On 03/13/2013 12:03 PM, Måns Rullgård wrote:
Simon Glass sjg@google.com writes:
Hi Mans,
On Wed, Mar 13, 2013 at 3:29 AM, Måns Rullgård mans@mansr.com wrote:
Tom Rini tom.rini@gmail.com writes:
On Tue, Mar 12, 2013 at 7:22 PM, Simon Glass sjg@google.com wrote:
Hi,
Given that we seem to allow C99 features in U-Boot I wonder if it would be OK to use dynamic arrays in SPL?
I am trying to replace:
ptr = malloc(size);
with:
char ptr[size];
to avoid use of malloc in SPL. Can I assume that is permitted?
Without knowing the underlying mechanics of how that works, "maybe".
How it works depends on the compiler. Some compilers implement it by calling malloc(). GCC uses the stack.
Regardless of how they are implemented, variable-length arrays should, in my opinion, never be used. There is simply no way they can be used safely since no mechanism for detecting failure is provided. If the requested size is too large, you will silently overflow the stack or end up with an invalid/null pointer. In an environment without full memory protection, errors resulting from this are very hard to track down.
I suppose we could check the available stack space. However I don't really see a clear stack bottom in U-Boot - I think it is set up to grow downwards as much as needed. I can certainly add sanity checks on the input values.
There is no way to check stack usage from C.
If the size is somehow limited to a safe value, it is more efficient to simply allocate this maximum size statically.
Yes although this does waste BSS.
Sorry, I meant a statically sized stack allocation.
But, there's also no way to detect failure in that case either.