From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gcc-patches-return-506536-listarch-gcc-patches=gcc.gnu.org@gcc.gnu.org>
Received: (qmail 25248 invoked by alias); 8 Aug 2019 19:26:01 -0000
Mailing-List: contact gcc-patches-help@gcc.gnu.org; run by ezmlm
Precedence: bulk
List-Id: <gcc-patches.gcc.gnu.org>
List-Archive: <http://gcc.gnu.org/ml/gcc-patches/>
List-Post: <mailto:gcc-patches@gcc.gnu.org>
List-Help: <mailto:gcc-patches-help@gcc.gnu.org>
Sender: gcc-patches-owner@gcc.gnu.org
Received: (qmail 25240 invoked by uid 89); 8 Aug 2019 19:26:00 -0000
Authentication-Results: sourceware.org; auth=none
X-Spam-SWARE-Status: No, score=-10.1 required=5.0 tests=AWL,BAYES_00,SPF_HELO_PASS autolearn=ham version=3.3.1 spammy=
X-HELO: mx1.redhat.com
Received: from mx1.redhat.com (HELO mx1.redhat.com) (209.132.183.28) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Thu, 08 Aug 2019 19:25:59 +0000
Received: from smtp.corp.redhat.com (int-mx04.intmail.prod.int.phx2.redhat.com [10.5.11.14])	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))	(No client certificate requested)	by mx1.redhat.com (Postfix) with ESMTPS id 0C7FB3067233	for <gcc-patches@gcc.gnu.org>; Thu,  8 Aug 2019 19:25:58 +0000 (UTC)
Received: from redhat.com (unknown [10.20.4.51])	by smtp.corp.redhat.com (Postfix) with ESMTPS id 9F74A5D9CC;	Thu,  8 Aug 2019 19:25:57 +0000 (UTC)
Date: Thu, 08 Aug 2019 19:48:00 -0000
From: Marek Polacek <polacek@redhat.com>
To: Jason Merrill <jason@redhat.com>
Cc: GCC Patches <gcc-patches@gcc.gnu.org>
Subject: Re: C++ PATCH for c++/91264 - detect modifying const objects in constexpr
Message-ID: <20190808192555.GY28284@redhat.com>
References: <20190731192659.GP32749@redhat.com> <902366c6-754a-de65-f78e-25834263ac8a@redhat.com> <20190806192021.GL28284@redhat.com> <68bb270b-fa29-972d-7cc3-790dbcf02767@redhat.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <68bb270b-fa29-972d-7cc3-790dbcf02767@redhat.com>
User-Agent: Mutt/1.12.1 (2019-06-15)
X-SW-Source: 2019-08/txt/msg00581.txt.bz2

On Thu, Aug 08, 2019 at 11:06:17AM -0400, Jason Merrill wrote:
> On 8/6/19 3:20 PM, Marek Polacek wrote:
> > On Mon, Aug 05, 2019 at 03:54:19PM -0400, Jason Merrill wrote:
> > > On 7/31/19 3:26 PM, Marek Polacek wrote:
> > > > One of the features of constexpr is that it doesn't allow UB; and such UB must
> > > > be detected at compile-time.  So running your code in a context that requires
> > > > a constant expression should ensure that the code in question is free of UB.
> > > > In effect, constexpr can serve as a sanitizer.  E.g. this article describes in
> > > > in more detail:
> > > > <https://shafik.github.io/c++/undefined%20behavior/2019/05/11/explporing_undefined_behavior_using_constexpr.html>
> > > > 
> > > > [dcl.type.cv]p4 says "Any attempt to modify a const object during its lifetime
> > > > results in undefined behavior." However, as the article above points out, we
> > > > aren't detecting that case in constexpr evaluation.
> > > > 
> > > > This patch fixes that.  It's not that easy, though, because we have to keep in
> > > > mind [class.ctor]p5:
> > > > "A constructor can be invoked for a const, volatile or const volatile object.
> > > > const and volatile semantics are not applied on an object under construction.
> > > > They come into effect when the constructor for the most derived object ends."
> > > > 
> > > > I handled this by keeping a hash set which tracks objects under construction.
> > > > I considered other options, such as going up call_stack, but that wouldn't
> > > > work with trivial constructor/op=.  It was also interesting to find out that
> > > > the definition of TREE_HAS_CONSTRUCTOR says "When appearing in a FIELD_DECL,
> > > > it means that this field has been duly initialized in its constructor" though
> > > > nowhere in the codebase do we set TREE_HAS_CONSTRUCTOR on a FIELD_DECL as far
> > > > as I can see.  Unfortunately, using this bit proved useless for my needs here.
> > > 
> > > > Also, be mindful of mutable subobjects.
> > > > 
> > > > Does this approach look like an appropriate strategy for tracking objects'
> > > > construction?
> > > 
> > > For scalar objects, we should be able to rely on INIT_EXPR vs. MODIFY_EXPR
> > > to distinguish between initialization and modification; for class objects, I
> > 
> > This is already true: only class object go into the hash set.
> > 
> > > wonder about setting a flag on the CONSTRUCTOR after initialization is
> > > complete to indicate that the value is now constant.
> > 
> > But here we're not dealing with CONSTRUCTORs in the gcc sense (i.e. exprs with
> > TREE_CODE == CONSTRUCTOR).  We have a CALL_EXPR like Y::Y ((struct Y *) &y),
> > which initializes the object "y".  Setting a flag on the CALL_EXPR or its underlying
> > function decl wouldn't help.
> > 
> > Am I missing something?
> 
> I was thinking that where in your current patch you call
> remove_object_under_construction, we could instead mark the object's value
> CONSTRUCTOR as immutable.

Ah, what you meant was to look at DECL_INITIAL of the object we're
constructing, which could be a CONSTRUCTOR.  Unfortunately, this
DECL_INITIAL is null (in all the new tests when doing
remove_object_under_construction), so there's nothing to mark as TREE_READONLY :/.

Marek