[PATCH] score: Use flexible-array member for C99 and later

Joel Sherrill joel at rtems.org
Mon Aug 3 12:42:57 UTC 2020 

On Mon, Aug 3, 2020 at 3:45 AM Sebastian Huber <
sebastian.huber at embedded-brains.de> wrote:

> This addresses compiler warnings like this:
>
> warning: array subscript 0 is outside the bounds of an interior
> zero-length array 'abc[0]' [-Wzero-length-bounds]
> ---
>  cpukit/include/rtems/score/basedefs.h | 6 +++++-
>  1 file changed, 5 insertions(+), 1 deletion(-)
>
> diff --git a/cpukit/include/rtems/score/basedefs.h
> b/cpukit/include/rtems/score/basedefs.h
> index a934507d80..5a7e4e4f31 100644
> --- a/cpukit/include/rtems/score/basedefs.h
> +++ b/cpukit/include/rtems/score/basedefs.h
> @@ -430,7 +430,11 @@
>   * doesn't allow flexible array members.  Use the GNU extension which is
> also
>   * supported by other compilers.
>   */
> -#define RTEMS_ZERO_LENGTH_ARRAY 0
> +#if __STDC_VERSION__ >= 199409L
> +  #define RTEMS_ZERO_LENGTH_ARRAY
> +#else
> +  #define RTEMS_ZERO_LENGTH_ARRAY 0
> +#endif
>

I'm not disagreeing with this change since it moves to the C99 feature
rather than
a GNU extension but any use of it violates a rule in various safety
standards. Google
randomly found the CodeSonar manual which cites:


   - MISRA C:2004, 8.12 - When an array is declared with external linkage,
   its size shall be stated explicitly or defined implicitly by initialisation
   - MISRA C++:2008, 3-1-3 - When an array is declared, its size shall
   either be stated explicitly or defined implicitly by initialization
   - MISRA C:2012, 8.11 - When an array with external linkage is declared,
   its size should be explicitely specified
   - MISRA C:2012, 9.5 - Where designated initializers are used to
   initialize an array object the size of the array shall be specified
   explicitly
   - CERT, ARR02-C. <https://www.securecoding.cert.org/confluence/x/HQEOAQ> -
   Explicitly specify array bounds, even if implicitly defined by an
   initializer


https://rules.sonarsource.com/c/RSPEC-834

We should definitely limit the use of this.

>
>  /**
>   * @brief Returns a pointer to the container of a specified member
> pointer.
> --
> 2.26.2
>
> _______________________________________________
> devel mailing list
> devel at rtems.org
> http://lists.rtems.org/mailman/listinfo/devel
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rtems.org/pipermail/devel/attachments/20200803/9a1ce9fc/attachment.html>

More information about the devel mailing list