[PATCH 0/4] RFC samples converting VLA to alloca

[Mattias Rönnblom]

On 2024-04-08 17:27, Tyler Retzlaff wrote:
> For next technboard meeting.
> 
> On Sun, Apr 07, 2024 at 10:03:06AM -0700, Stephen Hemminger wrote:
>> On Sun, 7 Apr 2024 13:07:06 +0200
>> Morten Brørup <mb at smartsharesystems.com> wrote:
>>
>>>> From: Mattias Rönnblom [mailto:hofors at lysator.liu.se]
>>>> Sent: Sunday, 7 April 2024 11.32
>>>>
>>>> On 2024-04-04 19:15, Tyler Retzlaff wrote:
>>>>> This series is not intended for merge.  It insteat provides examples
>>>> of
>>>>> converting use of VLAs to alloca() would look like.
>>>>>
>>>>> what's the advantages of VLA over alloca()?
>>>>>
>>>>> * sizeof(array) works as expected.
>>>>>
>>>>> * multi-dimensional arrays are still arrays instead of pointers to
>>>>>     dynamically allocated space. this means multiple subscript syntax
>>>>>     works (unlike on a pointer) and calculation of addresses into
>>>> allocated
>>>>>     space in ascending order is performed by the compiler instead of
>>>> manually.
>>>>>   
>>>>
>>>> alloca() is a pretty obscure mechanism, and also not a part of the C
>>>> standard. VLAs are C99, and well-known and understood, and very
>>>> efficient.
>>>
>>> The RFC fails to mention why we need to replace VLAs with something else:
>>>
>>> VLAs are C99, but not C++; VLAs were made optional in C11.
>>>
>>> MSVC doesn't support VLAs, and is not going to:
>>> https://devblogs.microsoft.com/cppblog/c11-and-c17-standard-support-arriving-in-msvc/#variable-length-arrays
>>>
>>>
>>> I dislike alloca() too, and the notes section in the alloca(3) man page even discourages the use of alloca():
>>> https://man7.org/linux/man-pages/man3/alloca.3.html
>>>
>>> But I guess alloca() is the simplest replacement for VLAs.
>>> This RFC patch series opens the discussion for alternatives in different use cases.
>>>
>>
>> The other issue with VLA's is that if the number is something that can be externally
>> input, then it can be a source of stack overflow bugs. That is why the Linux kernel
>> has stopped using them; for security reasons. DPDK has much less of a security
>> trust domain. Mostly need to make sure that no data from network is being
>> used to compute VLA size.
>>
> 
> Looks like we need to discuss this at the next techboard meeting.
> 
> * MSVC doesn't support C11 optional VLAs (and never will).

This is due to dogmatism, or what? Surely, a lot of Open Source projects 
written for C99 will use VLAs.

> * alloca() is an alternative that is available on all platforms/toolchain
>    combinations.

alloca() is a poor alternative. The use of alloca() should be restricted 
to situations where statically sized arrays can't do the job.

> * it's reasonable for some VLAs to be turned into regular arrays but it
>    would be unsatisfactory to be stuck waiting discussions of defining new
>    constant expression macros on a per-use basis.
> * there is resistance to using alloca() vs VLA so my proposal is to
>    change only the code that is built to target windows.