The moment the size isn't trivially available the warnings cease. I was using that example just to keep the code brief.
This is a problem because it's trivially easy to have code along the lines of
void foo(int size, int buffer[size]) {
...
int new_base = some_math;
int new_size = some_other_math;
foo(new_size, buffer+new_base);
...
}
That computes the size or base incorrectly, and the compiler will do nothing to stop you walking off the ends.
Obviously this RFC just uses the existing syntax if it's there and doesn't need explicit annotations, but the existing syntax requires the size parameter first which many APIs don't have. gcc has an extension to pre-declare a parameter name and type but you can't just use macros to make that work in other or older compilers. They also don't support sizes that aren't just a direct reference to a parameter (e.g. you can't make void some_matrix_func(int size, float matrix[size*size])).
This is a problem because it's trivially easy to have code along the lines of
That computes the size or base incorrectly, and the compiler will do nothing to stop you walking off the ends.Obviously this RFC just uses the existing syntax if it's there and doesn't need explicit annotations, but the existing syntax requires the size parameter first which many APIs don't have. gcc has an extension to pre-declare a parameter name and type but you can't just use macros to make that work in other or older compilers. They also don't support sizes that aren't just a direct reference to a parameter (e.g. you can't make void some_matrix_func(int size, float matrix[size*size])).