[U-Boot] C99 and dynamic arrays
Simon Glass
sjg at chromium.org
Wed Mar 13 19:48:47 CET 2013
[once more from correct address, sorry]
Hi,
On Wed, Mar 13, 2013 at 11:03 AM, Måns Rullgård <mans at mansr.com> wrote:
> Simon Glass <sjg at google.com> writes:
>
>> Hi Mans,
>>
>> On Wed, Mar 13, 2013 at 3:29 AM, Måns Rullgård <mans at mansr.com> wrote:
>>> Tom Rini <tom.rini at gmail.com> writes:
>>>
>>>> On Tue, Mar 12, 2013 at 7:22 PM, Simon Glass <sjg at google.com> wrote:
>>>>> Hi,
>>>>>
>>>>> Given that we seem to allow C99 features in U-Boot I wonder if it
>>>>> would be OK to use dynamic arrays in SPL?
>>>>>
>>>>> I am trying to replace:
>>>>>
>>>>> ptr = malloc(size);
>>>>>
>>>>> with:
>>>>>
>>>>> char ptr[size];
>>>>>
>>>>> to avoid use of malloc in SPL. Can I assume that is permitted?
>>>>
>>>> Without knowing the underlying mechanics of how that works, "maybe".
>>>
>>> How it works depends on the compiler. Some compilers implement it by
>>> calling malloc(). GCC uses the stack.
>>>
>>> Regardless of how they are implemented, variable-length arrays should,
>>> in my opinion, never be used. There is simply no way they can be used
>>> safely since no mechanism for detecting failure is provided. If the
>>> requested size is too large, you will silently overflow the stack or end
>>> up with an invalid/null pointer. In an environment without full memory
>>> protection, errors resulting from this are very hard to track down.
>>
>> I suppose we could check the available stack space. However I don't
>> really see a clear stack bottom in U-Boot - I think it is set up to
>> grow downwards as much as needed. I can certainly add sanity checks on
>> the input values.
>
> There is no way to check stack usage from C.
Well there is an architecture-specific way. A function can generally
find its own stack pointer by taking the address of a local variable,
so it is possible to write a function to check for stack overflow. We
could add this in U-Boot if it is a general problem. For my purposes
the amount of stack I intend to allocate is fairly small (1-2KB
perhaps).
>
>>> If the size is somehow limited to a safe value, it is more efficient to
>>> simply allocate this maximum size statically.
>>
>> Yes although this does waste BSS.
>
> Sorry, I meant a statically sized stack allocation.
OK, then I suppose this is not much different from dynamic arrays?
>
> --
> Måns Rullgård
> mans at mansr.com
Regards,
Simon
More information about the U-Boot
mailing list