unistr/u{8,16,32}-uctomb: Avoid possible trouble with huge strings.
[gnulib.git] / lib / vla.h
blob4af7567ed367ee68e1e35e2d58ae777ae6183ff4
1 /* vla.h - variable length arrays
3 Copyright 2014-2020 Free Software Foundation, Inc.
5 This program is free software: you can redistribute it and/or modify
6 it under the terms of the GNU General Public License as published by
7 the Free Software Foundation; either version 3 of the License, or
8 (at your option) any later version.
10 This program is distributed in the hope that it will be useful,
11 but WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 GNU General Public License for more details.
15 You should have received a copy of the GNU General Public License
16 along with this program. If not, see <https://www.gnu.org/licenses/>.
18 Written by Paul Eggert. */
20 /* The VLA_ELEMS macro does not allocate variable-length arrays (VLAs),
21 so it does not have the security or performance issues commonly
22 associated with VLAs. VLA_ELEMS is for exploiting a C11 feature
23 where a function can start like this:
25 double scan_array (int n, double v[static n])
27 to require a caller to pass a vector V with at least N elements;
28 this allows better static checking and performance in some cases.
29 In C11 this feature means that V is a VLA, so the feature is
30 supported only if __STDC_NO_VLA__ is defined, and for compatibility
31 to platforms that do not support VLAs, VLA_ELEMS (n) expands to
32 nothing when __STDC_NO_VLA__ is not defined. */
34 /* A function's argument must point to an array with at least N elements.
35 Example: 'int main (int argc, char *argv[VLA_ELEMS (argc)]);'. */
37 #ifdef __STDC_NO_VLA__
38 # define VLA_ELEMS(n)
39 #else
40 # define VLA_ELEMS(n) static n
41 #endif
43 /* Although C99 requires support for variable-length arrays (VLAs),
44 some C compilers never supported VLAs and VLAs are optional in C11.
45 VLAs are controversial because their allocation may be unintended
46 or awkward to support, and large VLAs might cause security or
47 performance problems. GCC can diagnose the use of VLAs via the
48 -Wvla and -Wvla-larger-than warnings options, and defining the
49 macro GNULIB_NO_VLA disables the allocation of VLAs in Gnulib code.
51 The VLA_ELEMS macro is unaffected by GNULIB_NO_VLA, since it does
52 not allocate VLAs. Programs that use VLA_ELEMS should be compiled
53 with 'gcc -Wvla-larger-than' instead of with 'gcc -Wvla'. */