CWG2853 [expr.add] p4.2 The rule cannot apply to the pointer initially pointing to a hypothetical element

[xmh0511]

Full name of submitter (unless configured in github; will be published with the issue): Jim X

[expr.add] p4.2 says:

When an expression J that has integral type is added to or subtracted from an expression P of pointer type, the result has the type of P.

• [...]
• Otherwise, if P points to an array element i of an array object x with n elements ([dcl.array]), the expressions P + J and J + P (where J has the value j) point to the (possibly-hypothetical) array element i+j of x if 0≤i+j≤n and the expression P - J points to the (possibly-hypothetical) array element i−j of x if 0≤i−j≤n.

According to the definition of the array element in [dcl.array] p6

An object of type “array of N U” consists of a contiguously allocated non-empty set of N subobjects of type U, known as the elements of the array, and numbered 0 to N-1.

That is, the hypothetical element is not, in terms of this definition, an element of the array. Consider this example:

int main(){
   int a = 0;
   int *p = (&a + 1); // p points to the hypothetical element of an array of type `int[1]`
   int *back = p -1;  // #1
}

When applying [expr.add] p4.2 to #1, as above stated, p does not point to an element as per the definition in [dcl.array] p6, so this example eventually falls into [expr.add] p4.3, and is UB?

However, the note of [expr.add] p4.2 seems to admit the rule can apply to the case when P points to a hypothetical element

68) As specified in [basic.compound], an object that is not an array element is considered to belong to a single-element array for this purpose and a pointer past the last element of an array of n elements is considered to be equivalent to a pointer to a hypothetical array element n for this purpose.

Suggested Resolution

Otherwise, if P points to an array element i (including the hypothetical element) of an array object x with n elements ([dcl.array])

[jensmaurer]

CWG2853