounds. If you trigger this UB, you've lost. As said, do not ever use [static n]; it's Plutonium. Also, you'd do well in removing the few cases you already have. > But for Gnulib-using software we use _GL_ATTRIBUTE_NONNULL for > that instead. Although there's also a secondary use of [static n] to allow > separately-compiled code to fetch contents of arrays more aggressively, I'm > not sure the small benefit of that is worth the hassle. It's not about the hassle, it's about how dangerous [static n] is. Please use plain [n]. Have a lovely day! Alex -- <https://www.alejandro-colomar.es>
signature.asc
Description: PGP signature
