[U-Boot] C99 and dynamic arrays

Måns Rullgård mans at mansr.com
Wed Mar 13 19:03:30 CET 2013


Simon Glass <sjg at google.com> writes:

> Hi Mans,
>
> On Wed, Mar 13, 2013 at 3:29 AM, Måns Rullgård <mans at mansr.com> wrote:
>> Tom Rini <tom.rini at gmail.com> writes:
>>
>>> On Tue, Mar 12, 2013 at 7:22 PM, Simon Glass <sjg at google.com> wrote:
>>>> Hi,
>>>>
>>>> Given that we seem to allow C99 features in U-Boot I wonder if it
>>>> would be OK to use dynamic arrays in SPL?
>>>>
>>>> I am trying to replace:
>>>>
>>>> ptr = malloc(size);
>>>>
>>>> with:
>>>>
>>>> char ptr[size];
>>>>
>>>> to avoid use of malloc in SPL. Can I assume that is permitted?
>>>
>>> Without knowing the underlying mechanics of how that works, "maybe".
>>
>> How it works depends on the compiler.  Some compilers implement it by
>> calling malloc().  GCC uses the stack.
>>
>> Regardless of how they are implemented, variable-length arrays should,
>> in my opinion, never be used.  There is simply no way they can be used
>> safely since no mechanism for detecting failure is provided.  If the
>> requested size is too large, you will silently overflow the stack or end
>> up with an invalid/null pointer.  In an environment without full memory
>> protection, errors resulting from this are very hard to track down.
>
> I suppose we could check the available stack space. However I don't
> really see a clear stack bottom in U-Boot - I think it is set up to
> grow downwards as much as needed. I can certainly add sanity checks on
> the input values.

There is no way to check stack usage from C.

>> If the size is somehow limited to a safe value, it is more efficient to
>> simply allocate this maximum size statically.
>
> Yes although this does waste BSS.

Sorry, I meant a statically sized stack allocation.

-- 
Måns Rullgård
mans at mansr.com


More information about the U-Boot mailing list