On 6/27/25 5:58 PM, Jakub Jelinek wrote:
Hi!
The following testcase is miscompiled since the introduction of UBSan,
cp_build_array_ref COND_EXPR handling replaces
(cond ? a : b)[idx] with cond ? a[idx] : b[idx], but if there are
SAVE_EXPRs inside of idx, they will be evaluated just in one of the
branches and the other uses uninitialized temporaries.
Fixed by using cp_save_expr and if needed, evaluating it before the
condition; for constant indexes this shouldn't change anything, and for
larger expressions in idx I think the patch should result in smaller
generated code, no need to duplicate all the evaluation in each of the
branches.
Evaluating idx before op0 seems to violate
https://eel.is/c++draft/expr#cond-1
"The first expression is sequenced before the second or third expression
([intro.execution])."
Jason
