Simon Glass <s...@chromium.org> writes: > [once more from correct address, sorry] > > Hi, > > On Wed, Mar 13, 2013 at 11:03 AM, Måns Rullgård <m...@mansr.com> wrote: >> Simon Glass <s...@google.com> writes: >> >>> Hi Mans, >>> >>> On Wed, Mar 13, 2013 at 3:29 AM, Måns Rullgård <m...@mansr.com> wrote: >>>> Tom Rini <tom.r...@gmail.com> writes: >>>> >>>>> On Tue, Mar 12, 2013 at 7:22 PM, Simon Glass <s...@google.com> wrote: >>>>>> Hi, >>>>>> >>>>>> Given that we seem to allow C99 features in U-Boot I wonder if it >>>>>> would be OK to use dynamic arrays in SPL? >>>>>> >>>>>> I am trying to replace: >>>>>> >>>>>> ptr = malloc(size); >>>>>> >>>>>> with: >>>>>> >>>>>> char ptr[size]; >>>>>> >>>>>> to avoid use of malloc in SPL. Can I assume that is permitted? >>>>> >>>>> Without knowing the underlying mechanics of how that works, "maybe". >>>> >>>> How it works depends on the compiler. Some compilers implement it by >>>> calling malloc(). GCC uses the stack. >>>> >>>> Regardless of how they are implemented, variable-length arrays should, >>>> in my opinion, never be used. There is simply no way they can be used >>>> safely since no mechanism for detecting failure is provided. If the >>>> requested size is too large, you will silently overflow the stack or end >>>> up with an invalid/null pointer. In an environment without full memory >>>> protection, errors resulting from this are very hard to track down. >>> >>> I suppose we could check the available stack space. However I don't >>> really see a clear stack bottom in U-Boot - I think it is set up to >>> grow downwards as much as needed. I can certainly add sanity checks on >>> the input values. >> >> There is no way to check stack usage from C. > > Well there is an architecture-specific way. A function can generally > find its own stack pointer by taking the address of a local variable, > so it is possible to write a function to check for stack overflow.
Performing such checks without getting into undefined behaviours is tricky if not impossible, and modern compilers are quite effective at exploiting these, rendering such checks useless. Remember the deleted null checks in the kernel a while back? > We could add this in U-Boot if it is a general problem. For my > purposes the amount of stack I intend to allocate is fairly small > (1-2KB perhaps). I'm sure what you _intend_ to allocate is safe, but what's to guarantee that the values are sane? >>>> If the size is somehow limited to a safe value, it is more efficient to >>>> simply allocate this maximum size statically. >>> >>> Yes although this does waste BSS. >> >> Sorry, I meant a statically sized stack allocation. > > OK, then I suppose this is not much different from dynamic arrays? It gives more efficient code, if nothing else. -- Måns Rullgård m...@mansr.com _______________________________________________ U-Boot mailing list U-Boot@lists.denx.de http://lists.denx.de/mailman/listinfo/u-boot
