[PATCH] score: Use flexible-array member for C99 and later

Sebastian Huber sebastian.huber at embedded-brains.de
Mon Aug 3 13:37:38 UTC 2020


On 03/08/2020 14:42, Joel Sherrill wrote:

>
>
> On Mon, Aug 3, 2020 at 3:45 AM Sebastian Huber 
> <sebastian.huber at embedded-brains.de 
> <mailto:sebastian.huber at embedded-brains.de>> wrote:
>
>     This addresses compiler warnings like this:
>
>     warning: array subscript 0 is outside the bounds of an interior
>     zero-length array 'abc[0]' [-Wzero-length-bounds]
>     ---
>      cpukit/include/rtems/score/basedefs.h | 6 +++++-
>      1 file changed, 5 insertions(+), 1 deletion(-)
>
>     diff --git a/cpukit/include/rtems/score/basedefs.h
>     b/cpukit/include/rtems/score/basedefs.h
>     index a934507d80..5a7e4e4f31 100644
>     --- a/cpukit/include/rtems/score/basedefs.h
>     +++ b/cpukit/include/rtems/score/basedefs.h
>     @@ -430,7 +430,11 @@
>       * doesn't allow flexible array members.  Use the GNU extension
>     which is also
>       * supported by other compilers.
>       */
>     -#define RTEMS_ZERO_LENGTH_ARRAY 0
>     +#if __STDC_VERSION__ >= 199409L
>     +  #define RTEMS_ZERO_LENGTH_ARRAY
>     +#else
>     +  #define RTEMS_ZERO_LENGTH_ARRAY 0
>     +#endif
>
>
> I'm not disagreeing with this change since it moves to the C99 feature 
> rather than
> a GNU extension but any use of it violates a rule in various safety 
> standards. Google
> randomly found the CodeSonar manual which cites:
>
>   * MISRA C:2004, 8.12 - When an array is declared with external
>     linkage, its size shall be stated explicitly or defined implicitly
>     by initialisation
>   * MISRA C++:2008, 3-1-3 - When an array is declared, its size shall
>     either be stated explicitly or defined implicitly by initialization
>   * MISRA C:2012, 8.11 - When an array with external linkage is
>     declared, its size should be explicitely specified
>   * MISRA C:2012, 9.5 - Where designated initializers are used to
>     initialize an array object the size of the array shall be
>     specified explicitly
>   * CERT, ARR02-C.
>     <https://www.securecoding.cert.org/confluence/x/HQEOAQ> -
>     Explicitly specify array bounds, even if implicitly defined by an
>     initializer
>
>
> https://rules.sonarsource.com/c/RSPEC-834
>
> We should definitely limit the use of this.

Yes, dynamically sized arrays should be used with care. I added the 
RTEMS_ZERO_LENGTH_ARRAY some time ago to find them more easily in the 
code base.




More information about the devel mailing list