[Bug sanitizer/109991] New: stack-use-after-scope
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=109991 Bug ID: 109991 Summary: stack-use-after-scope Product: gcc Version: 14.0 Status: UNCONFIRMED Severity: normal Priority: P3 Component: sanitizer Assignee: unassigned at gcc dot gnu.org Reporter: igkper at gmail dot com CC: dodji at gcc dot gnu.org, dvyukov at gcc dot gnu.org, jakub at gcc dot gnu.org, kcc at gcc dot gnu.org, marxin at gcc dot gnu.org Target Milestone: --- Hi, I believe the below code should result in sanitizer complaining about stack-use-after-scope, but it does not. I've noted that clang catches this but not gcc. I've annotated where I've noted it seems to depend on whether or not constexpr is used. See https://godbolt.org/z/Y3YKcfGda. using T = int; struct Wrap { T const& v; // Shouldn't extend lifetime of temporary constexpr Wrap(T const& in) : v{in} {} }; struct BadWrapUse final { T i{}; constexpr BadWrapUse() // issue not caught with constexpr // BadWrapUse() // issue caught without constexpr { Wrap w{T{}}; // temporary T's lifetime ends after this expression i = w.v; // This should lead to stack-use-after-scope. } }; int main() { BadWrapUse c; }
[Bug c++/109991] stack-use-after-scope
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=109991 --- Comment #3 from igk --- (In reply to Andrew Pinski from comment #2) > Dup of bug 98675. > > *** This bug has been marked as a duplicate of bug 98675 *** Thanks for looking into this. I haven't quite understood though. I'm trying to see if I can find what you're saying that it should be rejected in the C++ 14 standard (the version I have). The closest things I can find are the following. Are they the relevant parts? ``` For a non-template, non-defaulted constexpr function or a non-template, non-defaulted, non-inheriting constexpr constructor, if no argument values exist such that an invocation of the function or constructor could be an evaluated subexpression of a core constant expression (5.19), the program is ill-formed; no diagnostic required. ``` where (5.19) includes ``` A conditional-expression e is a core constant expression unless the evaluation of e, following the rules of the abstract machine (1.9), would evaluate one of the following expressions: ... - an operation that would have undefined behavior,.. ``` In my example, the function takes no arguments so there are no argument values "such that an invocation of the function or constructor could be an evaluated sub-expression of a core constant expression". This would make my program "ill-formed, no diagnostic required". I interpret this as saying the compiler isn't required to reject the code. Perhaps I'm on the wrong track, but I'm wondering, isn't such UB something sanitizer aims to catch? Also, (not an issue with sanitizer) to me it seems odd that GCC would do constexpr evaluation when "BadWrapUse c;" is not declared as a constexpr variable, rather than not avoiding it because it is not valid.
[Bug c++/109991] stack-use-after-scope
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=109991 --- Comment #5 from igk --- OK, becoming clearer, thanks. I'm just hoping for this to be diagnosed in some way. IIUC basically GCC doesn't diagnose the UB so it proceeds with constexpr eval just because it can, or so it thinks, and in the process makes it impossible for sanitizer to catch anything. Assuming that gets fixed some day, then GCC might as well diagnose the issue itself and hence no need for sanitizer to do anything.