Thanks for all the explanations.
Richard Henderson wrote:
>
> In the case of the (fake) flexible array member, you do not know
> how large the object allocated from malloc was unless you can
> track down the actual malloc call.
>
Gabriel Dos Reis wrote:
> typedef struct {
> int data[1];
> } foo;
>
> foo* p = (foo *) malloc (sizeof (foo) + N * sizeof (int));
> // there are enough room for N ints, and the store is properly
> // aligned.
>
> for (int i = 0; i < N; ++i)
> p->data[i] = frobnicate (N, i);
Is the following still correct? (accessing elements of before_end
that will dynamically be allocated)
typedef struct {
int before_end[5];
int bar;
int data[1];
} foo;
foo* p = (foo *) malloc (sizeof (foo) + N * sizeof (int));
// there are enough room for N ints, and the store is properly
// aligned.
for (int i = 0; i < N + 6; ++i)
p->before_end[i] = frobnicate (N, i);
If this is still correct, I will just restrict the analyzer to not
infer any property from data defined in structs.
If accessing "p->bar" via "p->before_end[5]" is not correct, I can
restrict the analyzer to work only on "non last array in a struct".
