From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <gcc-patches-return-506514-listarch-gcc-patches=gcc.gnu.org@gcc.gnu.org>
Received: (qmail 42192 invoked by alias); 8 Aug 2019 15:06:24 -0000
Mailing-List: contact gcc-patches-help@gcc.gnu.org; run by ezmlm
Precedence: bulk
List-Id: <gcc-patches.gcc.gnu.org>
List-Archive: <http://gcc.gnu.org/ml/gcc-patches/>
List-Post: <mailto:gcc-patches@gcc.gnu.org>
List-Help: <mailto:gcc-patches-help@gcc.gnu.org>
Sender: gcc-patches-owner@gcc.gnu.org
Received: (qmail 42178 invoked by uid 89); 8 Aug 2019 15:06:24 -0000
Authentication-Results: sourceware.org; auth=none
X-Spam-SWARE-Status: No, score=-1.9 required=5.0 tests=AWL,BAYES_00,RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 spammy=MODIFY_EXPR, modify_expr, H*RU:209.85.160.193, HX-Spam-Relays-External:209.85.160.193
X-HELO: mail-qt1-f193.google.com
Received: from mail-qt1-f193.google.com (HELO mail-qt1-f193.google.com) (209.85.160.193) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Thu, 08 Aug 2019 15:06:22 +0000
Received: by mail-qt1-f193.google.com with SMTP id a15so92430427qtn.7        for <gcc-patches@gcc.gnu.org>; Thu, 08 Aug 2019 08:06:22 -0700 (PDT)
Return-Path: <jason@redhat.com>
Received: from [192.168.1.5] (pool-71-168-71-123.cncdnh.fast.myfairpoint.net. [71.168.71.123])        by smtp.gmail.com with ESMTPSA id q73sm27684934qke.90.2019.08.08.08.06.18        (version=TLS1_3 cipher=AEAD-AES128-GCM-SHA256 bits=128/128);        Thu, 08 Aug 2019 08:06:18 -0700 (PDT)
Subject: Re: C++ PATCH for c++/91264 - detect modifying const objects in constexpr
To: Marek Polacek <polacek@redhat.com>
Cc: GCC Patches <gcc-patches@gcc.gnu.org>
References: <20190731192659.GP32749@redhat.com> <902366c6-754a-de65-f78e-25834263ac8a@redhat.com> <20190806192021.GL28284@redhat.com>
From: Jason Merrill <jason@redhat.com>
Message-ID: <68bb270b-fa29-972d-7cc3-790dbcf02767@redhat.com>
Date: Thu, 08 Aug 2019 15:18:00 -0000
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.8.0
MIME-Version: 1.0
In-Reply-To: <20190806192021.GL28284@redhat.com>
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 7bit
X-IsSubscribed: yes
X-SW-Source: 2019-08/txt/msg00559.txt.bz2

On 8/6/19 3:20 PM, Marek Polacek wrote:
> On Mon, Aug 05, 2019 at 03:54:19PM -0400, Jason Merrill wrote:
>> On 7/31/19 3:26 PM, Marek Polacek wrote:
>>> One of the features of constexpr is that it doesn't allow UB; and such UB must
>>> be detected at compile-time.  So running your code in a context that requires
>>> a constant expression should ensure that the code in question is free of UB.
>>> In effect, constexpr can serve as a sanitizer.  E.g. this article describes in
>>> in more detail:
>>> <https://shafik.github.io/c++/undefined%20behavior/2019/05/11/explporing_undefined_behavior_using_constexpr.html>
>>>
>>> [dcl.type.cv]p4 says "Any attempt to modify a const object during its lifetime
>>> results in undefined behavior." However, as the article above points out, we
>>> aren't detecting that case in constexpr evaluation.
>>>
>>> This patch fixes that.  It's not that easy, though, because we have to keep in
>>> mind [class.ctor]p5:
>>> "A constructor can be invoked for a const, volatile or const volatile object.
>>> const and volatile semantics are not applied on an object under construction.
>>> They come into effect when the constructor for the most derived object ends."
>>>
>>> I handled this by keeping a hash set which tracks objects under construction.
>>> I considered other options, such as going up call_stack, but that wouldn't
>>> work with trivial constructor/op=.  It was also interesting to find out that
>>> the definition of TREE_HAS_CONSTRUCTOR says "When appearing in a FIELD_DECL,
>>> it means that this field has been duly initialized in its constructor" though
>>> nowhere in the codebase do we set TREE_HAS_CONSTRUCTOR on a FIELD_DECL as far
>>> as I can see.  Unfortunately, using this bit proved useless for my needs here.
>>
>>> Also, be mindful of mutable subobjects.
>>>
>>> Does this approach look like an appropriate strategy for tracking objects'
>>> construction?
>>
>> For scalar objects, we should be able to rely on INIT_EXPR vs. MODIFY_EXPR
>> to distinguish between initialization and modification; for class objects, I
> 
> This is already true: only class object go into the hash set.
> 
>> wonder about setting a flag on the CONSTRUCTOR after initialization is
>> complete to indicate that the value is now constant.
> 
> But here we're not dealing with CONSTRUCTORs in the gcc sense (i.e. exprs with
> TREE_CODE == CONSTRUCTOR).  We have a CALL_EXPR like Y::Y ((struct Y *) &y),
> which initializes the object "y".  Setting a flag on the CALL_EXPR or its underlying
> function decl wouldn't help.
> 
> Am I missing something?

I was thinking that where in your current patch you call 
remove_object_under_construction, we could instead mark the object's 
value CONSTRUCTOR as immutable.

>   (Also, all 6 TREE_LANG_FLAGs for a CONSTRUCTOR are used.)

TREE_READONLY seems suitable.

Jason