[PATCH v2] c++: Catch indirect change of active union member in constexpr [PR101631]

Nathaniel Shead nathanieloshead@gmail.com
Wed Sep 20 00:55:30 GMT 2023


On Tue, Sep 19, 2023 at 05:25:20PM -0400, Jason Merrill wrote:
> On 9/1/23 08:22, Nathaniel Shead wrote:
> > On Wed, Aug 30, 2023 at 04:28:18PM -0400, Jason Merrill wrote:
> > > On 8/29/23 09:35, Nathaniel Shead wrote:
> > > > This is an attempt to improve the constexpr machinery's handling of
> > > > union lifetime by catching more cases that cause UB. Is this approach
> > > > OK?
> > > > 
> > > > I'd also like some feedback on a couple of pain points with this
> > > > implementation; in particular, is there a good way to detect if a type
> > > > has a non-deleted trivial constructor? I've used 'is_trivially_xible' in
> > > > this patch, but that also checks for a trivial destructor which by my
> > > > reading of [class.union.general]p5 is possibly incorrect. Checking for a
> > > > trivial default constructor doesn't seem too hard but I couldn't find a
> > > > good way of checking if that constructor is deleted.
> > > 
> > > I guess the simplest would be
> > > 
> > > (TYPE_HAS_TRIVIAL_DFLT (t) && locate_ctor (t))
> > > 
> > > because locate_ctor returns null for a deleted default ctor.  It would be
> > > good to make this a separate predicate.
> > > 
> > > > I'm also generally unsatisfied with the additional complexity with the
> > > > third 'refs' argument in 'cxx_eval_store_expression' being pushed and
> > > > popped; would it be better to replace this with a vector of some
> > > > specific structure type for the data that needs to be passed on?
> > > 
> > > Perhaps, but what you have here is fine.  Another possibility would be to
> > > just have a vec of the refs and extract the index from the ref later as
> > > needed.
> > > 
> > > Jason
> > > 
> > 
> > Thanks for the feedback. I've kept the refs as-is for now. I've also
> > cleaned up a couple of other typos I'd had with comments and diagnostics.
> > 
> > Bootstrapped and regtested on x86_64-pc-linux-gnu.
> > 
> > @@ -6192,10 +6197,16 @@ cxx_eval_store_expression (const constexpr_ctx *ctx, tree t,
> >         type = reftype;
> > -      if (code == UNION_TYPE && CONSTRUCTOR_NELTS (*valp)
> > -	  && CONSTRUCTOR_ELT (*valp, 0)->index != index)
> > +      if (code == UNION_TYPE
> > +	  && TREE_CODE (t) == MODIFY_EXPR
> > +	  && (CONSTRUCTOR_NELTS (*valp) == 0
> > +	      || CONSTRUCTOR_ELT (*valp, 0)->index != index))
> >   	{
> > -	  if (cxx_dialect < cxx20)
> > +	  /* We changed the active member of a union. Ensure that this is
> > +	     valid.  */
> > +	  bool has_active_member = CONSTRUCTOR_NELTS (*valp) != 0;
> > +	  tree inner = strip_array_types (reftype);
> > +	  if (has_active_member && cxx_dialect < cxx20)
> >   	    {
> >   	      if (!ctx->quiet)
> >   		error_at (cp_expr_loc_or_input_loc (t),
> 
> While we're looking at this area, this error message should really mention
> that it's allowed in C++20.
> 
> > @@ -6205,8 +6216,36 @@ cxx_eval_store_expression (const constexpr_ctx *ctx, tree t,
> >   			  index);
> >   	      *non_constant_p = true;
> >   	    }
> > -	  else if (TREE_CODE (t) == MODIFY_EXPR
> > -		   && CONSTRUCTOR_NO_CLEARING (*valp))
> > +	  else if (!is_access_expr
> > +		   || (CLASS_TYPE_P (inner)
> > +		       && !type_has_non_deleted_trivial_default_ctor (inner)))
> > +	    {
> > +	      /* Diagnose changing active union member after initialisation
> > +		 without a valid member access expression, as described in
> > +		 [class.union.general] p5.  */
> > +	      if (!ctx->quiet)
> > +		{
> > +		  if (has_active_member)
> > +		    error_at (cp_expr_loc_or_input_loc (t),
> > +			      "accessing %qD member instead of initialized "
> > +			      "%qD member in constant expression",
> > +			      index, CONSTRUCTOR_ELT (*valp, 0)->index);
> > +		  else
> > +		    error_at (cp_expr_loc_or_input_loc (t),
> > +			      "accessing uninitialized member %qD",
> > +			      index);
> > +		  if (is_access_expr)
> > +		    {
> > +		      inform (DECL_SOURCE_LOCATION (index),
> > +			      "%qD does not implicitly begin its lifetime "
> > +			      "because %qT does not have a non-deleted "
> > +			      "trivial default constructor",
> > +			      index, inner);
> > +		    }
> 
> The !is_access_expr case could also use an explanatory message.

Thanks for the review, I've updated these messages and will send through
an updated patch once bootstrap/regtest is complete.

> Also, I notice that this testcase crashes with the patch:
> 
> union U { int i; float f; };
> constexpr auto g (U u) { return (u.i = 42); }
> static_assert (g({.f = 3.14}) == 42);

This appears to segfault even without the patch since GCC 13.1.
https://godbolt.org/z/45sPh8WaK

I haven't done a bisect yet to work out what commit exactly caused this.
Should I aim to fix this first before coming back with this patch?

Thanks,
Nathaniel



More information about the Gcc-patches mailing list