array cookie rules are vague and misleading for multidimensional arrays

[zygoloid]

We currently say this about array cookies:

When operator new is used to create a new array, a cookie is usually stored to remember the allocated length (number of array elements) so that it can be deallocated correctly.

Specifically:

No cookie is required if the array element type T has a trivial destructor (12.4 [class.dtor]) and the usual (array) deallocation function (3.7.3.2 [basic.stc.dynamic.deallocation]) function does not take two arguments.

... and then we say that we allocate a number of bytes equal to sizeof(T) * n plus some overhead, and store n in the array cookie.

That's wrong, though: in the case where the array element type is itself an array type, all implementations actually recursively decompose the allocated type down to a non-array type, and then apply the above rules with n being the product of the array bounds.

Maybe solving this could be as simple as adding: "For the purpose of this rule, multidimensional arrays T[a][b]... are first flattened to single-dimensional arrays T[a*b*...]." or similar?

[rjmccall]

Do you feel that my current attempt at improving the wording here (#123) addresses this? I still need to update that PR per feedback.

[zygoloid]

Yes, I think #123's current wording would address this.