https://gcc.gnu.org/g:17ef5cad94d3f8f5fb1d8b749adf04c9d775ab9c
commit r15-7973-g17ef5cad94d3f8f5fb1d8b749adf04c9d775ab9c
Author: Jason Merrill <ja...@redhat.com>
Date: Mon Mar 10 14:10:52 2025 -0400
c++: constexpr caching deleted pointer [PR119162]
In this testcase, we pass the checks for mismatched new/delete because the
pointer is deleted before it is returned. And then a subsequent evaluation
uses the cached value, but the deleted heap var isn't in
ctx->global->heap_vars anymore, so cxx_eval_outermost_constant_expr doesn't
run find_heap_var_refs, and ends up with garbage.
Fixed by not caching a reference to deleted.
I considered rejecting such a reference immediately as non-constant, but I
don't think that's valid; an invalid pointer value isn't UB until we try to
do something with it or it winds up in the final result of constant
evaluation.
I also considered not caching other heap references (i.e. using
find_heap_var_refs instead of adding find_deleted_heap_var), which would
include heap pointers passed in from the caller, but those don't have the
same heap_vars problem. We might want cxx_eval_outermost_constant_expr to
prune constexpr_call entries that refer to objects created during the
evaluation, but that applies to local variables and temporaries just as much
as heap "variables".
PR c++/119162
gcc/cp/ChangeLog:
* constexpr.cc (find_deleted_heap_var): New.
(cxx_eval_call_expression): Don't cache a
reference to heap_deleted.
gcc/testsuite/ChangeLog:
* g++.dg/cpp2a/constexpr-new26.C: New test.
Diff:
---
gcc/cp/constexpr.cc | 25 +++++++++++++++++++++++--
gcc/testsuite/g++.dg/cpp2a/constexpr-new26.C | 17 +++++++++++++++++
2 files changed, 40 insertions(+), 2 deletions(-)
diff --git a/gcc/cp/constexpr.cc b/gcc/cp/constexpr.cc
index 381e5e294bdd..76a9176a8917 100644
--- a/gcc/cp/constexpr.cc
+++ b/gcc/cp/constexpr.cc
@@ -1124,8 +1124,9 @@ struct GTY((for_user)) constexpr_call {
tree bindings;
/* Result of the call.
NULL means the call is being evaluated.
- error_mark_node means that the evaluation was erroneous;
- otherwise, the actuall value of the call. */
+ error_mark_node means that the evaluation was erroneous or otherwise
+ uncacheable (e.g. because it depends on the caller).
+ Otherwise, the actual value of the call. */
tree result;
/* The hash of this call; we remember it here to avoid having to
recalculate it when expanding the hash table. */
@@ -1520,6 +1521,7 @@ static tree cxx_eval_bare_aggregate (const constexpr_ctx
*, tree,
static tree cxx_fold_indirect_ref (const constexpr_ctx *, location_t, tree,
tree,
bool * = NULL);
static tree find_heap_var_refs (tree *, int *, void *);
+static tree find_deleted_heap_var (tree *, int *, void *);
/* Attempt to evaluate T which represents a call to a builtin function.
We assume here that all builtin functions evaluate to scalar types
@@ -3414,6 +3416,11 @@ cxx_eval_call_expression (const constexpr_ctx *ctx, tree
t,
cacheable = false;
break;
}
+ /* And don't cache a ref to a deleted heap variable (119162). */
+ if (cacheable
+ && (cp_walk_tree_without_duplicates
+ (&result, find_deleted_heap_var, NULL)))
+ cacheable = false;
}
/* Rewrite all occurrences of the function's RESULT_DECL with the
@@ -8965,6 +8972,20 @@ find_heap_var_refs (tree *tp, int *walk_subtrees, void
*/*data*/)
return NULL_TREE;
}
+/* Look for deleted heap variables in the expression *TP. */
+
+static tree
+find_deleted_heap_var (tree *tp, int *walk_subtrees, void */*data*/)
+{
+ if (VAR_P (*tp)
+ && DECL_NAME (*tp) == heap_deleted_identifier)
+ return *tp;
+
+ if (TYPE_P (*tp))
+ *walk_subtrees = 0;
+ return NULL_TREE;
+}
+
/* Find immediate function decls in *TP if any. */
static tree
diff --git a/gcc/testsuite/g++.dg/cpp2a/constexpr-new26.C
b/gcc/testsuite/g++.dg/cpp2a/constexpr-new26.C
new file mode 100644
index 000000000000..c82bd43205f4
--- /dev/null
+++ b/gcc/testsuite/g++.dg/cpp2a/constexpr-new26.C
@@ -0,0 +1,17 @@
+// PR c++/119162
+// { dg-do compile { target c++20 } }
+
+constexpr int *
+f7 ()
+{
+ int *p = new int (2); // { dg-error "is not a constant expression
because it refers to a result of" }
+ delete p;
+ return p;
+}
+
+void
+g ()
+{
+ constexpr auto v7 = f7 ();
+}
+
