Bug 70331 - missing error dereferencing a dangling pointer (out of scope) in constexpr function
Summary: missing error dereferencing a dangling pointer (out of scope) in constexpr fu...
Status: NEW
Alias: None
Product: gcc
Classification: Unclassified
Component: c++ (show other bugs)
Version: 6.0
: P3 normal
Target Milestone: ---
Assignee: Not yet assigned to anyone
Keywords: accepts-invalid
: 93389 102603 (view as bug list)
Depends on:
Blocks: constexpr
  Show dependency treegraph
Reported: 2016-03-20 23:51 UTC by Martin Sebor
Modified: 2023-07-26 01:45 UTC (History)
5 users (show)

See Also:
Known to work:
Known to fail: 4.9.3, 5.1.0, 6.0
Last reconfirmed: 2021-07-27 00:00:00


Note You need to log in before you can comment on or make changes to this bug.
Description Martin Sebor 2016-03-20 23:51:21 UTC
The constexpr function f in the test case below has well-defined behavior only when its argument is non-zero.  When its argument is zero, the function returns a value obtained by dereferencing a dangling pointer.  Since an expression with undefined behavior is not a valid core constant expression it cannot be used to initialize a constexpr variable and the whole program below should be rejected with an error.  However, GCC accepts it without a diagnostic.

$ cat x.c && /build/gcc-trunk/gcc/xgcc -B /build/gcc-trunk/gcc -S -Wall -Wextra -Wpedantic -o/dev/stdout -xc++ x.c
constexpr int f (int i)
    int *p = &i;
    if (i == 0) {
        int j = 123;
        p = &j;

    return *p;

constexpr int i = f (0);
const int j = i;

For comparison, Clang produces the following output:

x.c:12:15: error: constexpr variable 'i' must be
      initialized by a constant expression
constexpr int i = f (0);
              ^   ~~~~~
x.c:9:12: note: read of object outside its
      lifetime is not allowed in a constant expression
    return *p;
x.c:12:19: note: in call to 'f(0)'
constexpr int i = f (0);
1 error generated.
Comment 1 Andrew Pinski 2021-07-27 10:05:58 UTC
Comment 2 Andrew Pinski 2021-10-05 14:15:01 UTC
*** Bug 93389 has been marked as a duplicate of this bug. ***
Comment 3 Andrew Pinski 2021-10-05 14:15:11 UTC
*** Bug 102603 has been marked as a duplicate of this bug. ***
Comment 4 GCC Commits 2023-07-26 01:45:43 UTC
The trunk branch has been updated by Jason Merrill <jason@gcc.gnu.org>:


commit r14-2773-g9fdbd7d6fa5e0a76898dd66658934e3184111680
Author: Nathaniel Shead <nathanieloshead@gmail.com>
Date:   Sun Jul 23 01:15:14 2023 +1000

    c++: Track lifetimes in constant evaluation [PR70331,PR96630,PR98675]
    This adds rudimentary lifetime tracking in C++ constexpr contexts,
    allowing the compiler to report errors with using values after their
    backing has gone out of scope. We don't yet handle other ways of
    accessing values outside their lifetime (e.g. following explicit
    destructor calls).
            PR c++/96630
            PR c++/98675
            PR c++/70331
            * constexpr.cc (constexpr_global_ctx::is_outside_lifetime): New
            (constexpr_global_ctx::get_value): Don't return expired values.
            (constexpr_global_ctx::get_value_ptr): Likewise.
            (constexpr_global_ctx::remove_value): Mark value outside
            (outside_lifetime_error): New function.
            (cxx_eval_call_expression): No longer track save_exprs.
            (cxx_eval_loop_expr): Likewise.
            (cxx_eval_constant_expression): Add checks for outside lifetime
            values. Remove local variables at end of bind exprs, and
            temporaries after cleanup points.
            * g++.dg/cpp1y/constexpr-lifetime1.C: New test.
            * g++.dg/cpp1y/constexpr-lifetime2.C: New test.
            * g++.dg/cpp1y/constexpr-lifetime3.C: New test.
            * g++.dg/cpp1y/constexpr-lifetime4.C: New test.
            * g++.dg/cpp1y/constexpr-lifetime5.C: New test.
            * g++.dg/cpp1y/constexpr-lifetime6.C: New test.
    Signed-off-by: Nathaniel Shead <nathanieloshead@gmail.com>