6

The (accepted) proposal for "Runtime-sized arrays with automatic storage duration (N3639)" asserts that

Stack overflow becomes more likely, in particular if the size depends on external input and is not properly checked. Some environments might therefore prohibit the use of the feature. Such a prohibition can be easily enforced with a static analysis tool.

I do not consider enforcement to be easy if it requires the analyzer to implement a full C++ compiler.

Consider the following code:

template<typename T>
inline void array_user( const T& x )
{
    int a[f(traits<T>::omega)];
}

It looks to me like the analysis needs to be repeated for each use of array_user<T> and consider:

  • Applicable specializations of traits<T> discoverable at the point of use of array_user<T>
  • Whether traits<T>::omega is a compile-time constant expression (either via constexpr or C++03 approaches such as enum)
  • The type of traits<T>::omega
  • Whether the applicable overload of f() (at the point of use of array_user<T> and possibly found via ADL) is constexpr

Am I missing something? Is it possible to enforce such a restriction without going through full compilation?

Can code be written in such a way to simplify verification of non-use of runtime bounds?

Improve this question
7
  • 1
    Considering that N3652 makes almost everything legal in constexpr functions in C++1y, writing a general static analyzer will require you to implement an interpreter as well as a compiler. Commented Aug 1, 2013 at 21:04
  • @Casey: Is it guaranteed that every constexpr function will return a compile-time constant if its parameters are compile-time constants? Or can it depend on specializations of templates consumed (possibly indirectly) by the constexpr function? I still feel like that can be determined via type analysis, without actually computing the result of the constexpr function (and all the execution that entails) Commented Aug 1, 2013 at 21:07
  • I'm not worried about a general static analyzer for the purposes of this question, just one to detect use of runtime bounds. Commented Aug 1, 2013 at 21:07
  • Comment was really meant generally, and not to address this specific question. constexpr functions are only guaranteed to be evaluated at compile time when used in a context that requires a constant expression - I'm certain how they interact with arrays of runtime bound. So it may be necessary to determine if the arguments are constant expressions to determine if an array has static or runtime bound. Commented Aug 1, 2013 at 21:14
  • @Casey: I agree, that's what I meant by the bulleted list in my question. But you allude to something else. In C++11, an array bound is required to be a compile-time constant, and so it forces the compiler to evaluate any constexpr functions at compile-time. In C++14, would the compiler be able to choose to make an array of runtime bound even when a statically-sized array would be feasible, and then evaluate constexpr functions at runtime? Commented Aug 1, 2013 at 21:16

1 Answer 1

Reset to default
1

If I were tasked with writing an analyzer to statically verify non-use of runtime-bounds, I would reject the above code. I would require all array declarations to either use an integral literal for the bound or be annotated to have the compiler reject runtime-bounds.

template<typename T>
inline void array_user( const T& x )
{
    int a[f(traits<T>::omega)];
    sizeof a;
}

However, given the number of compilers that currently provide C99-style VLAs in C++ mode as an extension, I'm not confident that they would actually conform to the C++14 behavior of forbidding sizeof.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Clang/gcc allow decltype for VLAs, and clang allows typeinfo() as well. I think template deduction is the only way to force static bounds easily that works in today's compilers (example).

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.