From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 4769 invoked by alias); 5 Aug 2019 19:54:25 -0000 Mailing-List: contact gcc-patches-help@gcc.gnu.org; run by ezmlm Precedence: bulk List-Id: List-Archive: List-Post: List-Help: Sender: gcc-patches-owner@gcc.gnu.org Received: (qmail 4692 invoked by uid 89); 5 Aug 2019 19:54:24 -0000 Authentication-Results: sourceware.org; auth=none X-Spam-SWARE-Status: No, score=-6.0 required=5.0 tests=AWL,BAYES_00,RCVD_IN_DNSWL_NONE autolearn=ham version=3.3.1 spammy=useless, CONSTRUCTOR, modification X-HELO: mail-qt1-f194.google.com Received: from mail-qt1-f194.google.com (HELO mail-qt1-f194.google.com) (209.85.160.194) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Mon, 05 Aug 2019 19:54:22 +0000 Received: by mail-qt1-f194.google.com with SMTP id l9so82148886qtu.6 for ; Mon, 05 Aug 2019 12:54:22 -0700 (PDT) Return-Path: Received: from [192.168.1.116] (209-6-216-142.s141.c3-0.smr-cbr1.sbo-smr.ma.cable.rcncustomer.com. [209.6.216.142]) by smtp.gmail.com with ESMTPSA id v1sm36310070qkj.19.2019.08.05.12.54.20 (version=TLS1_3 cipher=AEAD-AES128-GCM-SHA256 bits=128/128); Mon, 05 Aug 2019 12:54:20 -0700 (PDT) Subject: Re: C++ PATCH for c++/91264 - detect modifying const objects in constexpr To: Marek Polacek , GCC Patches References: <20190731192659.GP32749@redhat.com> From: Jason Merrill Message-ID: <902366c6-754a-de65-f78e-25834263ac8a@redhat.com> Date: Mon, 05 Aug 2019 20:37:00 -0000 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.8.0 MIME-Version: 1.0 In-Reply-To: <20190731192659.GP32749@redhat.com> Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit X-IsSubscribed: yes X-SW-Source: 2019-08/txt/msg00305.txt.bz2 On 7/31/19 3:26 PM, Marek Polacek wrote: > One of the features of constexpr is that it doesn't allow UB; and such UB must > be detected at compile-time. So running your code in a context that requires > a constant expression should ensure that the code in question is free of UB. > In effect, constexpr can serve as a sanitizer. E.g. this article describes in > in more detail: > > > [dcl.type.cv]p4 says "Any attempt to modify a const object during its lifetime > results in undefined behavior." However, as the article above points out, we > aren't detecting that case in constexpr evaluation. > > This patch fixes that. It's not that easy, though, because we have to keep in > mind [class.ctor]p5: > "A constructor can be invoked for a const, volatile or const volatile object. > const and volatile semantics are not applied on an object under construction. > They come into effect when the constructor for the most derived object ends." > > I handled this by keeping a hash set which tracks objects under construction. > I considered other options, such as going up call_stack, but that wouldn't > work with trivial constructor/op=. It was also interesting to find out that > the definition of TREE_HAS_CONSTRUCTOR says "When appearing in a FIELD_DECL, > it means that this field has been duly initialized in its constructor" though > nowhere in the codebase do we set TREE_HAS_CONSTRUCTOR on a FIELD_DECL as far > as I can see. Unfortunately, using this bit proved useless for my needs here. > Also, be mindful of mutable subobjects. > > Does this approach look like an appropriate strategy for tracking objects' > construction? For scalar objects, we should be able to rely on INIT_EXPR vs. MODIFY_EXPR to distinguish between initialization and modification; for class objects, I wonder about setting a flag on the CONSTRUCTOR after initialization is complete to indicate that the value is now constant. Jason