Re: [PATCH] score: Use flexible-array member for C99 and later

Mon, 03 Aug 2020 06:38:03 -0700 

On 03/08/2020 14:42, Joel Sherrill wrote:





On Mon, Aug 3, 2020 at 3:45 AM Sebastian Huber 
<sebastian.hu...@embedded-brains.de 
<mailto:sebastian.hu...@embedded-brains.de>> wrote:


    This addresses compiler warnings like this:

    warning: array subscript 0 is outside the bounds of an interior
    zero-length array 'abc[0]' [-Wzero-length-bounds]
    ---
     cpukit/include/rtems/score/basedefs.h | 6 +++++-
     1 file changed, 5 insertions(+), 1 deletion(-)

    diff --git a/cpukit/include/rtems/score/basedefs.h
    b/cpukit/include/rtems/score/basedefs.h
    index a934507d80..5a7e4e4f31 100644
    --- a/cpukit/include/rtems/score/basedefs.h
    +++ b/cpukit/include/rtems/score/basedefs.h
    @@ -430,7 +430,11 @@
      * doesn't allow flexible array members.  Use the GNU extension
    which is also
      * supported by other compilers.
      */
    -#define RTEMS_ZERO_LENGTH_ARRAY 0
    +#if __STDC_VERSION__ >= 199409L
    +  #define RTEMS_ZERO_LENGTH_ARRAY
    +#else
    +  #define RTEMS_ZERO_LENGTH_ARRAY 0
    +#endif



I'm not disagreeing with this change since it moves to the C99 feature 
rather than
a GNU extension but any use of it violates a rule in various safety 
standards. Google

randomly found the CodeSonar manual which cites:

  * MISRA C:2004, 8.12 - When an array is declared with external
    linkage, its size shall be stated explicitly or defined implicitly
    by initialisation
  * MISRA C++:2008, 3-1-3 - When an array is declared, its size shall
    either be stated explicitly or defined implicitly by initialization
  * MISRA C:2012, 8.11 - When an array with external linkage is
    declared, its size should be explicitely specified
  * MISRA C:2012, 9.5 - Where designated initializers are used to
    initialize an array object the size of the array shall be
    specified explicitly
  * CERT, ARR02-C.
    <https://www.securecoding.cert.org/confluence/x/HQEOAQ> -
    Explicitly specify array bounds, even if implicitly defined by an
    initializer


https://rules.sonarsource.com/c/RSPEC-834

We should definitely limit the use of this.



Yes, dynamically sized arrays should be used with care. I added the 
RTEMS_ZERO_LENGTH_ARRAY some time ago to find them more easily in the 
code base.



_______________________________________________
devel mailing list
devel@rtems.org
http://lists.rtems.org/mailman/listinfo/devel





















					Reply via email to