Skip to content

CWG2748 [expr.ref] Accessing static members via invalid/null pointer #339

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
tomaszkam opened this issue Jun 13, 2023 · 5 comments · Fixed by cplusplus/draft#6906
Closed

CWG2748 [expr.ref] Accessing static members via invalid/null pointer #339

tomaszkam opened this issue Jun 13, 2023 · 5 comments · Fixed by cplusplus/draft#6906

Comments

@tomaszkam
Copy link

tomaszkam commented Jun 13, 2023
edited
Loading

Full name of submitter (unless configured in github; will be published with the issue): Tomasz Kamiński

Reference (section label): expr.ref

Link to reflector thread (if any):

Issue description:
Given the following definitions:

struct C { static int foo; };
C* c = nullptr;

The behavior of the (*c).foo is clearly undefined, as per [expr.ref] p1:

The postfix expression before the dot or arrow is evaluated.

So we evaluate *c which leads to dereference on the invalid pointer. However in case of the c->foo, the same wording indicates that we always evaluted c (expression before allow), which is well-formed. Later per [expr.ref] p2, this get transformed:

The expression E1->E2 is converted to the equivalent form (*(E1)).E2; the remainder of [expr.ref] will address only the first option (dot).

As this rewrite applies to the reminder of the section, we never indicate that we would evaluate *E1 in case of the rewrite. So the behvior of accessing static member (data or function) via invalid or null pointer.

Suggested resolution:

Move the sentence:

The postfix expression before the dot or arrow is evaluated the result of that evaluation, together with the [id-expression], determines the result of the entire postfix expression.

From the end of the p1 to p3 (after p2), so we cleary state that *E1 is evaluated for the form E1->E2 rewrite. We can also remove or arrow part.
@tomaszkam
Copy link
Author

I found the issue, when looking on detection of dangling references/pointer.

@languagelawyer
Copy link

CWG232?

@tomaszkam
Copy link
Author

tomaszkam commented Jun 13, 2023
edited
Loading

I think, this is slightly different, as this is inconsistency between treatment of E1->E2 and (*E1).E2, then the former seem to not dereference the pointer E1 when static member is accessed, just evaluate E1. While the later wording seem indicate that we want to make them equivalent.
I think if the question if *E1 is UB is orthogonal.

@languagelawyer
Copy link

Ah ok I see

@jensmaurer
Copy link
Member

CWG2748

@jensmaurer jensmaurer changed the title [expr.ref] Accessing static members via invalid/null pointer CWG2748 [expr.ref] Accessing static members via invalid/null pointer Jun 13, 2023
@jensmaurer jensmaurer mentioned this issue Apr 3, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

[Motions 2024 03 cwg 1] P3196R0 (Core Language Working Group "ready" Issues) cplusplus/draft
3 participants
@tomaszkam @jensmaurer @languagelawyer