[Bug sanitizer/109991] New: stack-use-after-scope

2023-05-26 Thread igkper at gmail dot com via Gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=109991

Bug ID: 109991
   Summary: stack-use-after-scope
   Product: gcc
   Version: 14.0
Status: UNCONFIRMED
  Severity: normal
  Priority: P3
 Component: sanitizer
  Assignee: unassigned at gcc dot gnu.org
  Reporter: igkper at gmail dot com
CC: dodji at gcc dot gnu.org, dvyukov at gcc dot gnu.org,
jakub at gcc dot gnu.org, kcc at gcc dot gnu.org, marxin at 
gcc dot gnu.org
  Target Milestone: ---

Hi,

I believe the below code should result in sanitizer complaining about
stack-use-after-scope, but it does not. I've noted that clang catches this but
not gcc. I've annotated where I've noted it seems to depend on whether or not
constexpr is used. See  https://godbolt.org/z/Y3YKcfGda.

using T = int;

struct Wrap
{
T const& v;

// Shouldn't extend lifetime of temporary
constexpr Wrap(T const& in) : v{in} {}
};

struct BadWrapUse final
{
T i{};

constexpr BadWrapUse()  // issue not caught with constexpr
// BadWrapUse()  // issue caught without constexpr
{
Wrap w{T{}};  // temporary T's lifetime ends after this expression
i = w.v;  // This should lead to stack-use-after-scope.
}
};

int main()
{
BadWrapUse c;
}

[Bug c++/109991] stack-use-after-scope

2023-05-26 Thread igkper at gmail dot com via Gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=109991

--- Comment #3 from igk  ---
(In reply to Andrew Pinski from comment #2)
> Dup of bug 98675.
> 
> *** This bug has been marked as a duplicate of bug 98675 ***

Thanks for looking into this. I haven't quite understood though. 

I'm trying to see if I can find what you're saying that it should be rejected
in the C++ 14 standard (the version I have). The closest things I can find are
the following. Are they the relevant parts?

```
For a non-template, non-defaulted constexpr function or a non-template,
non-defaulted, non-inheriting constexpr constructor, if no argument values
exist such that an invocation of the function or constructor could be an
evaluated subexpression of a core constant expression (5.19), the program is
ill-formed; no diagnostic required.
```
where (5.19) includes
```
A conditional-expression e is a core constant expression unless the evaluation
of e, following the rules of the
abstract machine (1.9), would evaluate one of the following expressions:
...
- an operation that would have undefined behavior,..
```

In my example, the function takes no arguments so there are no argument values
"such that an invocation of the function or constructor could be an evaluated
sub-expression of a core constant expression". This would make my program
"ill-formed, no diagnostic required". I interpret this as saying the compiler
isn't required to reject the code. Perhaps I'm on the wrong track, but I'm
wondering, isn't such UB something sanitizer aims to catch?

Also, (not an issue with sanitizer) to me it seems odd that GCC would do
constexpr evaluation when "BadWrapUse c;" is not declared as a constexpr
variable, rather than not avoiding it because it is not valid.

[Bug c++/109991] stack-use-after-scope

2023-05-26 Thread igkper at gmail dot com via Gcc-bugs
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=109991

--- Comment #5 from igk  ---
OK, becoming clearer, thanks. I'm just hoping for this to be diagnosed in some
way. IIUC basically GCC doesn't diagnose the UB so it proceeds with constexpr
eval just because it can, or so it thinks, and in the process makes it
impossible for sanitizer to catch anything. Assuming that gets fixed some day,
then GCC might as well diagnose the issue itself and hence no need for
sanitizer to do anything.